news
Security Leftovers
-
SANS ☛ TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Surveillance Giant Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (openssl), Fedora (corosync, goose, kea, pspp, and rauc), Mageia (python-pygments, roundcubemail, and tigervnc), SUSE (bind, gimp, google-cloud-sap-agent, govulncheck-vulndb, ignition, ImageMagick, python, python-PyJWT, and python-pyOpenSSL), and Ubuntu (adsys, juju-core, lxd, python-django, and salt).
-
Security Week ☛ Data Leakage Vulnerability Patched in OpenSSL
A total of seven vulnerabilities, most of which can be exploited for DoS attacks, have been patched in OpenSSL.
-
Security Week ☛ Evasive Masjesu DDoS Botnet Targets IoT Devices
Focused on persistence, the botnet does not engage in widespread infection and avoids blacklisted IPs and critical infrastructure entities.
-
Security Week ☛ Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
Signature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack.
-
SANS ☛ More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes!
-
SANS ☛ Number Usage in Passwords: Take Two, (Thu, Apr 9th)
In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years and seasons are used in passwords, especially when password change requirements include frequenty password changes.
-
LWN ☛ Nix privilege escalation security advisory
The NixOS project has announced a critical vulnerability in many versions of the Nix package manager's daemon. The flaw was introduced as part of a fix for a prior vulnerability in 2024. According to the advisory, all default configurations of NixOS and systems building untrusted derivations are impacted.
-
Security Week ☛ Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
The vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution.
-
AccessNow ☛ Espionage for repression: hack-for-hire phishing campaign targets civil society in MENA
A new investigation by Access Now’s Digital Security Helpline has exposed a hack-for-hire campaign targeting two prominent Egyptian journalists and government critics.
-
Security Week ☛ RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years
The vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication.
-
Adafruit ☛ Claude Code found a Linux vulnerability hidden for 23 years
Nicholas Carlini, a research scientist at Anthropic, reported at the [un]prompted AI security conference that he used Claude Code to find multiple remotely exploitable security vulnerabilities in the Linux kernel, including one that sat undiscovered for 23 years.
-
Help Net Security ☛ Chaos malware expands from routers to Linux cloud servers
Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had not previously prioritized.
Darktrace’s malware research team documented the compromise through its CloudyPots program, a global honeypot network the company runs to capture attacker behavior across a range of services and cloud platforms. One honeypot in that network runs Apache Hadoop, an open-source distributed data processing framework, deliberately misconfigured to allow remote code execution. That misconfiguration gave attackers a foothold and gave researchers a documented look at the updated malware.
-
Windows TCO / Windows Bot Nets
-
The Record ☛ Minnesota governor sends national guard to county after cyberattack
Walz previously activated the state’s national guard in response to a ransomware attack last year on the city of St. Paul, which is about two hours north of Winona County. The state’s other large city, Minneapolis, has also faced several cyberattacks over the last three years.
-
Meduza ☛ Russia’s internet regulator blames Rostelecom network fault for widespread outages
Users also reported that Rostelecom’s home internet service had stopped working in Moscow. The company stated that it had detected a major DDoS attack on its network and had quickly neutralized it.
-