Security Leftovers

posted by Roy Schestowitz on Mar 12, 2026

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by AlmaLinux (kernel, kernel-rt, libvpx, nfs-utils, nginx:1.26, osbuild-composer, postgresql, postgresql:12, postgresql:13, postgresql:15, postgresql:16, and python-pyasn1), Debian (imagemagick), Fedora (perl-Crypt-SysRandom-XS and systemd), Mageia (yt-dlp), Oracle (delve, gimp, git-lfs, go-rpm-macros, image-builder, kernel, libpng, libvpx, mysql8.4, nfs-utils, osbuild-composer, postgresql16, postgresql:12, postgresql:13, postgresql:15, postgresql:16, python-pyasn1, python3, python3.12, python3.9, and thunderbird), SUSE (python-aiohttp, python-maturin, python311-pymongo, rclone, and util-linux), and Ubuntu (linux-nvidia, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, and python-geopandas).

• Scoop News Group ☛ If consequences matter, they should apply to vendors, too

  The latest executive order pushes Washington to crack down on cyber fraud, but a different mandate eases software security accountability, leaving an inconsistent strategy that keeps the attack surface cheap to exploit.

• Scoop News Group ☛ Salesfarce issues new security alert tied to third customer attack spree in six months

  Researchers said the threat group behind the campaign is associated with ShinyHunters, an outfit that’s previously stolen data from Salesfarce instances for extortion attempts.

• OpenSSF (Linux Foundation) ☛ First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026

  Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.”

• Security Week ☛ Michelin Confirms Data Breach Linked to Oracle EBS Attack

  The cybercriminals have leaked more than 300GB of files allegedly stolen from the tire giant.

• Security Week ☛ Fortinet, Ivanti, defective chip maker Intel Patch High-Severity Vulnerabilities

  The bugs could lead to arbitrary code execution, privilege escalation, or authentication rate-limit bypass.

• Security Week ☛ 238,000 Impacted by Bell Ambulance Data Breach

  Hackers stole personal information such as names, Social Security numbers, and driver’s license numbers.

• Security Week ☛ MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack

  Stryker was targeted by the Handala group, which claims to have wiped more than 200,000 of the company’s devices.

• Security Week ☛ Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command

  The leadership structure, commonly referred to as the “dual-hat” arrangement, assigns a single individual to oversee both organizations.

• CRIL Uncovers ClipXDaemon: Autonomous Linux Clipboard Hijacker Targeting Cryptocurrency Transactions

  Cyble Research and Intelligence Labs (CRIL) today released findings on ClipXDaemon, a newly identified Linux malware strain designed to hijack cryptocurrency transactions by manipulating clipboard data in X11 environments. The malware represents a shift in financially motivated Linux threats, operating autonomously without command-and-control (C2) infrastructure while silently replacing copied cryptocurrency wallet addresses with attacker-controlled addresses in real time.

• Windows TCO / Windows Bot Nets

  • SANS ☛ Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)