Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
78
Linux compatibilityvirtual machinesRust programmingMicrosoft's OpenHCL Paravisor Enhances Confidential VM Security on Linux
Microsoft recently unveiled OpenHCL , an open-source paravisor that augments virtualization stacks to facilitate confidential computing VMs on Intel TDX and AMD SEV-SNP platforms. Written in Rust , well-known for its strong memory safety guarantees, OpenCL represents a milestone achievement for the open-source security community. . In this article, we investigate this announcement and its significance for Linux users and open-source advocates, examine OpenHCL's architecture and capabilities, and discuss two main approaches for running confidential VMs. Understanding the Significance of OpenHCL for Linux Users & the Open-Source Security Community The introduction of OpenHCL stands out for several reasons. Traditional virtual machine environments rely on hypervisors that pose potential security threats, making OpenHCL an attractive solution. Confidential computing seeks to mitigate these risks by isolating virtual machine operations from the hypervisor. OpenHCL was explicitly created as a paravisor within the confidential trust boundary for enhanced security. OpenHCL can also help customers secure general-purpose operating systems without regularly upgrading them. It allows businesses to leverage advanced computing technologies without incurring the costs and burdens of continually maintaining an OS. Furthermore, OpenHCL supports various operating systems, including older versions of Linux and Windows. Backward compatibility ensures existing workloads can utilize computing advancements without significant modifications, and OpenHCL's open-source nature encourages community collaboration and transparency. Developers from around the globe can contribute to OpenHCL, helping ensure it evolves to meet the needs of various use cases while upholding high standards of security and performance. Furthermore, OpenHCL supports x86-64 and ARM64 platforms, making it highly flexible and capable of meeting multiple hardware configuration needs. Examining OpenHCL Architecture & Capabilities OpenHCL Virtualization Stack (source: Microsoft) The architecture of OpenHCL consists of various critical components designed to increase its functionality and versatility. OpenVMM (Virtual Machine Monitor) is, at its heart , written in Rust. OpenVMM provides essential services to guest VMs running within it while supporting confidential and non-confidential VMs. Its multiple user-mode processes provide essential guest services as it works with a minimal Linux kernel that reduces binary size and RAM usage for enhanced system efficiency. Another vital component is the boot loader, which works alongside VMM to support it. VMM configuration reduces binary size, while runtime RAM usage increases the system's overall efficiency. OpenHCL provides device emulation and translation through standard interfaces, offering emulated devices like virtual Trusted Platform Modules (vTPM) and serial ports. Furthermore, OpenHCL enables device translation so hardware devices can be directly assigned to virtual machines without requiring changes to guest OSes; this feature allows VMs to take advantage of cutting-edge devices' improved performance . Diagnosing issues within sensitive virtual machines (VMs) can be challenging, but OpenHCL's comprehensive diagnostics support simplifies this task and expedites troubleshooting in secure environments through dedicated methods. OpenHCL's specialized capabilities for different confidential platforms further expand its utility. On Intel TDX platforms, OpenHCL operates as the L1 Virtual Machine Monitor of an Intel TDX confidential VM. In contrast, on AMD SEV-SNP platforms, it operates at the VMPL0 level of an SEV-SNP confidential VM. Both configurations ensure the paravisor can enforce required privilege levels to create secure execution environments on both platforms. Approaches for Running Confidential VMs There are two general approaches for operating confidential virtual machines (VMs): Fully Enlightened Guests: To adopt this method, oneneeds to modify their guest OS so it understands and manages all aspects of running as a confidential VM. These fully enlightened guests can directly communicate with confidential computing hardware to handle tasks such as memory encryption and device security. However, this approach may prove tedious due to the need for significant OS modifications and regular updates to keep pace with hardware advances. Relying on a Paravisor: In this approach, a paravisor such as OpenHCL implements all necessary confidential computing mechanisms for the guest OS. This enables guests to operate without knowing they are in a confidential environment. Existing operating systems (even legacy versions) can use confidential computing without extensive OS changes, providing more flexible and user-friendly ways of deploying confidential VMs within enterprises with diverse legacy systems. OpenHCL Use Cases in Azure Microsoft has taken an innovative and successful approach to confidential computing using OpenHCL-enabled virtual machines in Azure . Over 1.5 million virtual machines were running within a month using this approach. Azure supported numerous guest operating systems (such as older Windows and Linux kernel versions), providing customers an effortless path toward privacy-minded computing. Comparison With COCONUT-SVSM A second technology in the confidential computing space, COCONUT-SVSM aims to deliver services for virtual machines (VMs) with fully informed guests. While COCONUT-SVSM introduces new interfaces, OpenHCL takes an alternative approach by using existing standard architectural interfaces, making integration more straightforward without needing guest OS changes for device emulation or other services. Our Final Thoughts on Microsoft's Announcement of OpenHCL OpenHCL represents an exciting step forward for confidential computing. By creating an open-source, Rust-written paravisor, Microsoft has opened the doors to enhanced security, flexibility, and backward compatibility for Linux usersand the larger open-source community. OpenHCL's robust architecture and support for Intel TDX and AMD SEV-SNP platforms demonstrate its broad scope for adoption. As enterprises become more concerned with security and leverage confidential computing for their workloads, OpenHCL emerges as an attractive option. Its ability to offer advanced services for confidential and non-confidential VMs opens up secure cloud environments. Whether running legacy systems or planning new deployments, OpenHCL provides a flexible yet powerful toolset that will shape the future of virtualization. . Explore OpenHCL's significance for Linux and open-source, enhancing security for confidential VMs with advanced features.. OpenHCL, Confidential Computing, Virtual Machines, Linux Compatibility, Rust Programming. . Brittany Day
Oct 21, 2024 •
Vendors/Products 79
security advisoryrandom number generatorconfidential computingLinux 6.9 CoCo VMs Panic on Broken RdRand RNG: Security Impact
A significant change has been merged into the x86 fixes for Linux 6.9, requiring the seeding of RNG (Random Number Generation) with RdRand for CoCo (Confidential Computing) environments. The change focuses on CoCo virtual machines , designed to be as isolated as possible, assuming the VM host is untrusted. RdRand is critical as a hardware random number generator instruction for entropy to guest VMs. Security expert and WireGuard developer Jason Donenfeld authored this change. . What Changes Have Been Made? What Are the Implications for Confidential Computing? CoCo VMs will now panic if RdRand is broken, ensuring that the VMs do not continue to boot with limited or no entropy, which previously led to incomplete random number generation. Consequently, the change asserts that without proper seeding through RdRand, most cryptography within the CoCo VM will be compromised, which challenges the entire concept of confidential computing. RdRand is crucial in confidential computing and has the potential to impact Linux environments significantly. This move to require the seeding of RNG with RdRand for CoCo environments signifies a significant shift in the approach to handling security and entropy in virtual machines. One intriguing aspect of this change is the potential consequences of not seeding the RNG with RdRand, particularly in CoCo environments. It raises questions about how this change may affect the overall security posture of the Linux 6.9 release and whether it introduces any new vulnerabilities. Furthermore, the challenges posed by the existing threat model for CoCo must be acknowledged, where the VM host is considered untrusted and potentially adversarial. This prompts further consideration of how this requirement shapes the security assumptions and threat mitigation strategies for such environments. From a long-term perspective, this change may shift how Linux administrators and security professionals approach the design and deployment of CoCo environments. It prompts admins toconsider how this requirement aligns with their current security practices and whether it necessitates any adjustments in their security protocols. The implications of this change on the broader Linux and open-source security landscape also merit attention. As Linux 6.9 progresses, monitoring any feedback, challenges, or unforeseen impacts resulting from this requirement would be valuable. This requires a collective effort from the community to assess the practical implications of the change and provide feedback for refining its implementation. This change reminds security practitioners of the dynamic nature of security technologies and the continuous evolution of best practices. It urges them to stay informed about foundational changes and adapt their security strategies to align with emerging ecosystem requirements. Our Final Thoughts on These Changes in Linux 6.9 This pivotal change reverberates across the Linux and open-source security domains. By critically examining the implications of this requirement, security practitioners are equipped to navigate the evolving landscape of confidential computing and the associated security considerations in virtualized environments. . If RdRand fails, CoCo VMs might crash, jeopardizing entropy and cryptographic functions within Linux 6.9 secure contexts.. Confidential Computing, Random Number Generation, CoCo VMs, Linux Security. . Dave Wreski
Apr 08, 2024 • Security Projects 
79
data protectionsecurity enhancementbiometric securityLinux Foundation Growth: New Members Enhance Facial Recognition Security
A new data-security group founded by the Linux Foundation — and a new school of thought on data protection — has won new adherents, including AMD, Nvidia and Accenture. The expansion could provide facial recognition a new layer of security - potentially mollifying those who oppose the biometric technology. . Monday, the Confidential Computing Consortium said its newest members are Anjuna, Anqlave, Cosmian, iExec, IoTeX, R3 and the three information technology giants mentioned above. The consortium is a Linux Foundation project pushing an equally recent proposal designed to protect data in use. . The Confidential Computing Consortium welcomes new contributors such as Intel and ARM to enhance privacy for AI-driven voice recognition.. Facial Recognition, Data Protection, Biometric Security, Linux Foundation, Confidential Computing. . LinuxSecurity.com Team
Jul 01, 2020 • Security Projects 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More