Intel: Six Security Advisories for Driver Flaws in Linux and Windows
Are you aware that Intel has published a total of six advisories for security vulnerabilities impacting its products, including the Intel Processor Graphics on Windows and Linux?
Security Vulnerabilities - Page 21
Langflow 1.9.0 Advisory CVE-2026-5027 High File Write Threat
Attackers are actively exploiting a high-severity vulnerability in Langflow, an open-source platform used to build and run AI workflows. ...
Actively Exploited Chromium V8 Zero-Day: What Linux Admins Need to Know
CISA added CVE-2026-11645 to its Known Exploited Vulner...
IronWorm Supply Chain Threat from Linux Credential Theft
IronWorm steals credentials and uses them to spread bey...
Discover Security Vulnerabilities News
ARMv8 Security Issue: PAN Control Bypass and Kernel Implications
Are you aware that memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed? The Arm team has just recently mitigated the bug, which would allow an attacker to circumvent its “Privileged Access Never” (PAN) controls in the kernel.
Firefox: Critical Update for Zero-Day Vulnerability CVE-2019-17026
Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Learn more:
Research on FPGA Cards Improving Rowhammer Attack Efficiency
In a new research paper published on the last day of 2019, a team of American and German academics has shown that field-programmable gate array (FPGA) cards can be abused to launch better and faster Rowhammer attacks. Learn more about how FPGA cards can be abused for faster and more reliable Rowhammer attacks:
Lazarus APT Engages Linux Systems Utilizing Dacls Trojan Vulnerability
Security experts from Netlab 360 have uncovered a new Remote Access Trojan (RAT) used on Linux and Windows operating systems – currently being used in the wild by exploiting a known code execution vulnerability. Dubbed Dacls, the malware was in use since at least May this year and is attributed to the North Korean advanced persistent threat group Lazarus, also known as Hidden Cobra, Guardians of Peace, or Zinc. Learn more:
Plundervolt Advisory: Critical Undervolting Threat To Processor Security
The funky vulnerability of the month – what we call aBWAIN, short forBug With an Impressive Name– isPlundervolt, also known asCVE-2019-11157. Learn more about this vulnerability, how it works and what actions you should be taking to protect you system in an informative Naked Security article:
Linux And macOS Network Attack: VPN Session Hijack Risk
Researchers have discovered a security flaw in macOS, Linux, and several other operating systems that could let attackers hijack a wide range of virtual private network (VPN) connections. Learn more about this networking attack:
OpenBSD: Security Advisory for Authentication Bypass Bug in smtpd and ldapd
Are you an OpenBSD user? OpenBSD, one of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability. Learn more:
Severe Vulnerability In Linux Affects Encrypted VPN Connections
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. Learn more about the bug and how it could impact your system:
Ubuntu Intel Microcode Regression Advisory: Kernel Update for Skylake CPUs
Canonical has published a new security advisory today where the company behind the popular Ubuntu Linux operating system apologizes for a regression introduced by the latest Intel microcode firmware update.
Aviatrix VPN: Critical Risk of Escalation Privileges in Linux Settings
Aviatrix, a supplier of open source enterprisevirtual private networks(VPNs) to customers including BT, Nasa and Shell, has patched a serious vulnerability in its client that could have given an attacker escalation privileges on a machine to which they already had access. Learn more about this vulnerability and its implications for Linux users in an informative Computer Weekly article:
Docker: Critical Escape Bug Advisory - Update to Version 19.03.1
Are you a Docker customer? If so, you should upgrade to the latest version of Docker immediately. Security researchers have detailed a proof-of-concept (PoC) attack exploiting a critical vulnerability, which could lead to full container escape. Learn more:
Linux Wi-Fi Flaw Management and Public Disclosure Risks
A serious Wi-Fi vulnerability has shown how Linux handles security in plain sight. Learn more about this security bug, as well as how the Linux kernel balances the risks of public bug disclosure:
Ubuntu Kernel Security Updates: Intel Flaws and Denial of Service Risks
Are you an Ubuntu user? Canonical has released a new batch of Linux kernel security updates for all of its supported Ubuntu Linux releases to address the latest Intel CPU vulnerabilities, as well as other important flaws. Learn more:
Zombieland v2 Intel Bug: Ongoing Security Challenges for Linux Systems
Have you heard about the latest Intel CPU bug, Zombieland v2? Learn more about this security vulnerability and what Red Hat and other Linux vendors are doing about it in an informative ZDNet article:
Ring Doorbell Security Advisory: Wi-Fi Password Exposure
Are you a Ring doorbell owner? Have you heard about the security bug that researchers discovered in Ring doorbells that sent Wi-Fi passwords over the network in plain HTTP rather than being encrypted? Learn more:
Exploring Light Commands: Attacks On Siri, Alexa, And Google Assistant
Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible -- and sometimes invisible -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones. Learn more in an interesting Schneier on Security blog post:
Libarchive Vulnerability: Code Execution Threat on Linux and BSD Systems
Google has discovered a Libarchive vulnerability which can lead to code execution on Linux, FreeBSD and NetBSD. Learn more about the security bug and its implications for Linux users in an informative ZDNet article:
Open-Source Summit Europe: Address Space Isolation for Kernel Improvements
IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated. Learn more in an interesting Phoronix article:
Chrome 78.0.3904.87 Security Update: Addressing Critical Vulnerabilities
Are you a Google Chrome user? If so, you should update your browser now, as two new high severity Chrome zero-day bugs are being actively exploited by attackers. Learn more about the vulnerabilities and how to protect your system:
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!