news
Security Leftovers
-
LWN ☛ Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libsndfile), Debian (bind9, evince, firefox-esr, openjpeg2, pdns, and rsync), Fedora (erlang-cowlib, evince, expat, firefox, kernel, mingw-expat, mysql8.0, mysql8.4, nss, opencryptoki, pgadmin4, proftpd, python-django5, python-django6, python-dotenv, rsync, rust-nu, rustup, and strongswan), Oracle (nginx, nginx:1.24, ruby, ruby:3.3, and squid), Slackware (bind and rsync), SUSE (buildah, distribution, distribution-registry, docker, firefox-esr, helm, libpainter0, libsdb2_4_2, postgresql-jdbc, runc, and vim), and Ubuntu (gnutls28, gst-plugins-good1.0, jq, linux-nvidia, linux-nvidia-lowlatency, openvpn, rsync, and unbound).
-
OpenSSF (Linux Foundation) ☛ Introducing the First Cohort of the OpenSSF Ambassador Program
-
OpenSSF (Linux Foundation) ☛ OpenSSF Notes Quarter of Growth with New Members, Added Hey Hi (AI) Security Resources, and Growing Community
-
Security Week ☛ Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution.
-
Scoop News Group ☛ CISA chief frets about open-source vulnerabilities, delayed security improvements
Acting director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration.
-
Mariusz Zaborski ☛ A Private pkg Repo Behind Mutual TLS
I am a big fan of mutual TLS ("mTLS" if you prefer the shorter spelling, "client certificates" if you are describing the half a user actually touches).
Strangely, I rarely see it used in the wild.
That probably says something worrying about how I choose to spend free time, but they are a neat fit for small private infrastructure.
Most people reach for HTTP Basic, an API token, or a VPN, and call it a day. A private pkg repository is one of those quiet little places where mutual TLS fits perfectly: a well established mechanisms, no humans typing passwords, and a server that should only answer questions from boxes I actually have access to.
-
Security Week ☛ Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST Hey Hi (AI) provide remote attackers with Site Admin privileges.
-
Scoop News Group ☛ Lawmakers from both parties say CISA cuts have gone too far
Reps. Don Bacon, R-Neb., and James Walkinshaw, D-Va., found rare bipartisan agreement that the agency tasked with defending civilian networks has been diminished at a moment when threats from China and others are growing.
-
LWN ☛ Vulnerabilities in various GTK-based PDF readers
Michael Catanzaro has disclosed a
command-injection vulnerability affecting a number of GTK-based PDF
readers; exploits included: [...]
-
Security Week ☛ Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking.
-
Security Affairs ☛ PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately.
-
Hacker News ☛ Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022.
-
How AZT PROTECT™ Defeats Copy Fail, Dirty Frag, and 5 other Critical Linux Kernel Exploits
The industry is being rocked by a series of vulnerabilities that allow abuse of trusted Linux kernel or root-service data-handling paths, especially caching, copying, parsing, fragmentation, and helper-broker logic, to turn unprivileged input into privileged state changes without requiring a traditional malicious executable launch. The common theme is boundary confusion: attacker-controlled data crosses into trusted kernel or root-owned execution paths, where flaws in caching, parsing, copying, or helper authorization convert it into root-level control. AZT was designed to stop all such attacks, blocking these exploits without requiring updates, threat intelligence, or operator effort.
-
InfoSecurity Magazine ☛ Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
A nine-year-old logic flaw in the Linux kernel's process trace (ptrace) path has been discovered that could let unprivileged local users read sensitive files, including secure shell host (SSH) private keys and the system password hash, on default installations of Debian, Fedora and Ubuntu.
According to new analysis from the Qualys Threat Research Unit (TRU), the vulnerability, tracked as CVE-2026-46333, has been present in mainline Linux since November 2016. Upstream patches and distribution updates are available, and working exploits are circulating publicly.
-
Dark Reading ☛ Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
For years now, Chinese state-aligned hackers have been spying on telecommunications companies in Central Asia and beyond, using a newly discovered Linux post-exploitation framework.
-
Hacker News ☛ 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions like Debian, Fedora, and Ubuntu. It's also codenamed ssh-keysign-pwn.
-
Bleeping Computer ☛ Chinese hackers target telcos with new Linux, Windows malware
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively.
-
Hacker News ☛ ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust.