Security Leftovers

posted by Roy Schestowitz on Apr 24, 2026

• LWN ☛ Security updates for Thursday

  Security updates have been issued by AlmaLinux (kernel and osbuild-composer), Debian (cpp-httplib, firefox-esr, gimp, and packagekit), Fedora (chromium, composer, libcap, pgadmin4, pie, python3-docs, python3.14, and sudo), Mageia (gvfs), Oracle (.NET 8.0, delve, freerdp, giflib, ImageMagick, kernel, OpenEXR, and osbuild-composer), SUSE (erlang, giflib, google-guest-agent, GraphicsMagick, ignition, imagemagick, kea, kernel, kissfft, libraw, libssh, ocaml-patch, opam, openCryptoki, openexr, openssl-1_1, tomcat, tomcat10, tomcat11, and tor), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux-aws, linux-aws-6.17, linux-hwe-6.17, linux-oracle, linux-oracle-6.17, linux-azure, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-oracle-5.15, linux-azure-5.4, linux-azure-fips, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-hwe-6.8, linux-ibm-6.8, linux-raspi, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-5.4, linux-raspi-realtime, packagekit, python-tornado, ruby rack-session, slurm-llnl, and strongswan).

• Scoop News Group ☛ US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied

  Investigators found the malware, dubbed Firestarter, on a federal agency's network in a campaign dating back to at least September 2025.

  >

• Tom's Hardware ☛ UK spy agency releases malware-blocking gadget for HDMI and DisplayPort cables — SilentGlass blocks malicious traffic traveling between display and computer

  The NCSC, a part of the British GCHQ, has deployed this protective gadget throughout various government estates and is now making it publicly available through Goldilock Labs.

• Scoop News Group ☛ Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities

  Researchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure.

• Scoop News Group ☛ Dragos: Despite Hey Hi (AI) use, new malware targeting water plants is ‘hype’

  ZionSiphon was designed to find and sabotage Israelis’ water supply. An OT expert said it appears to be ineffective and the work of amateurs using AI.

• SANS ☛ Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)

  Apple yesterday released iOS/iPadOS 26.4.2 and iOS/iPadOS 18.7.8. This update fixes a single Notification Services vulnerability, CVE-2026-28950:

• Security Week ☛ Apple Patches iOS Flaw Allowing Recovery of Deleted Chats

  Apple rolled out the security patches for dozens of iPhone and iPad models and generations.

• Security Week ☛ Recent Abusive Monopolist Microsoft Defender Vulnerability Exploited as Zero-Day

  The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges.

• Security Week ☛ Luxury Cosmetics Giant Rituals Discloses Data Breach

  The company is notifying My Rituals members that hackers downloaded part of their data, including names and addresses.