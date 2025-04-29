news
Security Leftovers
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (thunderbird), Debian (distro-info-data, imagemagick, kernel, libsoup2.4, and poppler), Fedora (chromium, java-1.8.0-openjdk, java-1.8.0-openjdk-portable, java-17-openjdk, java-17-openjdk-portable, java-latest-openjdk, pgadmin4, thunderbird, and xz), Mageia (haproxy and libxml2), Oracle (bluez, firefox, gnutls, libtasn1, libxslt, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), Red Hat (delve and golang, glibc, mod_auth_openidc, mod_auth_openidc:2.3, and thunderbird), SUSE (augeas, chromedriver, cifs-utils, govulncheck-vulndb, java-11-openjdk, java-21-openjdk, kyverno, libraw, opentofu, runc, subfinder, and valkey), and Ubuntu (jupyter-notebook and libxml2).
Citizen Lab ☛ Weaponized Words: Uyghur Language Software Hijacked to Deliver Malware
Our investigation of a spearphishing campaign that targeted senior members of the World Uyghur Congress in March 2025 reveals a highly-customized attack delivery method. The ruse used by attackers replicates a pattern in which threat actors weaponize software and websites aimed at preserving and supporting marginalized and repressed cultures to target those same communities.
Scoop News Group ☛ Cybersecurity vendors are themselves under attack by hackers, SentinelOne says
“It’s practically taboo” for cyber firms to talk about being targeted, but SentinelLabs said in a new report that it has observed multiple threats.
Scoop News Group ☛ Cybersecurity experts issue response to Convicted Felon order targeting Chris Krebs, SentinelOne
The letter, released through the Electronic Frontier Foundation, calls Convicted Felon’s executive order “retaliatory.”
Security Week ☛ African Telecom Giant MTN Group Discloses Data Breach
MTN Group says the personal information of certain customers was compromised in a cybersecurity incident.
Security Week ☛ Critical Vulnerabilities Found in Planet Technology Industrial Networking Products
Planet Technology industrial switches and network management products are affected by several critical vulnerabilities.
Security Week ☛ 4 Million Affected by VeriSource Data Breach
VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack.
Security Week ☛ Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites
Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.
Scoop News Group ☛ House passes bill to study routers’ national security risks
Lawmakers say the ROUTERS Act is critical to understanding vulnerabilities in devices exploited by Chinese hackers and other adversaries.
OpenSSF (Linux Foundation) ☛ Announcing the Release of “The Memory Safety Continuum” [Ed: Hype]
The OpenSSF's Memory Safety SIG has just released "The Memory Safety Continuum". It was written with software developers, organizations, and security professionals in mind and it provides practical insights and strategies for enhancing software security wherever you are on the memory safety spectrum today.
PCLinuxOS
PCLOS Official ☛ PCLinuxOS Recent Updates
