Security Leftovers

posted by Roy Schestowitz on Mar 04, 2026

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by AlmaLinux (containernetworking-plugins, gnutls, kernel, libpng, and skopeo), Debian (firefox-esr, php8.2, and spip), Fedora (erlang and python-pillow), Red Hat (go-toolset:rhel8, golang, and yggdrasil), SUSE (cups, fluidsynth, gvfs, haproxy, libsoup, libsoup-3_0-0, mozilla-nss, python-azure-core, and shim), and Ubuntu (git and mailman).

• Security Week ☛ Android Update Patches Exploited Qualcomm Zero-Day

  An integer overflow or wraparound in the Qualcomm graphics component, the bug leads to memory corruption.

• Security Week ☛ New ‘AirSnitch’ Attack Shows Wi-Fi Client Isolation Could Be a False Sense of Security

  Researchers have uncovered a Wi-Fi vulnerability that allows nearby attackers to intercept sensitive data and execute machine-in-the-middle attacks against connected devices.

• Security Week ☛ Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability

  The researcher says he has identified thousands of internet-exposed IQ4 building management controllers.

• Scoop News Group ☛ Possible U.S.-developed exploits linked to first known ‘mass’ iOS attack

  Researchers traced the kit moving from a spyware vendor’s customer to Russian hackers to Chinese cybercriminals.

• WhichUK ☛ Scareware scams: dodgy pop-ups containing malware

  Alarming messages on your device claim that it's infected with a virus

• Security Week ☛ Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters

  Two proprietary trap AWS data centers in the United Arab Emirates were “directly struck” and another facility in Bahrain was also damaged after a drone landed nearby.

• SANS ☛ Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)

  CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape the VFS sandbox and achieve RCE), CVE-2025-31161 (the auth-bypass that handed over the crushadmin account on a silver platter), and the July 2025 zero-day CVE-2025-54309 that was actively exploited in the wild.

• Security Week ☛ Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low

  The cybersecurity industry is monitoring the landscape and says many of the big claims made by hacktivist groups remain unverified.

• Hacker News ☛ Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

  Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems.

• Windows TCO / Windows Bot Nets

  • Security Week ☛ Vulnerability in MS-Agent Hey Hi (AI) Framework Can Allow Full System Compromise

    Improper input sanitization in the framework can be exploited through the Shell tool, allowing attackers to modify system files and steal data.