Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
82
network securitycryptographic weaknesskey exchangeWarning: NSA Can Eavesdrop On Trillions Of Encrypted Connections
For years, privacy advocates have pushed developers of websites, virtual private network apps, and other cryptographic software to adopt the Diffie-Hellman cryptographic key exchange as a defense against surveillance from the US National Security Agency and other state-sponsored spies. Now, researchers are renewing their warning that a serious flaw in the way the key exchange is implemented is allowing the NSA to break and eavesdrop on trillions of encrypted connections. . The cost for adversaries is by no means modest. For commonly used 1024-bit keys, it would take about a year and cost a "few hundred million dollars" to crack just one of the extremely large prime numbers that form the starting point of a Diffie-Hellman negotiation. But it turns out that only a few primes are commonly used, putting the price well within the NSA's $11 billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities." . Experts in privacy are raising alarms over a vulnerability in the Diffie-Hellman key exchange protocol, which could enable the NSA to intercept and read encrypted communications.. Diffie-Hellman, Encryption Flaw, NSA Eavesdropping, Network Security. . Dave Wreski
Mar 14, 2017 •
Government 67
security advisorydata securityencryptionRSA Advisory on NSA's Dual_EC_DRBG Random Generator - Security Risk
Security biz RSA has reportedly warned its customers to stop using the default random-number generator in its encryption products - amid fears spooks can easily crack data secured by the algorithm.. All encryption systems worth their salt require a source of virtually unpredictable random values to create strong cryptographic keys and similar things; one such source is the NSA-co-designed pseudo-random-number generator Dual_EC_DRBG, or the Dual Elliptic Curve Deterministic Random Bit Generator, which is well known for being cryptographically weak: six years ago it was claimed that someone had crippled the design, effectively creating a backdoor [PDF] so that encryption systems that relied on it could be easily cracked. The link for this article located at The Register UK is no longer available. . RSA cautions users about relying on the NSA's compromised random-number generator, essential for maintaining strong encryption measures.. RSA Encryption, Dual_EC_DRBG, Cryptographic Security, Random Number Generation, Secure Algorithms. . LinuxSecurity.com Team
Sep 27, 2013 • Cryptography 
83
security advisorycryptographic weaknessauthentication flawNikon: Security Flaw in Image Authentication Allows Forged Images
Russian encryption specialist ElcomSoft has discovered flaws in Nikon's systems for ensuring that images have not been tampered with.. The flaw in Nikon's Image Authentication System creates a means to produce forged pictures that would successfully pass validation checks. The security weakness uncovered by ElcomSoft revolves around cryptographic shortcomings in how the secure image signing key is handled by Nikon digital cameras. The shortcoming created a means for researchers to extract the original signing key from a Nikon camera. This, in turn, facilitated the creating of manipulated images with a fully valid authentication signature, as explained in greater detail here. The link for this article located at The Register UK is no longer available. . Canon's Photo Verification vulnerability enables counterfeit photos to be validated, threatening digital authenticity.. Nikon Image Security, Authentication Flaws, Tampering Risks, Cryptographic Weaknesses. . LinuxSecurity.com Team
May 05, 2011 • Hacks/Cracks 67
cryptographic weaknesshash algorithmdistributed computingMD5CRK Initiative: Addressing the Collision Problems in MD5 Hashing
The MD5CRK project seeks to prove empirally that MD5 is a hash algorithm that exhibits the not-so-cryptographically-sound property of collisions. This has already been proven theoretically, but nobody really paid attention, so this distributed computing project was created. . . . . The MD5CRK project seeks to prove empirally that MD5 is a hash algorithm that exhibits the not-so-cryptographically-sound property of collisions. This has already been proven theoretically, but nobody really paid attention, so this distributed computing project was created. While many people think hash algorithms are just used to create entries in /etc/shadow, MD5 is used in many applications of cryptography -- from SSL to IDS software to digital dignatures. This is despite published weaknesses and better (and freely available) drop-in replacements. . The MD5CRK project seeks to prove empirally that MD5 is a hash algorithm that exhibits the not-so-cr. md5crk, project, seeks, prove, empirally, algorithm, exhibits, not-so-cr. . LinuxSecurity.com Team
Mar 05, 2004 • Cryptography 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More