news
Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (freerdp, kernel, python3, and python3.12-wheel), Debian (alsa-lib, chromium, openjdk-25, phpunit, tomcat10, tomcat11, and tomcat9), Fedora (openqa, pgadmin4, phpunit10, phpunit11, phpunit12, phpunit8, phpunit9, and yarnpkg), Mageia (python-django), SUSE (alloy, cups, dpdk, expat, glib2, java-1_8_0-ibm, java-1_8_0-openj9, java-25-openjdk, kernel, libpainter0, libsoup, libxml2, openssl-3, python-filelock, python-wheel, python312-Django6, thunderbird, traefik2, udisks2, wireshark, and xen), and Ubuntu (glib2.0, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, python3.14, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and tracker-miners).
-
Security Week ☛ Flickr Security Incident Tied to Third-Party Email System
Potential breach at Flickr exposes usernames, email addresses, IP addresses, and activity data.
-
Security Week ☛ ‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks
Used since at least 2019, DKnife has been targeting the desktop, mobile, and IoT devices of Chinese users.
-
Security Week ☛ Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks.
-
Security Week ☛ Critical SmarterMail Vulnerability Exploited in Ransomware Attacks
The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 312 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
312. This version includes the following changes: [...] -
Reproducible Builds: Reproducible Builds in January 2026
Welcome to the first monthly report in 2026 from the Reproducible Builds project!