news
Security Leftovers
-
LWN ☛ Security updates for Thursday
Security updates have been issued by AlmaLinux (gnutls, kernel, kernel-rt, and open-vm-tools), Debian (chromium, python-django, and redis), Fedora (chromium, insight, mirrorlist-server, oci-seccomp-bpf-hook, rust-maxminddb, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, rust-protobuf-support, turbo-attack, and yarnpkg), Oracle (iputils, kernel, open-vm-tools, redis, and valkey), Red Hat (perl-File-Find-Rule and perl-File-Find-Rule-Perl), SUSE (expat, ImageMagick, matrix-synapse, python-xmltodict, redis, redis7, and valkey), and Ubuntu (fort-validator and imagemagick).
-
OpenSSF (Linux Foundation) ☛ KubeCon + CloudNativeCon North America 2025 Co-Located Event Deep Dive: Open Source SecurityCon
Open Source SecurityCon has always been about bringing people together to strengthen trust in open source. From its beginnings within TAG Security to its growth as a standalone conference, and now returning to KubeCon + CloudNativeCon alongside the Open Source Security Foundation (OpenSSF), the event has become a gathering place for anyone passionate about securing our shared ecosystem. As a co-located event, it will bring together software developers, security engineers, public sector leaders, CISOs, CIOs, and technology innovators. Through interactive discussions, expert-led sessions, and hands-on activities, participants will dive into emerging security challenges, explore the latest industry innovations, and share best practices that are shaping the future of secure software development.
-
OpenSSF (Linux Foundation) ☛ Building Security in Open Source for Financial Services: OpenSSF at Open Source in Finance Forum (OSFF)
Financial services run on open source. With regulations growing and supply chains under pressure, institutions need clear frameworks and reliable data to keep systems secure. At the Open Source in Finance Forum (OSFF) the OpenSSF community is sponsoring and sharing sessions on the OSPS Baseline, vulnerability data, and Hey Hi (AI) security. These talks demonstrate how our community is making open source more secure and useful to financial services.
-
Scoop News Group ☛ Dozens of Oracle customers impacted by Clop data theft for extortion campaign
Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.
-
GamingOnLinux ☛ NVIDIA reveal new driver security issues for October 2025
NVIDIA just revealed more GPU driver security issues and so you should make sure you’re up to date.
-
SANS ☛ Polymorphic Python Malware, (Wed, Oct 8th)
Today, I spoted on VirusTotal an interesting Python RAT.
-
The Straits Times ☛ China blacklists researchers that exposed Huawei chip secrets
A raft of companies will be barred from doing business with organisations or individuals in China.
-
NVISO Labs ☛ Vulnerability Management – Requirements, Scoping & Target Setting
With the next blog posts, we dive deeper into vulnerability management. It is challenging to encapsulate the complexity of vulnerability management in a just a few paragraphs. To fully cover it, one could easily write a complete guide or even a book.
-
Scoop News Group ☛ SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal
The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.
-
Security Week ☛ All SonicWall Cloud Backup Users Had Firewall Configurations Stolen
In early September, hackers stole the firewall configuration backup files stored using the MySonicWall service.
-
Security Week ☛ Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day
The company said there is no evidence that confidential client data was stolen from its systems.