Security Leftovers

posted by Roy Schestowitz on Nov 02, 2025

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by Debian (gimp, python-authlib, and xorg-server), Fedora (chromium and git-lfs), Mageia (poppler and tomcat), Red Hat (kernel, kernel-rt, redis, and redis:6), SUSE (fetchmail, grafana, ImageMagick, kernel-devel, libluajit-5_1-2, proxy-helm, python-Authlib, and xen), and Ubuntu (linux-intel-iotg, linux-intel-iotg-5.15 and squid, squid3).

• LWN ☛ Security updates for Friday

  Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-17-openjdk, libtiff, redis, and redis:6), Debian (chromium, mediawiki, pypy3, and squid), Fedora (openbao), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, chromium, chrony, expat, haproxy, himmelblau, ImageMagick, iputils, kernel, libssh, libxslt, openssl-3, podman, strongswan, xorg-x11-server, and xwayland), and Ubuntu (kernel, libxml2, libyaml-syck-perl, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,

  linux-oracle, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, and netty).

• Krebs On Security ☛ Aisuru Botnet Shifts from DDoS to Residential Proxies

  Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.

• TechnologyAdvice ☛ OpenAI Atlas Browser Security Flaw Lets Hackers Attack

  LayerX security experts found critical flaws that enable attackers to inject persistent malicious code directly into ChatGPT's memory system.

• Pen Test Partners ☛ Security awareness: four pillars for staying safe online

  When it comes to being security aware, there are seemingly endless things you need to consider. Here are four key areas as a user you can focus on to keep yourself secure:  Pillar 1: Social control media 

  Think before you post on social control media...

• Scoop News Group ☛ Government and industry must work together to secure America’s cyber future

  At this very moment, nation-state actors and opportunistic criminals are looking for any way to target Americans and undermine our national security.  Their battlefield of choice is cyberspace.

• Security Week ☛ CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog

  Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation.

• Security Week ☛ Chinese APT Exploits Unpatched backdoored Windows Flaw in Recent Attacks

  The backdoored Windows shortcut vulnerability has been seen in attacks conducted by Mustang Panda to drop the PlugX malware.

• Security Week ☛ Open VSX Downplays Impact From GlassWorm Campaign

  Open VSX fully contained the GlassWorm attacks and says it was not a self-replicating worm in the traditional sense.

• Federal News Network ☛ Dihydroxyacetone Man admin begins developing new cybersecurity strategy

  Sean Cairncross, the national cyber director, said he's looking to improve U.S. cyber strategy efforts by working with the private sector.

• Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 307 released

  The diffoscope maintainers are pleased to announce the release of diffoscope version 307. This version includes the following changes: [...]

• Hackaday ☛ This Week In Security: Vibecoding, Router Banning, And Remote Dynamic Dependencies

  Vibecoding. What could possible go wrong? That’s what [Kevin Joensen] of Baldur wondered, and to find out he asked Anthropic’s Sonnet 4.5 to build a secure login with Two Factor Authentication (2FA). And to the LLM’s credit, it builds the app as requested. [Kevin] took a peek under the hood to see how well the security was handled, and it wasn’t great.

• Jon Chiappetta: Finally Able to Insert a Proper Layer of Bi-Directional Multi-Threaded Set of Core Operations to the Highly-Modified OpenVPN Source Code!

  When it comes to tunnelling and proxying data, there are in general two independent pipeline directions, read-link->send-tunn && read-tunn->send-link. I separated out some shared limiting variables in the bulk-mode source code which were the c2.buf && m->pending variables so that the data processing can operate independently for RL->ST and RT->SL. I also added a separate additional session state cipher key in the new dual-mode so that the PRIMARY key can handle client->server encryption/decryption independently and the new THREAD key can now be used for server->client traffic communication.