LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (.NET 8.0, avahi, buildah, compat-openssl10, compat-openssl11, expat, firefox, gimp, git, grafana, libsoup, libxslt, mod_auth_openidc, nginx, nodejs:22, osbuild-composer, php, redis, redis:7, skopeo, thunderbird, vim, webkit2gtk3, xterm, and yelp), Arch Linux (dropbear, freetype2, go, nodejs, nodejs-lts-iron, nodejs-lts-jod, python-django, webkit2gtk, webkit2gtk-4.1, webkitgtk-6.0, and wpewebkit), Debian (mongo-c-driver), Fedora (openssh, perl-Mojolicious, thunderbird, yelp, and yelp-xsl), Red Hat (firefox, java-1.8.0-openjdk, java-11-openjdk with Extended Lifecycle Support, java-21-ibm-semeru-certified-jdk, java-21-openjdk, kernel, libxslt, ruby, ruby:3.1, ruby:3.3, unbound, and webkit2gtk3), SUSE (glib2, grub2, kernel, libwebp, openssh, and s390-tools), and Ubuntu (linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime, linux-azure, linux-azure-5.15, linux-nvidia-tegra, linux-azure, linux-azure-6.8, linux-oem-6.8, linux-azure, linux-kvm, linux-azure-fips, linux-azure-nvidia, linux-gcp, linux-gcp-6.8, linux-gkeop, linux-gke, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, mariadb-10.6, and postgresql-12, postgresql-14, postgresql-16).
OpenSSF (Linux Foundation) ☛ Call for Proposals Now Open for Open Source SecurityCon 2025
We’re thrilled to announce that the Call for Proposals is now open for Open Source SecurityCon, a brand new event hosted by OpenSSF and CNCF, taking place on November 10, 2025, in Atlanta, Georgia.
Security Week ☛ Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.
Security Week ☛ GitLab, Atlassian Patch High-Severity Vulnerabilities
GitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.
SANS ☛ New Variant of Crypto Confidence Scam, (Wed, May 21st)
In February, we had a few diaries about crypto wallet scams. We saw these scams use YouTube comments, but they happened via other platforms and messaging systems, not just YouTube. The scam was a bit convoluted: The scammer posted the secret key to their crypto wallet. Usually, this would put their crypto wallet at risk of being emptied. But the wallet they used came with a twist: A second key was required. The scammer counted on the victim paying the transaction fee, which the scammer would receive, before attempting to withdraw the funds.
Security Week ☛ Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities
Wiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution.
Security Week ☛ Cellcom Service Disruption Caused by Cyberattack
Wireless carrier Cellcom has confirmed that a week-long widespread service outage is the result of a cyberattack.
Security Week ☛ Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway
More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.
Security Week ☛ Google DeepMind Unveils Defense Against Indirect Prompt Injection Attacks
Google DeepMind has developed an ongoing process to counter the continuously evolving threatIndirect prompt injection (IPI) attacks.
Google flags malicious use of Linux .desktop files
Windows TCO / Windows Bot Nets
Security Week ☛ US Student to Plead Guilty Over PowerSchool Hack
Matthew Lane allegedly hacked PowerSchool using stolen credentials and admitted to extorting a telecoms provider.
