Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 2 articles for you...
74
browser securityautomated attacksuser protectionMozilla Firefox Enhancements: Click to Play Blocks Automated Plugins
Mozilla developers are working on a new Firefox feature that will block the automated display of plug-in-based content like Flash videos, Java applets or PDF files, and will protect users from attacks that exploit vulnerabilities in browser plug-ins to install malware on their computers. . Known as "click to play," this feature has been present in the popular NoScript Firefox security extension for many years, as well as in other browsers like Google Chrome and Opera. The link for this article located at Network World is no longer available. . The latest Chrome update introduces measures to prevent automatic content rendering, boosting user security against harmful extensions.. Firefox, Browser Security, Click-to-Play, NoScript, Plugin Exploits. . Alex
Apr 16, 2012 •
Network Security 83
web applicationdata breachsql injectionSQL Injection Attacks: Trends, Stats, and Implications for Security
SQL injections top plenty of lists as the most prevalent means of attacking front-end Web applications and back-end databases to compromise data. According to recent published reports, analysis of the Web Hacking Incidents Database (WHID) shows SQL injections as the top attack vector, making up 19 percent of all security breaches examined by WHID. . Similarly, in the "Breach Report for 2010" (PDF) released by 7Safe earlier this month, a whopping 60 percent of all breach incidents examined involved SQL injections. "One of the reasons we're seeing such an increase in SQL injections is actually sort of what we've dubbed the 'industrialization' of hacking," says Brian Contos, chief security strategist for Imperva. "It's this notion of smart SQL injections leveraging things like Google searches, automation through bots, and various other technologies to carry out sophisticated, automated attacks." SQL injection attacks are generally carried out by typing malformed SQL commands into front-end Web application input boxes that are tied to database accounts in order to trick the database into offering more access to information than the developer intended. Part of the reason for such a huge rise in SQL injection during the past year to 18 months is the fact that criminals are increasingly using automated SQL injection attacks powered by botnets to hit vulnerable systems, Contos says. They use the attacks to both steal information from databases and to inject malicious code into these databases as a means to perpetrate further attacks. The link for this article located at Dark Reading is no longer available. . Similarly, in the 'Breach Report for 2010' (PDF) released by 7Safe earlier this month, a whopping 60. injections, plenty, lists, prevalent, means, attacking, front-end, applicatio. . LinuxSecurity.com Team
Feb 23, 2010 • Hacks/Cracks 
77
security advisorysystem hardeningSSHEnhancing Security: Combatting Automated SSH Attacks on Linux
As many systems administrators will tell you, attacks from automated login scripts specifically targeting common account names with weak passwords have become a substantial threat to system security, especially via SSH (a popular program that allows remote users to log in to a Linux computer and execute commands locally). Here are some common-sense rules to follow that can greatly improve security, as well as several scripts to cut down on the computing resources wasted by these attacks. . Brute-force attackers use so-called dictionary attacks, attempting many different login/password combinations in an attempt to hit on one that matches. In most cases, these scripts use a pre-programmed "dictionary" of often-used account names (such as www, admin, test, or guest). These scripts then attempt common passwords (often just the name of the account or an empty string). When one attempt fails, the script continues on, attempting other entries in its dictionary, until it has exhausted every pair (which can total hundreds of login attempts). The link for this article located at Linux.com is no longer available. . Brute-force attackers use so-called dictionary attacks, attempting many different login/password com. systems, administrators, attacks, automated, login, scripts, specifically. . LinuxSecurity.com Team
Sep 22, 2005 • Server Security 83
denial of serviceremote accesscybercrimeImpact of Automated Attacks And Bot Networks On Modern Cybercrime
Automated attacks are coming from unexpected quarters--from across the globe, across town, and most creepily, even from across the hall. According to a recent report from anti-virus vendor Symantec, this year's 450 percent increase in the number of attacks on Windows machines is evidence that automation is proving as efficient for 21st-Century hackers as it did for 20th-Century manufacturers. . Automated attacks are coming from unexpected quarters--from across the globe, across town, and most creepily, even from across the hall. According to a recent report from anti-virus vendor Symantec, this year's 450 percent increase in the number of attacks on Windows machines is evidence that automation is proving as efficient for 21st-Century hackers as it did for 20th-Century manufacturers. By including a backdoor component with their worms and viruses, hackers can gain access to infected machines without the owners' knowledge. Once that access is available, the machines become "bots," controlled remotely by hackers to do their nefarious bidding. The latest disturbing trend sees hackers assembling thousands of hijacked computers into huge "bot networks." Such networks both vastly amplify the hackers' ability to wreak havoc, and complicate the task of authorities trying to track down the cybercriminals. Bot networks can be used for any number of criminal activities, ranging from sending out more worms and viruses with more backdoors, to mass-spam mailings, to launching denial of service attacks, to hosting phishing sites that pose as legitimate financial institutions. The 100 percent increase in phishing sites between September and October of this year is viewed by the Anti-Phishing Working Group as evidence that bot networks have been used to send more payload-bearing e-mails and to host scam sites. The link for this article located at securitypipeline.com is no longer available. . Automated attacks are coming from unexpected quarters--from across the globe, across town, and most .across, automated, attacks, coming, unexpected, quarters--from, globe. . LinuxSecurity.com Team
Dec 01, 2004 • Hacks/Cracks 77
denial of serviceidentity theftautomated attacksProtect Your Computer From Automated Break-Ins And Cyber Hijacking
Simply connecting to the Internet -- and doing nothing else -- exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously. . . . . Simply connecting to the Internet -- and doing nothing else -- exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously. While most break-in tries fail, an unprotected PC can get hijacked within minutes of accessing the Internet. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams. Those are key findings of a test conducted by USA TODAY and Avantgarde, a San Francisco tech marketing and design firm. The experiment involved monitoring six "honeypot" computers for two weeks -- set up to see what kind of malicious traffic they would attract. Once breached, the test computers were shut down before they could be used to attack other PCs. The link for this article located at Byron Acohido and Jon Swartz is no longer available. . Accessing the web unprotected may result in instant breaches, jeopardizing your computer's security.. PC Hijacking, Automated Attacks, Internet Security. . LinuxSecurity.com Team
Nov 30, 2004 • Server Security 82
network securityautomated attacksinformation assuranceU.S. Army Cyber Incident Response: Follow-Up Actions After Cyberwar
Shortly after a military surveillance plane collided with a Chinese fighter last April, a two-week ÒcyberwarÓ began, and U.S. Army Web sites took numerous hits. More than 50 Web pages were defaced by an automated attack launched by supporters or agents of the PeopleÕs Republic of China. The hackers placed anti-American sentiments in English and Chinese characters on some of the sites. . . .. Shortly after a military surveillance plane collided with a Chinese fighter last April, a two-week ÒcyberwarÓ began, and U.S. Army Web sites took numerous hits. More than 50 Web pages were defaced by an automated attack launched by supporters or agents of the PeopleÕs Republic of China. The hackers placed anti-American sentiments in English and Chinese characters on some of the sites. But most of the attacks could have been prevented if published fixes, identified in Information Assurance Vulnerability Alerts, were in place on the hacked machines, said Lt. Col. John Quigg, chief of the ArmyÕs network security improvement program in the serviceÕs chief information office. An IAVA is a digital list of computer vulnerabilities. They are reported monthly to the chairman of the Joint Chiefs of Staff, Quigg said. The alerts are also posted on Army networks and warn of basic security measures needed to ward off viruses, worms or hackers. The link for this article located at ComputerUser is no longer available. . Shortly after a military surveillance plane collided with a Chinese fighter last April, a two-week . shortly, military, surveillance, plane, collided, chinese, fighter, april, two-week. . Anthony Pell
May 14, 2002 • Government 83
denial of servicecyber threatssecurity trends2001 Internet Threats Overview: Key Risks And Trends Identified
Internet-based threats rose significantly in 2001 and continued to climb through the early months of 2002, according to a new report. Traditional incidents such as virus and Denial of Service attacks remained at or above previous levels, but automated scripts against common vulnerabilities are now the most significant online risk, said Internet Security Systems (ISS).. . .. Internet-based threats rose significantly in 2001 and continued to climb through the early months of 2002, according to a new report. Traditional incidents such as virus and Denial of Service attacks remained at or above previous levels, but automated scripts against common vulnerabilities are now the most significant online risk, said Internet Security Systems (ISS). The threats will continue to increase until fundamental internet risk factors are dealt with, the company said in its Internet Risk Impact Summary Report for the first quarter of 2002. "Attacks are now global in scope and round-the-clock in incidence," said ISS. The link for this article located at vnunet is no longer available. . The year 2001 saw a notable increase in online dangers, underscoring newly identified vulnerabilities within the realm of digital security.. Cybersecurity Trends, Internet Threats, Risk Assessment. . LinuxSecurity.com Team
Apr 08, 2002 • Hacks/Cracks 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More