Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
83
security advisorysoftware deploymentdata leakPyTorch Nightly Builds Compromised: Urgent Action Required
Users who deployed the nightly builds of PyTorch between Christmas and New Year's Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems. The incident was the result of an attack called dependency confusion that continues to impact package managers and development environments if hardening steps are not taken. . "If you installed PyTorch nightly on Linux via pip between December 25, 2022, and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than December 30, 2022)," the PyTorch maintainers said in a security advisory . PyTorch is a framework for developing machine learning applications in the fields of computer vision and natural language processing that is a continuation of the older and no longer maintained Torch library. PyTorch was originally developed by Meta AI, the artificial intelligence laboratory of Meta, Inc., but is now an open-source project maintained by the PyTorch Foundation under the Linux Foundation's umbrella. . Individuals using PyTorch's nightly builds from late December 2022 could have inadvertently downloaded a malicious module that jeopardized private information.. PyTorch, Supply Chain Attack, Dependency Confusion, Package Security, Data Protection. . LinuxSecurity.com Team
Jan 05, 2023
•
Hacks/Cracks
209
open source softwaresecurity insightsopen sourceUnderstanding Supply Chain Risks and Protective Strategies
Experts including Dr. David Wheeler, Director of Open Source Software Supply Chain Security at the Linux Foundation , discuss the growing trend in software supply chain attacks which use “ dependency or namespace confusion ” techniques, and how to secure software supply chains against these attacks. . Following a growing trend in software supply chain attacks which use “ dependency or namespace confusion ” techniques, I sat down for a discussion on software supply chain security with a few experts on the topic. Dr. David Wheeler, Director of Open Source Software Supply Chain Security at the Linux Foundation Dr. Trey Herr, Director of Cyber Statecraft Initiative at the Atlantic Council Brian Fox, CTO and Co-founder of Sonatype As the attack vector continues to gain further steam in the early months of 2021, we chatted about what’s happening, why this vector has taken off and how organizations can protect ourselves. The link for this article located at Security Boulevard is no longer available. . Fortify your development pipelines against emerging threats by leveraging professional advice and implementable tactics.. Supply Chain Security, Dependency Confusion, Software Protection. . Brittany Day
Mar 09, 2021
•
Security Trends
210
credential theftmalicious packagedependency confusionDependency Confusion Attack Targets Amazon and Slack Apps
Malicious actors are exploiting a new 'Dependency Confusion' vulnerability to target Amazon, Zillow, Lyft, and Slack NodeJS apps and steal Linux/Unix password files and open reverse shells back to the attackers. . Last month, BleepingComputer reported that security researcher Alex Birsan earned bug bounties from 35 companies by utilizing a new flaw in open-source development tools. This flaw works by attackers creating packages utilizing the same names as a company's internal repositories or components. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company's internal packages when building the application. . Cybercriminals take advantage of a recently discovered dependency confusion flaw to infiltrate large corporations and extract sensitive login information.. Dependency Confusion, NPM Security, Attack Vector, Credential Theft. . Brittany Day
Mar 02, 2021
•
Security Vulnerabilities
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More