Security Leftovers
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (container-tools:rhel8, firefox, go-rpm-macros, kernel, kernel-rt, mingw-fontconfig, nginx:1.24, thunderbird, and valkey), Debian (gimp), Fedora (apt, avr-binutils, keylime, keylime-agent-rust, perl-Crypt-URandom, python-apt, and rsync), Red Hat (go-rpm-macros and yggdrasil-worker-package-manager), Slackware (python3), SUSE (busybox, cosign, cups, docker, evolution-data-server, freerdp, glibc, gnome-remote-desktop, go1.24-openssl, go1.25-openssl, govulncheck-vulndb, libpng16, libsoup, libssh, libxml2, patch, postgresql14, postgresql15, postgresql16, postgresql17, postgresql18, python, python311, rust-keylime, smc-tools, tracker-miners, and zlib), and Ubuntu (curl, imagemagick, intel-microcode, linux, linux-aws, linux-kvm, linux-aws, linux-aws-5.15, linux-gcp-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle-5.15, linux-aws-fips, and linux-raspi, linux-raspi-5.4).
SANS ☛ Want More XWorm, (Wed, Mar 4th)
Security Week ☛ Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks
Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns.
Scoop News Group ☛ Attackers are using your network against you, according to Clownflare [Ed: Clownflare itself is a threat to both sites and visitors]
Blind spots in complex cloud environments allow identity-based attacks to achieve the same outcome as complex malware or zero-day exploits. Sophistication need not apply.
Security Week ☛ How Pirated Software Turns Helpful Employees Into Malware Delivery Agents
Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware.
Ruby ☛ CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader
A buffer overflow vulnerability exists in
Zlib::GzipReader. This vulnerability has been assigned the CVE identifier CVE-2026-27820. We recommend upgrading the zlib gem.