Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 10 articles for you...
210
security advisoryhigh severitycode injectionYamale High-Severity Advisory: CVE-2021-38305 Code Execution Risk
A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. . Particularly, the issue resides in the schema parsing function, which allows any input passed to be evaluated and executed, resulting in a scenario where a specially-crafted string within the schema can be abused for the injection of system commands. Yamale is a Python package that allows developers to validate YAML — a data serialization language often used for writing configuration files — from the command line. The package is used by at least 224 repositories on GitHub. The link for this article located at The Hacker News is no longer available. . A critical vulnerability in the Yamale library enables attackers to execute arbitrary Python code by crafting malicious schema files.. Yamale Package, Code Injection Flaw, Python Security Bug, YAML Validation, High Severity Vulnerability. . Brittany Day
Oct 07, 2021
•
Security Vulnerabilities
83
code injectionweb threatsPNG malwareMalicious PNG Files: A Threat of iFrame Injection by Sucuri
Security vendor Sucuri is warning that it's spotted an attack in the wild that embeds malicious code in PNG files. . The iFrame injection attack loaded a valid jquery.js file with very little to alert even the researcher that something else was going on. As the company writes in this blog post, the only red flag in the code was a loadFile() function downloading dron.png into the iFrame. The link for this article located at The Register UK is no longer available. . Uncover the hidden threat of the iFrame exploit that stealthily integrates harmful JPEG scripts, sidestepping security measures and endangering online safety.. iFrame Attack, PNG Malware, Code Injection, Web Threats, Sucuri Security. . LinuxSecurity.com Team
Feb 05, 2014
•
Hacks/Cracks
78
security advisorycriticalDoSPHP 5.3.9: Critical Advisory on Code Injection and DoS Threat
The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions.. The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions. To do so, the developers limited the maximum possible number of input parameters to 1,000 in php_variables.c using max_input_vars. Because of mistakes in the implementation, hackers can intentionally exceed this limit and inject and execute code. The bug is considered to be critical as code can be remotely injected over the web. The link for this article located at H Security is no longer available. . A severe vulnerability in PHP versions 5.3.9 has emerged, allowing for potential code injections and denial of service attacks stemming from a poorly executed patch fix.. PHP Security Fix, Code Injection Prevention, DoS Attack Alert. . LinuxSecurity.com Team
Feb 03, 2012
•
Vendors/Products
78
security advisoryupdatecriticalRuby on Rails: 3.0.11 Critical XSS Issue Resolved in Update
The Ruby on Rails open source web framework has been updated to close a security hole in the translate helper method. According to the developers, a cross-site scripting (XSS) vulnerability in the helper method for i18n translations could be exploited by an attacker to insert arbitrary code into a page. . Rails 3.0.0 and later, as well as 2.3.x in combination with the rails_xss plug-in, are affected. Upgrading to 3.0.11 or 3.1.2 corrects the issue; the updates also address several non-security-related bugs. The link for this article located at H Security is no longer available. . Rails has patched a critical XSS flaw impacting all versions starting from 3.0.0, enhancing defenses against potential code injection threats.. Ruby on Rails Security, XSS Exploit Fix, Web Framework Update. . LinuxSecurity.com Team
Nov 21, 2011
•
Vendors/Products
78
security advisoryupdatecriticalOracle Java Update: 17 Critical Flaws Resolved For Code Injection
Oracle has released a cross-platform update for Java that addresses 17 vulnerabilities in the ubiquitous software platform.. All 17 vulnerabilities might be abused to inject code into vulnerable systems, and all but one affect how Java Runtime Environment client software runs in browsers. Java 6 update 26 for Windows, Linux and Solaris is designed to plug these multiple holes and is available for download from Oracle here. The last major update on this scale was three months ago. The link for this article located at The Register UK is no longer available. . Oracle has rolled out a new Java update addressing 17 serious vulnerabilities that may enable code execution in susceptible environments.. Java Security Update, Oracle Vulnerabilities, Cross-Platform Java Fixes. . LinuxSecurity.com Team
Jun 08, 2011
•
Vendors/Products
78
security advisorycriticalcode injectionOpera: 11.11 Critical Update Addresses Memory Error And Security Risk
With the update to version 11.11, the Opera developers have closed a critical security hole that enables attackers to inject malicious code. The vulnerability is found in the code for processing framesets: certain frame constructions cause a memory error that eventually allows attackers to inject malicious code. . Other internal changes mainly affect the browser's overall stability, for example, the developers have fixed the cause of a potential installer crash as well as another bug which caused the browser to crash when trying to access www.falk.de. The complete list of changes can be found at the Opera web site. Opera 11.11 is available to download for Windows, Mac OS X and Linux. The link for this article located at H Security is no longer available. . The new Opera 11.11 release addresses a major security vulnerability and enhances browser performance with multiple internal optimizations.. Opera Browser Update, Memory Hole Fix, Code Injection Prevention. . LinuxSecurity.com Team
May 18, 2011
•
Vendors/Products
78
security advisorycriticalcode injectionOpenBSD and DragonFlyBSD Face Major Threat from IPSec Buffer Overflow
A hole in the IPComp protocol implementation of certain operating systems can be exploited to compromise a server. IPComp is used for compressing individual IP datagrams mainly in conjunction with IPSec and other VPN technologies. According to Tavis Ormandy, certain embedded datagrams can cause a recursion after they have been unpacked, which results in a kernel stack overflow.. This reportedly allows attackers to inject arbitrary code into a system and, in all probability, execute it there. An attack could trigger a system crash even in the simplest of scenarios. Ormandy says that no previous authentication is required, and that attacks can also be launched using a forged sender address. The link for this article located at H Security is no longer available. . An unchecked input buffer in IPComp can cause a severe overflow issue, allowing attackers to insert malicious scripts that may lead to unauthorized system access and command execution. IPComp Exploit, FreeBSD Security, NetBSD Patch, Kernel Overflow. . LinuxSecurity.com Team
Apr 06, 2011
•
Vendors/Products
83
security issueattackmalicious codeHome Depot Code Injection Attack: Malicious Code Exposure Detected
The website for do-it-yourself giant Home Depot has been . "Somebody managed to deface the site and inject that code, so that anyone visiting the site would have loaded the malicious code from this other site," explained Mike Menefee, founder of security website Infosec Island, which discovered the hack. The link for this article located at Fox News is no longer available. . Intrusive scripts were embedded within the Target website, putting users' data at risk.. Home Depot Security, Website Attack, Code Injection Threat. . LinuxSecurity.com Team
Jan 12, 2011
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More