news
Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (lemonldap-ng, libbssolv-perl, and phpmyadmin), Fedora (augeas, mariadb10.11, and thunderbird), Oracle (gimp, libxslt, python3.11, python3.12, tomcat, and xorg-x11-server), Red Hat (expat, grafana, opentelemetry-collector, and webkit2gtk3), SUSE (azure-cli-core, doomsday, kernel, and poppler), and Ubuntu (dotnet8, dotnet9, erlang, and poppler).
-
Security Week ☛ ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
Industrial giants Siemens, Rockwell, Schneider and ABB have released their March 2025 Patch Tuesday ICS security advisories.
-
Security Week ☛ Google Targets SOC Overload With Automated Hey Hi (AI) Alert and Malware Analysis Tools
Google plans to unleash automated Hey Hi (AI) agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators.
-
Federal News Network ☛ Wyden to block CISA nominee over telecom security ‘cover up’
Sen. Ron Wyden (D-Ore.) says CISA is withholding a crucial report on cyber gaps in U.S. communications networks, even after last year's "Salt Typhoon" hacks.
-
Security Week ☛ Treasury’s OCC Says Hackers Had Access to 150,000 Emails
The Office of the Comptroller of the Currency (OCC) has disclosed an email security incident in which 100 accounts were compromised for over a year.
-
Security Week ☛ CISA Urges Urgent Patching for Exploited CentreStack, backdoored Windows Zero-Days
CISA has added fresh CentreStack and backdoored Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog.
-
Security Week ☛ Oracle Faces Mounting Criticism as It Notifies Customers of Hack
Oracle is sending out written notifications to customers over the recent hack after it initially appeared to completely deny a data breach.
-
Security Week ☛ Fortinet Patches Critical FortiSwitch Vulnerability
Fortinet fixes a critical-severity bug in FortiSwitch that could allow an attacker to modify administrative passwords.
-
Security Week ☛ Vulnerabilities Patched by Ivanti, VMware, Zoom
Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday.
-
Silicon Angle ☛ CodeSecure and FOSSA partner to enhance visibility into open source and binary code
Application security testing company CodeSecure Inc. today announced a new strategic partnership with open-source compliance and security platform provider FOSSA Inc. and introduced a product integration that allows organizations to eliminate security blind spots associated with third-party and open-source code.
-
Freexian Collaborators: Debian Contributions: Preparations for Trixie, Updated debvm, DebConf 25 registration website updates and more! (by Anupa Ann Joseph)
Debian Contributions: 2025-03
Contributing to Debian is part of Freexian’s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services.
-
LWN ☛ Hardening the Firefox frontend
Tom Schuster, Frederik Braun, and Christoph Kerschbaumer have published an article on the Firefox Security team's Attack & Defense blog that explains recent work to harden Firefox's frontend code.
-
Trail of Bits ☛ Introducing a new section on snapshot fuzzing for kernel-level testing in the Testing Handbook
Snapshot Fuzzing enables security engineers to effectively test software that is traditionally difficult to analyze, such as kernel-level software (though the technique is not limited to such software). Whether you’re auditing drivers or other kernel-mode components, including antivirus software, snapshot fuzzing provides a robust way to discover critical vulnerabilities. Consult our new Testing Handbook section for a walkthrough on how to conduct snapshot fuzzing on your system.