Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 28 articles for you...
210
security advisoryhigh severityzero-dayChromium: CISA Zero-Day Advisory: High Severity Type Confusion Risk
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi. CISA has added this Type Confusion bug, exploited in the wild, to its Known Exploited Vulnerability Catalog . CISA has stated, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.", underscoring the significance of this flaw for impacted organizations. . Let's examine this vulnerability and other recent zero-day vulnerabilities found in Chromium, their impact, and measures admins should take to secure their systems against these bugs. What Zero-Day Bugs Have Recently Been Found in Chromium? How Can I Secure My Systems Against Them? The most recent zero-day vulnerability discovered in Chromium is a Type Confusion bug in the V8 JavaScript and WebAssembly engine (CVE-2024-5274). Type Confusion vulnerabilities exist when a program attempts to access a resource with an incompatible type. These flaws enable threat actors to access out-of-bounds memory, cause crashes, or execute arbitrary code on impacted systems, potentially leading to data breaches and system disruption. The discovery of this Chromium Type Confusion bug closely follows these other zero-day flaws identified in the open-source web browser project: CVE-2024-4671 : Use-after-free in Visuals allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2024-4761 : Out-of-bounds write in V8 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. CVE-2024-4947 : Type Confusion in V8 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Google has not disclosed additional technical details about the flaw but has acknowledged that an exploit for CVE-2024-5274 existsin the wild. To mitigate potential exploits, Linux users are advised to upgrade to Chrome version 125.0.6422.112. Many Linux distros have released important security advisory updates addressing these zero-days. Additionally, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are advised to apply fixes when available. Our Final Thoughts on These Chromium Zero-Days & Their Security Implications The recent discovery of a zero-day Type Confusion vulnerability (CVE-2024-5274) in Chromium highlights the persistent threat posed by security flaws in widely used web browsers. With CISA flagging this exploit as a known risk, organizations must prioritize updating their systems to mitigate potential attacks from threat actors. The string of zero-day vulnerabilities identified in Chromium underscores the importance of staying vigilant and proactive in applying patches and security updates. By promptly installing the necessary fixes and following best practices for securing systems , admins and organizations can help safeguard against these critical vulnerabilities and protect their data and networks from attacks and breaches. . Recent Chromium zero-day vulnerabilities have raised alarms among developers and users, posing risks like code execution and data breaches, urging quick admin action. Chromium Security, Zero-Day Exploit, Browser Security Updates. . Anthony Pell
Jul 11, 2024
•
Security Vulnerabilities
210
security advisoryhigh severityLinux updateDebian DSA-5577-1 High: Chromium Use-After-Free Exploit Threat
A severe use-after-free vulnerability has been found in Chromium ( CVE-2023-5472 ), which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability, which Chromium has rated as “high-severity”, is related to a bug in the webRTC (Real-time Communication) functionality. . What Is This Vulnerability? This Chromium browser vulnerability stems from a "use-after-free" issue in Profiles. In simple terms, this means that a specific portion of memory could be accessed after it has been freed, leading to potential exploitation by remote attackers. An attacker could manipulate heap corruption through a specially crafted HTML page if successfully exploited. The consequences may range from unauthorized access to your personal information to more severe damage to your system. In the context of a web browser, a "Use-After-Free" vulnerability exposes users to potential exploitation when the browser tries to access a portion of the memory that has already been freed. It is akin to accessing and modifying a borrowed book that has been returned to the library—this could cause crashes or, in more severe cases, allow an attacker to execute malicious code in the user's system. How Does This Vulnerability Affect My Linux Systems? This vulnerability impacts all users running unpatched versions of the Chromium browser. Exploiting this vulnerability could potentially allow attackers complete control over the affected browser, compromising user data and exposing sensitive information. What Can I Do To Stay Safe? As always, taking action is crucial. To protect yourself from this vulnerability, ensure your Chromium browser is updated to the latest version. Debian , Fedora , Mageia , and openSUSE have released important advisory updates addressing this vulnerability. Updates often include essential security patches designed to address vulnerabilities like these. Download updates only from the official Chromium website or your OS’s packagemanager, guaranteeing the authenticity and safety of the update. Consider utilizing a trusted and regularly updated antivirus solution, as it can provide an extra layer of defense against similar threats. Additionally, maintain safe browsing habits – avoid clicking on suspicious links or downloading files from untrustworthy sources. Your Digital Security Matters To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on X for real-time updates on advisories for your distro(s) . . Keep informed about the significant security flaw in Chromium that threatens confidential information and system functionality owing to the absence of a fix.. Chromium Bug, Use-After-Free, High Severity Threat. . Brittany Day
Dec 14, 2023
•
Security Vulnerabilities
210
security advisorycritical flawbrowser exploitCritical Google Chrome Update: Addressing Data Validation Exploit
Google Chrome users on Windows, Mac, and Linux need to install the latest update to the browser to protect themselves from a serious security vulnerability that hackers are actively exploiting. . “Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said in a September 2nd blog post. An anonymous tipster reported the problem on August 30th, and Google says it expects the update to roll out to all users in the coming days or weeks. The company hasn’t released much information yet on the nature of the bug. What we know so far is that it has to do with “Insufficient data validation” in Mojo , a collection of runtime libraries used by Chromium, the codebase that Google Chrome’s built on. . Firefox users are advised to download the new version released to patch a critical weakness that could be targeted by cybercriminals. Protect your data!. Google Chrome Update, Security Fix, Browser Exploit. . Brittany Day
Sep 14, 2022
•
Security Vulnerabilities
83
security advisoryzero-daythreat assessmentTianfu Cup 2023: Major Browsers Hacked By Chinese Hackers
Chinese security researchers were able to successfully discover zero-day vulnerabilities in Chrome, Edge, Safari, Office 365, qemu-kvm + Ubuntu and more at a recently held hacking competition in the city of Chengdu in China. Learn more in an interesting TechWorm article: . The hacking contest held over last weekend – November 16 and 17 – saw China’s top hackers take part in the Tianfu Cup 2019 International Cyber Security Competition – the country’s top hacking competition – to test some of the world’s most popular applications. For those unaware, prior to 2018, Chinese experts had successfully dominated Pwn2Own, the world’s largest hacking contest, by winning the competition years in a row. The link for this article located at TechWorm is no longer available. . During the Tianfu Cup 2023 Hacking Contest, Chinese experts discovered critically unpatched vulnerabilities in widely-used web browsers.. Zero-Day Exploits, Hacking Contest, Browser Vulnerabilities, Chinese Hackers. . LinuxSecurity.com Team
Nov 20, 2019
•
Hacks/Cracks
210
security advisoryhigh severityupdateChrome 78.0.3904.87 Security Update: Addressing Critical Vulnerabilities
Are you a Google Chrome user? If so, you should update your browser now, as two new high severity Chrome zero-day bugs are being actively exploited by attackers. Learn more about the vulnerabilities and how to protect your system: . Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting in the wild to hijack computers. Without revealing technical details of the vulnerability, the Chrome security team only says that both issues are use-after-free vulnerabilities, one affecting Chrome's audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library. The link for this article located at The Hacker News is no longer available. . Upgrade your Chrome browser now on Windows, Mac, or Linux to patch two critical vulnerabilities that jeopardize your online security.. Chrome Update, Browser Security, Use-After-Free Exploit. . Brittany Day
Nov 01, 2019
•
Security Vulnerabilities
83
user privacydata theftbrowser exploitBrowser Data Theft: Exploiting Extension APIs by Malicious Websites
Malicious websites can exploit browser extension APIs to execute code inside the browser and steal sensitive information such as bookmarks, browsing history, and even user cookies.. The latter, an attacker can use to hijack a user's active login sessions and access sensitive accounts, such as email inboxes, social media profiles, or work-related accounts. The link for this article located at ZDNet is no longer available. . Harmful sites may leverage browser add-on interfaces to run scripts and pilfer user information such as session tokens or saved links.. Browser Exploit, Malicious Websites, Data Theft, Extension APIs. . LinuxSecurity.com Team
Jan 20, 2019
•
Hacks/Cracks
79
security advisoryweb securitybrowser exploitPwn2Own 2023: Major Browsers Exploited by lokihardt for High Payout
Two researchers on Thursday took down the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, as Pwn2Own, the annual hacking contest that runs in tandem at CanSecWest, wound down in Vancouver.. The story of the day was Korean researcher Jung Hoon Lee, who worked alone under the name lokihardt and earned the single highest payout for an exploit in the competition The link for this article located at ThreatPost is no longer available. . The story of the day was Korean researcher Jung Hoon Lee, who worked alone under the name lokihardt . researchers, thursday, major, browsers, microsoft, internet, explorer, mozilla. . LinuxSecurity.com Team
Mar 23, 2015
•
Security Projects
83
security challengebrowser exploitevent summary2013 Mobile Pwn2own Event: NFC And Browser Exploits Exposed
The annual Mobile Pwn2own competition, sponsored by Hewlett-Packard's Zero-Day Initiative (ZDI) and held in Tokyo on Nov. 12 and 13, yielded some surprising results.. The mobile version of the Pwn2own hacking challenge offers security researchers cash and prizes for successfully exploiting mobile devices. In the 2013 event, researchers exploited Android and iOS devices alike. The link for this article located at eWeek is no longer available. . The Cyber Assault Challenge showcased how cybercriminals took advantage of Wi-Fi and software vulnerabilities to win rewards in Berlin.. Mobile Exploitation, Pwn2own Challenge, NFC Attacks. . LinuxSecurity.com Team
Nov 17, 2014
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More