Security Vulnerabilities 
security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026
Network Securityopen-source python
open-source python Researchers recently identified another wave of malicious packages on PyPI linked to the broader Mini Shai-Hulud campaign, a worm-like supply chain attack that spread through trusted software packages. On the surface, the packages looked no different from thousands of others published to the repository each week. . Instead of trying to break into a target network directly, the attackers hid malicious code inside software that developers were already using. A few downloads are all it takes....
Jun 09, 2026
Security Vulnerabilities malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -3 articles for you...
78
data breachuser privacymalware campaign500 Chrome Extensions Steal User Data: Malvertising Campaign Exposed
Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers. . These extensions were part of a malvertising and ad-fraud campaign that's been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017. The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations. The link for this article located at The Hacker News is no longer available. . Malicious Chrome extensions were part of an extensive ad-fraud campaign impacting 1.7 million users. Learn more here.. google, removed, malicious, chrome, extensions, store, found, inject, malicio. . LinuxSecurity.com Team
Feb 14, 2020
•
Vendors/Products
78
malwareandroid updatecounterfeit appFake Samsung Update App Installed By 10 Million Android Users
In recent months, we’ve seen quite a few reports of the Google Play Store hosting counterfeit apps that are designed to dupe users and earn money through ad farms. In the latest reveal, CSIS Security Group’s report suggests that a fake app – promising updates for Samsung phones – has been installed by over 10 million users. . The app, named ‘Updates for Samsung,’ promised users Android firmware updates, but after installing it, it redirected them to an ad-farm that charged money for downloading the update. Sadly, the app is still live on the Play Store, and security researcher Aleksejs Kuprins said he contacted Google to take it down. We’ve also contacted the company to learn more, and we’ll update the post accordingly. The link for this article located at The Next Web is no longer available. . More than 10 million Android device owners were tricked by a counterfeit Samsung update application that funneled them to advertising networks.. fake Android app, Samsung update, ad farm fraud, Play Store security, Android malware. . LinuxSecurity.com Team
Jul 05, 2019
•
Vendors/Products
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More