Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 730
Alerts This Week
Warning Icon 1 730

Security Vulnerabilities - Page 3

Discover Security Vulnerabilities News

Linux: Chrome High Risk Bugs CVE-2025-6191 CVE-2025-6192

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two new Chrome vulnerabilities have surfaced, and despite how often we hear about Chrome in the news, these bugs are not the kind we can afford to brush off. Both flaws target core components within Chrome—the V8 JavaScript engine and the Profiler function—and could hand attackers a direct line to exploit your systems. It’s the kind of scenario no one wants: arbitrary code execution and potential system compromise just waiting to happen. As a result, Google has flagged both as high-severity issues. 

GitHub Actions: Critical Risks from Misconfigured Workflow Triggers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

You know how we always preach to secure everything: servers, processes, applications? It turns out that a lot of us missed a serious blind spot hiding in plain sight—CI/CD pipelines, particularly in how GitHub Actions workflows are configured. Sysdig’s Threat Research Team (TRT) recently dropped some eye-opening findings, uncovering dangerous vulnerabilities in workflows for major open-source projects like MITRE and Splunk. These issues aren’t just theoretical risks or something “future-you” can deal with. If you’re a Linux admin or developer involved in open-source projects, this is your nudge to take GitHub Actions security seriously—because bad actors already are.

Linux: X.Org Critical Flaws Advisory CVE-2025-49176 to CVE-2025-49180

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Let’s cut to the chase—if you’re running any system with X.Org X server or Xwayland versions prior to the latest patches, your setup may be dangerously exposed to vulnerabilities that stretch from data leaks to outright instability. These are not hypothetical problems or edge-case issues buried deep in some obscure configuration. We’re talking about flaws that impact core extensions many of you rely on every day, whether you’re maintaining workstations, servers, or production systems.

Linux Crash Dump Vulns Expose Sensitive Information

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Crashes happen. Servers, desktops, and embedded systems all stumble occasionally, leaving behind a snapshot of their memory – a core dump. For years, tools like Apport in Ubuntu and systemd-coredump in Red Hat-based distributions have turned these snapshots into goldmines for debugging. They let developers reconstruct what went wrong, inspect the state of the system at the time of the crash, and fix errors with precision.

Chrome Zero-Day Flaw Exposes Login Tokens on Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Zero-day vulnerabilities are a nightmare for any Linux admin, and here's the latest one that demands your attention: CVE-2025-4664. If you're running Chrome or any Chromium-based browser on Linux, this isn’t some abstract "security bulletin" to skim and forget—it’s a real, hands-on threat sitting in your environment right now.

Remote Zero-day Linux Kernel Flaw Discovered Using AI

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Picture this: you're staring at your trusted Linux system, a network of processes handling everything from file sharing to user requests. It's smooth, reliable, and—if you're confident in your setup—secure. But then comes word of yet another critical vulnerability. CVE-2025-37899 isn’t just another line in a long list; it’s a zero-day affecting the Linux kernel’s SMB server implementation (ksmbd), putting your system’s integrity on the line. This isn’t something to shrug off, and as a Linux admin, facing such risks means acting quickly, logically, and precisely.

Tails 6.15.1: Critical Tor Browser Flaws Emergency Advisory

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tails version 6.15.1 has landed, and this isn’t just a routine update—it’s an emergency release. If you’re working with Tails, this release demands your immediate attention. Why? Because it tackles serious security flaws in the Tor Browser, flaws that could compromise the very foundation of privacy and anonymity, Tails is built to protect.

Intel: Branch Authority Exploitation Severe Threat CVE-2024-45333

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In modern computing, the line dividing speed from security is razor-thin. Performance innovations have helped processors handle billions of instructions per second, but these optimizations often come with cracks in their armor. This couldn’t be more apparent following the discovery of the Branch Privilege Injection flaw, a vulnerability impacting Intel processors and tracked as CVE-2024-45332. For us admins, the implications are serious, with the potential for sensitive data leaks, cross-domain attacks, and undermined kernel protections.

NVIDIA Issues Advisory for Critical IPC Data Leakage CVE-2025-23254

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Artificial Intelligence and Machine Learning have become integral components of today’s enterprise infrastructure, transforming how businesses operate and innovate in everything from predictive analytics to automation. However, with great technological advancements come equally significant challenges—particularly when it comes to cybersecurity. The recent disclosure of a critical vulnerability (CVE-2025-23254) in NVIDIA’s TensorRT-LLM framework is a crucial reminder of this, demonstrating that no matter how advanced AI systems are, they remain susceptible to exploitation if security measures are overlooked.

Oracle Linux 2025: April Critical Security Update Advisory RHSA-2025:0011-1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

If you're managing an Oracle Linux system, you're well aware that vigilance is essential for staying ahead of adversaries looking to exploit unpatched vulnerabilities. Thankfully, in its April 2025 Critical Patch Update (CPU), Oracle has fixed 48 vulnerabilities that, if left unaddressed, could leave our systems vulnerable to server infiltration, privilege escalation, and the exposure of sensitive network protocols, among other risks.

CISA Alerts Admins: Two Active Linux Kernel Threats Identified

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two new Linux kernel vulnerabilities have been added to CISA's Known Exploited Vulnerabilities Catalog, emphasizing a pressing need for action among us admins. These Linux kernel vulnerabilities, identified as CVE-2024-53197 and CVE-2024-53150, involve out-of-bounds access problems that malicious actors have already exploited. The implications are severe, potentially allowing attackers to bypass system security, manipulate data, or execute arbitrary code, putting your systems at significant risk.

Ubuntu Security Advisory: CVE-2025-3155 - Critical SSH Key Exposure

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Linux security admins managing Ubuntu systems face a new security challenge, as researchers have exposed a critical vulnerability (CVE-2025-3155) in the default help browser - Yelp - on Ubuntu desktop installations. This flaw, stemming from improper handling of XML content in GNOME's help documentation system, could potentially allow malicious help documents to execute arbitrary scripts.

New Ubuntu Vulns Could Give Unprivileged Users Admin Access

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In a recent discovery that has raised significant alarm within the Linux community, three security bypasses have been identified affecting Ubuntu Linux's control over unprivileged user namespaces. Targeting versions 23.10 and 24.04, these vulnerabilities could allow local unprivileged users to gain administrative-like capabilities in user namespaces, posing substantial risks for exploiting kernel components.

Apache Tomcat Vulnerability CVE-2025-24813 Exposes Linux Servers to Remote Attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Apache Tomcat servers worldwide are under attack after the discovery of CVE-2025-24813, an actively exploited remote code execution (RCE) flaw. This seemingly harmless bug grants attackers access to sensitive files on impacted systems. Discovered on March 10, 2025, exploits were in circulation within 30 hours, and active attacks were reported soon thereafter. Successfully exploiting this bug requires specific conditions, including file-based session persistence and default configuration settings that many installations overlook.

Chrome 134 Update: Critical Fixes for Linux Users' Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Google recently took an important step toward increasing web browsing security by unveiling Chrome 134 to patch several severe vulnerabilities. As a Linux administrator, staying informed on such updates to protect systems against potential threats is paramount. This release addresses critical issues like an out-of-bounds read in V8 and defects across DevTools Profiles and PDFium.

Open-Source Screen Recorders: Documenting Malware and Exploits

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

For information security researchers, there is a continuous effort to improve methods of detecting and documenting vulnerabilities. One of the main tools in that direction is open-source screen recorders. Screen recorders simplify recording the vulnerability exploitation process, tracking malware activity, and publishing Proof of Concepts (PoCs) to the world, which is used to improve the overall level of cybersecurity.