Security, Backdoored Windows Server, and GitHub (npm) Causes Trouble for IBM Red Hat

posted by Roy Schestowitz on Jun 02, 2026

• LWN ☛ Security updates for Monday

  Security updates have been issued by AlmaLinux (.NET 10.0, .NET 9.0, firefox, flatpak, httpd, and thunderbird), Debian (chromium, corosync, cyborg, dovecot, exim4, git-lfs, imagemagick, kernel, keystone, linux-6.1, php-twig, python-aiohttp, sentry-python, swift, and symfony), Fedora (chromium, djvulibre, docker-compose, giflib, haveged, libsoup3, libssh2, mingw-objfw, netatalk, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, objfw, pdns, perl-Crypt-PasswdMD5, perl-libwww-perl, python-urllib3, suricata, and xrdp), Mageia (perl-Template-Toolkit and vim), Oracle (.NET 8.0, cockpit, firefox, flatpak, freerdp, kernel, and libexif), Red Hat (containernetworking-plugins, libsoup, libsoup3, multiple packages, php:8.2, php:8.3, podman, rhc, and skopeo), SUSE (amazon-ecs-init, amazon-ssm-agent, apptainer, azure-storage-azcopy, bind, chromium, csync2, cups, docker-stable, frr, gdk-pixbuf-loader-libheif, gnutls, hauler, helm, helm3, ignition, java-1_8_0-ibm, kernel, libBasicUsageEnvironment2, libredwg-devel, localsearch, memcached, openexr, perl-Net-CIDR-Lite, perl-YAML-Syck, postgresql14, python-mistune, python-pillow, python-pytest-html, python-urllib3, python311-Authlib, strongswan, trivy, vim, and xz), and Ubuntu (gdal, python-pip, qtwebengine-opensource-src, rsync, and texmaker).

• Security Week ☛ WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites

  The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations.

• Security Week ☛ Dragos Acquires xIoT Security Firm Phosphorus

  Dragos said customers will soon gain expanded asset visibility and integrated device intelligence, with automated remediation workflows and a unified platform experience to follow.

• Security Week ☛ Recent Palo Alto Networks Vulnerability Exploited for Weeks

  Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure.

• Security Week ☛ Dutch Police Dismantle Massive 17-Million-Device Botnet

  Dutch authorities seized command-and-control servers tied to a botnet of infected computers, smartphones, and tablets that was allegedly used to power a residential proxy network and facilitate cybercrime.

• Nick Fitzgerald: A Structure-Aware Fuzzing Experiment

  Structure-aware fuzzing can better exercise the system under test (SUT) by crafting inputs in the format expected by the SUT, rather than throwing pseudorandom bytes against it. That is, it avoids “shallow” inputs that the SUT will reject early (for example, syntactically invalid source text when fuzzing a programming language’s compiler) and only produces inputs that go “deep” into the SUT (e.g. programs that type-check and exercise the mid-end optimizer and backend code generator).

• Hacker News ☛ ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

• Windows TCO

  • Tom's Hardware ☛ Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild

    9.8-rated backdoored Windows Server vulnerability can grants system privileges with just a malformed packet — domain controllers being exploited in the wild

  • Security Week ☛ Critical backdoored Windows Netlogon Vulnerability in Attackers’ Crosshairs

    Organizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation.

• Entrapment (Microsoft GitHub)

  • Xe's Blog ☛ "No way to prevent this" say users of only package manager where this regularly happens

  • LWN ☛ Multiple redhat-cloud-services npm packages compromised (StepSecurity Blog)

    StepSecurity is reporting that a number of npm packages in the @redhat-cloud-services scope include malware that runs automatically on every npm install: [...]

  • The Register UK ☛ Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

    Security researchers on Monday found dozens of Red Hat npm package releases infected with the Mini Shai-Hulud worm that TeamPCP cybercriminals recently open-sourced.

    The new supply chain attack hit at least 32 npm package releases published under the Red Hat Cloud Services namespace, according to security researchers from Google-owned Wiz, who traced the malware to one Red Hat employee’s compromised GitHub account. They said the affected packages are downloaded around 80,000 times a week.