news
Security and Fear, Uncertainty, Doubt (FUD) Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Fedora (chromium and kappanhang), Red Hat (osbuild-composer and thunderbird), SUSE (chromedriver), and Ubuntu (c-ares, corosync, mysql-8.0, mysql-8.4, openjdk-17, openjdk-21, openjdk-24, openjdk-8, and openjdk-lts).
-
Bleeping Computer ☛ Linux wiper malware hidden in malicious Go modules on GitHub [Ed: So it is the fault of Microsoft for transmitting malware, nothing to do with Golang or Linux]
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.
-
Security Week ☛ Android Update Patches FreeType Vulnerability Exploited as Zero-Day
Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
-
Atlantic Council ☛ Counting the costs: A cybersecurity metrics framework for policy
Improved cybersecurity metrics can unlock more efficient policy and give policymakers a better sense of how they are faring at improving security.
-
Security Week ☛ Samsung MagicINFO Vulnerability Exploited Days After PoC Publication
Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published.
-
Security Week ☛ Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise
Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.
-
Federal News Network ☛ The government is giving up on an important part of the cybersecurity workforce
"An individual on the spectrum that gets one of these jobs meets all of the same criteria that anybody else who applies for the job has to meet," said Jim Cook.
-
Federal News Network ☛ Lawmakers question Noem over cuts to CISA, FEMA, TSA
Homeland Security Secretary Kristi Noem was pressed for details on why the Convicted Felon administration wants to make deep cuts at several DHS components.
-
Linux Foundation
-
OpenSSF (Linux Foundation) ☛ OpenSSF Tech Talk Recap: Using the OSPS Baseline to Navigate Standards and Regulations
On April 24, the Open Source Security Foundation (OpenSSF) hosted a Tech Talk to help open source maintainers, contributors, and organizations better navigate the growing landscape of security standards and regulations.
-
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #29 – S2E06 Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter [Ed: Community Manager is typically somewhat of a fraud and PR facade]
-