news
Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (corosync, dovecot, image-builder, python-tornado, resource-agents, and systemd), Debian (openjdk-11, openjdk-17, and pyjwt), Fedora (pdns, pyOpenSSL, and squid), Slackware (hunspell), SUSE (alloy, avahi, bubblewrap, cmctl, coredns, curl, dpkg, firefox, golang-github-prometheus-prometheus, grafana, libpng12, PackageKit, sed, and xen), and Ubuntu (docker.io-app, nghttp2, python-django, and python-mako).
-
OpenSSF (Linux Foundation) ☛ Open Infrastructure Is Not Free, Part II: The Hidden Cost of Running Package Registries
-
Qt ☛ Security advisory: Type confusion and heap-buffer-overflow vulnerability in Qt SVG marker handling impacts Qt
Type Confusion and Heap-based Buffer Overflow vulnerability in the SVG marker and mask handling of the Qt SVG module has been discovered and has been assigned the CVE id CVE-2026-6210.
-
Security Week ☛ Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls.
-
Security Week ☛ Oracle Debuts Monthly Critical Security Patch Updates
Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster.
-
Security Week ☛ Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack
While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems.
-
Security Week ☛ CISA Launches ‘CI Fortify’ to Prepare Critical Infrastructure for Geopolitical Cyber Conflict
Agency issued guidance and calls on operators to build resilient OT environments capable of surviving extended isolation and cyber compromise.
-
Security Week ☛ Romanian Man Extradited to US for Role in Hacking Scheme 17 Years Ago
Gavril Sandu, 53, was indicted in 2017, but was arrested and extradited to the United States only in 2026.
-
Security Week ☛ Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft.
-
Security Week ☛ Sophisticated Quasar GNU/Linux RAT Targets Software Developers [Ed: It targets not the kernel]
The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities.
[...]
It targets AWS credentials and configurations, Kubernetes tokens, Docker Hub credentials, Git access tokens and configurations, NPM authentication tokens, and PyPI API keys, potentially allowing operators to publish malicious packages through established developer accounts.
-
Bleeping Computer ☛ New stealthy Quasar Linux malware targets software developers
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities.
-
Dolphin Publications B V ☛ Quasar Linux malware targets DevOps environments - Techzine Global
Security researchers have discovered a new Linux malware campaign targeting software developers and DevOps infrastructure. The malware, known as Quasar Linux or QLNX, combines extensive espionage capabilities with techniques designed to remain hidden on infected systems for extended periods.
-
CSO ☛ New malware turns Linux systems into P2P attack networks | CSO Online
Researchers found a Linux malware called QLNX that combines P2P networking, rootkits, PAM backdoors, and fileless execution to persist and evade takedowns.