news
Security in Linux and Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (389-ds-base, bind9.18, evince, fence-agents, freerdp, frr, frr10, gimp, gnutls, hplip, jmc, mariadb:11.8, mysql:8.4, php:7.4, postgresql-jdbc, postgresql:15, postgresql:16, valkey, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (fastnetmon), Fedora (7zip, apptainer, cpp-httplib, mysql8.4, and nmap), Oracle (freerdp, giflib, glib2, glibc, kernel, libreoffice, libvirt, mariadb:10.11, postgresql, python3.11, python3.12, rrdtool, and thunderbird), Red Hat (buildah, podman, and skopeo), SUSE (alloy, apache2, buildah, c3p0, containerd, crun, cups, dhcpcd, dnsmasq, docker-stable, dracut, editorconfig-core-c, ffmpeg-7, fontforge, google-guest-agent, google-osconfig-agent, graphicsmagick, gstreamer-plugins-bad, gstreamer-plugins-good, helm, jackson-annotations, jackson-core, jackson-databind, jline3, kernel, kubectl-cnpg, lcms2, libslirp, libssh2_org, libxreaderdocument3, openbabel, openssl-3, pacemaker, perl-CGI-Session, perl-list-someutils-xs, python-lxml, python-tornado, python-tornado6, python3-onionshare, python311-python-engineio, sg3_utils, thunderbird, transmission, and trivy), and Ubuntu (cifs-utils, kernel, libvncserver, linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia-tegra, linux-oracle-5.15, linux-raspi, linux-xilinx, nghttp2, nginx, perl, and vim).
-
Security Week ☛ Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices
NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks.
-
Julian Andres Klode ☛ Julian Andres Klode: The pandemic of incomplete OpenSSL error handling
Recently a person reported a bug in APT saying that TLS is failing on FIPS systems with MD5 errors, and suggested we call
ERR_clear_error()around TLS operations.Like any serious software engineer would do, I said No. Just because one component failed to handle its errors does not mean I can go around and discard all errors in another place - the program should have failed earlier (or discarded the error when it was determined to be safe).
-
Hacker News ☛ New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out.
Bad Epoll sits in the same small stretch of kernel code where Anthropic's most powerful AI model, Mythos, recently found a different bug.
The AI caught one flaw and missed this one. A researcher, Jaeyoung Chung, found it and built a working attack.
-
Pen Test Partners ☛ EN 303 645 is the baseline, not the finish line for IoT security
It gives manufacturers, assessors, and product teams a shared view of reasonable IoT security and something concrete to work against. But after years of assessing products against it, one thing is clear: passing the standard is not the same as building a secure product.
-
Security Week ☛ Critical Cursor Hey Hi (AI) Code Editor Flaws Could Lead to OS-Level Remote Code Execution
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
-
Security Week ☛ Alleged Scattered Spider Hacker Extradited to US
Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments.
-
Scoop News Group ☛ Someone infected a spyware probe overseer with spyware
Citizen Lab says the phone of a member of Europe’s PEGA Committee was infected twice with Pegasus, the NSO Group spyware that gave the panel its name.
-
LWN ☛ Four vulnerabilities in Guix
The GNU Guix project has announced three vulnerabilities in the guix substitute utility as well as a fourth that affects the guix pull and guix time-machine commands. The impact of the vulnerabilities ranges from remote privilege escalation to local disclosure of sensitive files.
-
Security Week ☛ Medtronic Data Breach Impacts 3.8 Million People
In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.
-
Security Week ☛ Agentic Hey Hi (AI) Used to Conduct Ransomware Attack via Langflow
Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.
-
Latvia ☛ Latvian State Forests hacker also attacked Olpha
The cyberattacker who compromised the servers of Latvian State Forests (Latvijas valsts meži, LVM) has also attacked the servers of the pharmaceutical manufacturer Olpha, the cyber incident response agency "Cert.lv" told the LETA newswire on July 3.
-
Security Week ☛ In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting
Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting.