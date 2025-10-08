news
Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Fedora (chromium), Red Hat (kernel, open-vm-tools, and postgresql), SUSE (chromedriver and chromium), and Ubuntu (haproxy and pam-u2f).
-
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #41 – S2E18 The Remediation Revolution: How Hey Hi (AI) Agents Are Transforming Open Source Security with John Amaral of Root.io
-
Security Week ☛ Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released.
-
Security Week ☛ Security Firm Exposes Role of Beijing Research Institute in China’s Cyber Operations
BIETA and its subsidiary CIII research develop and sell technologies supporting China’s intelligence, counterintelligence, and military operations.
-
Security Week ☛ Hackers Stole Data From Public Safety Comms Firm BK Technologies
BK Technologies has informed the SEC that it discovered an IT intrusion on September 20.
-
Security Week ☛ Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation
Authenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code.
-
SANS ☛ Exploit Against FreePBX (CVE-2025-57819) with code execution., (Tue, Oct 7th)
FreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of vulnerabilities in the past. Most recently, a SQL injection vulnerability was found that allows attackers to modify the database.
-
Windows TCO / Windows Bot Nets
-
Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175 [Ed: Windows TCO and ridiculous blame-passing (from the ones who made the holes)]
Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent.
-