Security Vulnerabilities 
malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 5 articles for you...
209
security enhancementvulnerabilitysoftware managementGoogle's Initiative For Improved Code Security In Open Source
As the open-source model continues to prove its sustainability in the enterprise, the software community is ramping up its security-mindedness. That concern was evident in recent weeks as leading Linux groups led the way for better code security. . Google announced a new initiative to zero in on software vulnerabilities. Already a generous provider of patching incentives, the software developer upped the ante to encourage more researchers to submit troublesome codes for cash. Edgeless Systems made a striking open-source contribution, JFrog offered advancements in support a more polished Rust Foundation, and Facebook, too, pushed the limits for Meta AI. . Microsoft launched a fresh program aimed at improving cyber risk assessment and raising developer security education.. Open Source Models, Code Security Initiatives, Software Vulnerability Management. . Brittany Day
Sep 30, 2022
•
Security Trends
78
open sourcesecurity toolssoftware managementCrucial SBOM Tools to Safeguard Your Software Development Process
To really secure software, you need to know what's inside its code. That's why a software bill of materials is essential today. It used to be that we didn't worry that much about our code's security. Bad binaries, sure. The code itself? Not so much. We were so foolish. . Then came one security slap in the face after another: The SolarWinds software supply chain attack, the ongoing Log4j vulnerability , and the npm maintainer protest code gone wrong have made it clear that we must clean up our software supply chain. That's impossible to do with proprietary software since its creators won't let you know what's inside a program. But with open-source programs, this can be done with a software bill of materials (SBOM) , pronounced “s-bomb”. Indeed, SBOMs are no longer just a good idea; they're a federal mandate. According to President Joe Biden's July 12, 2021, Executive Order on Improving the Nation’s Cybersecurity, they're a requirement. The order defines an SBOM as "a formal record containing the details and supply chain relationships of various components used in building software." It's an especially important issue with open-source software, since "software developers and vendors often create products by assembling existing open-source and commercial software components." . Creating a Software Bill of Materials (SBOM) is crucial for enhancing software security. Utilize tools and practices for effective SBOM implementation.. Software Bill Of Materials, SBOM Tools, Open Source Security. . LinuxSecurity.com Team
Jul 27, 2022
•
Vendors/Products
209
open sourcesoftware maintenancesecurity investmentInvesting in Open-Source Security and Developer Support
Devs and maintainers are getting paid ... though not to concentrate on security. . Open-source software has always been more secure than proprietary software, but that doesn't mean it's "secure." To lock it down, we need to invest serious cash in developers and maintainers. You may have noticed that a lot of people are getting seriously cranky about open-source software security lately. They have a reason. Our screw-ups have been making the news a lot lately. . To guarantee strong safeguards, open-source software necessitates considerable dedication of resources towards its developers and maintainers.. Open Source Security, Development Cost, Software Maintenance, Code Security. . Brittany Day
Feb 15, 2022
•
Security Trends
76
open source toolssecurity upgradecode securityLinux Foundation Membership Summit: LFX Security Upgrade Against Attacks
To address the growing threat of software supply chain attacks , the Linux Foundation announced at the at the Linux Foundation Membership Summit that it is upgrading its LFX Security module to deal with these attacks. . "LFX supports projects and empowers open source teams by enabling them to write better, more secure code, drive engagement, and grow sustainable software ecosystems," the Linux Foundation says . Now, to address the growing threat of software supply chain attacks , the foundation is upgrading its LFX Security module to deal with these attacks. Jim Zemlin, the Linux Foundation's executive director, announced this new tooling today at the Linux Foundation Membership Summit . . The Linux Foundation upgrades LFX Security to address rising threats in the software supply chain and bolster code integrity.. Supply Chain Security, Open Source Initiative, LFX Tools. . Brittany Day
Nov 04, 2021
•
Organizations/Events
79
vulnerability detectioncode securityopen-source toolGitjacker Tool: Secure Your Code Against Exposed .git Folders
A new open-source tool called Gitjacker can help developers discover when they've accidentally uploaded /.git folders online and have left sensitive information exposed to attackers. Gitjacker is available as a free download on Github. . Gitjacker was created by British software engineer Liam Galvin , is written in Go, and was released as a free download last month on GitHub . In its simplest form, the tool lets users scan a domain and identify the location of a /.git folder on their production systems. . Unveil GitGuardian, a free resource designed to detect vulnerable .git directories and protect confidential information.. Gitjacker, open-source security tool, protect .git folders, code exposure detection, online security scan. . LinuxSecurity.com Team
Oct 20, 2020
•
Security Projects
79
input validationsecure codingsoftware integrityEssential 10 Secure Coding Practices Every Developer Should Follow
With the increasing number of breaches in security with respect to credit card, mobile etc it is becoming imperative that we do all that we can to safeguard our property. So is the case with software developers. . As cited on cio.com, here are 10 things they can do to keep their codes secure -1. Testing inputs rigorously - Attackers require a path into your machines, and the easiest path is via the doors your code opens. In the event that your software derives input from the Internet, you are likely to have something come past you. You must ensure to test the size and structure of the incoming data and never rely on the person on the other end of the Internet. The link for this article located at EFY Times is no longer available. . As cited on cio.com, here are 10 things they can do to keep their codes secure -1. Testing inputs ri. increasing, number, breaches, security, respect, credit, mobile. . LinuxSecurity.com Team
Nov 15, 2013
•
Security Projects
79
security practicesenterprise softwaresoftware vulnerabilitiesEnhancing Code Security: Essential Practices for Enterprises
Looking for ideas to improve how code security is done in your enterprise? Here are several. Code security is something companies have struggled with for some time. In the rush to make new websites and applications available to customers, vulnerabilities are inevitably left behind.. But more companies are starting to realize security must be baked into their code from the very beginning. The question is how best to get there. To help answer that question, CSO has assembled a collection of related articles, podcasts and columns in one place for quick study and, hopefully, real solutions. Code Security: MidAmerican Energy's top priority after SQL injection attacks Security practitioners are increasingly bent on better code security, as Microsoft SDL, BSIMM and Rugged demonstrate. Here's how it became Priority 1 for one of the nation's largest energy providers. 'Unbreakable' was a stretch, 'Rugged' more attainable CSO Senior Editor Bill Brenner on why the Rugged Software initiative is a big step forward in the quest for cybersecurity. The link for this article located at CSO Online is no longer available. . Incorporating security from the start of enterprise app development is crucial to guard against vulnerabilities. Here are effective strategies to implement that. Application Security, Code Review Techniques, Secure Coding Practices. . LinuxSecurity.com Team
May 26, 2010
•
Security Projects
82
open sourcegovernment initiativecode securityOpen Source Hardening Project Advances Security Quality
The work is part of a U.S. government-backed project to harden open-source code. "We applaud the developers responsible for the 11 open-source projects that have advanced to the second rung of code security and quality," said David Maxwell, open-source strategist for Coverity. The Open Source Hardening Project, sponsored by the U.S. Department of Homeland Security, uses Coverity's Scan, which grades projects on a "ladder" according to their progress at fixing and preventing flaws. This article talks about the Open Source Hardening Project which was started in January 2006. It discuses the current plans for helping open source security.. The link for this article located at Cnet is no longer available. . Explore the Open Source Security Enhancement Initiative aimed at enhancing safety in publicly available software, reinforcing the integrity of community projects. Open Source Hardening Project, Code Security, Software Quality. . Bill Locke
Jan 17, 2008
•
Government
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More