Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
72
security advisoryweb applicationSQL injectionDrupal 7.x Advisory Critical: SQL Injection and Firewall Bypass Risks
Late last year, CSO Online reported on a vulnerability in Drupal that could have left thousands of websites compromised. Last week, researchers examined the attack in more detail, measuring the time it would take to compromise a website completely.. On October 15, 2014, Drupal urged users to apply an update that fixed an SQL Injection vulnerability. Unfortunately, unless the patch was applied within a seven hour window, Drupal warned administrators that they should just assume installations in the Drupal 7.x branch before version 7.32 were already compromised. The link for this article located at CSO Online is no longer available. . On November 25, 2015, WordPress recommended that users implement a patch addressing a Cross-Site Scripting vulnerability.. Drupal Security, SQL Injection Threats, Web Application Security. . Alex
Mar 24, 2015 •
Firewalls 67
network securityremote accessssh tunnelingUnderstanding SSH Tunneling As A Low-Cost VPN Solution for Remote Access
"If we see light at the end of the tunnel, it is the light of the oncoming train" ~ Robert Lowell. Oh yes, another good quote. This post is on SSH tunneling, or as I like to call it 'Poor Man's VPN'. Contrary to the sysadmin's popular belief, SSH tunneling actually can be very valuable use for both techies and home users. . I say contrary to popular belief because 'reverse tunneling' and tunneling http traffic through SSH can bypass firewalls and content filters. But this article isn't about how to violate your corporate internet use policy, it's about how to create SSH tunnels to make your life just a little bit easier. The link for this article located at Linux Journal is no longer available. . Discover the potential of SSH tunneling to offer straightforward remote connection options while fortifying your network's safety.. SSH Tunneling, VPN Alternative, Remote Access Solutions, Network Security Tips. . LinuxSecurity.com Team
Apr 02, 2012 • Cryptography 
79
attack techniquesfirewall bypassnetwork exploitsInvestigating DNS Tunneling and Bypassing Firewalls with Ron Bowes
Hacker Ron Bowes has released various payloads that connect a shell's standard input and output with a suitable online counterpart through DNS. This allows attackers to bypass many firewalls and even attack systems that have no internet connection themselves.. For a DNS tunnel, the host computer only needs to be able to resolve external host names such as https://www.heise.de/en It can then handle its network traffic via sent DNS queries and responses. This concept was already demonstrated by Julien Oster and Florian Heinz via the Name Server Transfer protocol (NSTX), which tunnels entire IP connections via DNS. DNS tunneling requires a suitable server software to run on the DNS server responsible for a domain such as mytunnel.com. The host then simply sends DNS lookup queries such as - d2Vpc2VuaGVpbWVy.mytunnel.com The link for this article located at H Security is no longer available. . DNS tunneling exploits the DNS protocol to create secure channels for data transfer, circumventing firewalls by embedding payloads in DNS queries and responses. DNS Tunneling, Network Exploits, Firewall Bypass, Ron Bowes, Payload Execution. . LinuxSecurity.com Team
Aug 26, 2010 • Security Projects 72
network securitysecure connectivityfirewall bypassRevamping Secure Connectivity in Corporate Networks Using SSH Tunnels
The goal of this article is to present a few effective methods to revamp the way you work in a restricted corporation-like network. In order to achieve it we. For simplicity reasons, throughout this text we The link for this article located at Polish Linux is no longer available. . Investigate techniques for optimizing tasks within limited networks through the establishment of SSH tunnels while maintaining robust security protocols. Uncover strategies.. SSH Tunnels, Firewall Proxies, Secure Corporate Connectivity. . Brittany Day
Aug 24, 2006 • Firewalls 74
remote managementnetwork accesslinux securityOvercoming Firewalls: SSH Access Techniques for Remote Management
Have you ever been in the situation that you wanted to SSH directly to a machine, but there has been some device in between that prevents it? Say you have a Linux firewall that protects your DMZ, and you have a boatload of machines behind it that you want to manage. There are all sorts of methods that are used to do so, and all have some level of annoyance. . . .. Have you ever been in the situation that you wanted to SSH directly to a machine, but there has been some device in between that prevents it? Say you have a Linux firewall that protects your DMZ, and you have a boatload of machines behind it that you want to manage. There are all sorts of methods that are used to do so, and all have some level of annoyance. The first and most simple solution is to SSH to the machine in the way, say the firewall. The firewall administrator can just set up one or more non-privileged accounts for users who need access to the machines behind it. This is a pain, of course - if you want to upload a file, you need to upload it to the firewall via sftp/scp, and then upload it to the target server. What a pain. And security-wise, you now have all these random firewall accounts running amok, probably not your favourite situation. . Effortlessly bypass network restrictions by employing VPN techniques to connect to servers, ensuring data confidentiality and integrity.. SSH Access Methods, Firewall Management, Remote Machine Control. . Anthony Pell
Sep 02, 2004 • Network Security 83
network securityintrusion detectionpacket manipulationDiscover Fragroute: Bypass Firewalls And Intrusion Detection Systems
A new tool for manipulating packets of data that travel over the Internet could allow attackers to camouflage malicious programs just enough to bypass many intrusion-detection systems and firewalls. The tool, called Fragroute, performs several techniques to fool the signature-based recognition systems used by many intrusion-detection systems and firewalls. Many of these duping techniques were outlined in a research paper published four years ago. . . .. A new tool for manipulating packets of data that travel over the Internet could allow attackers to camouflage malicious programs just enough to bypass many intrusion-detection systems and firewalls. The tool, called Fragroute, performs several techniques to fool the signature-based recognition systems used by many intrusion-detection systems and firewalls. Many of these duping techniques were outlined in a research paper published four years ago. Arbor Networks security researcher Dug Song posted the tool to his Web site this week. Arbor is a network protection company. "(Some) firewalls and intrusion prevention or other application-layer content-filtering devices have similar vulnerabilities that may be tested with Fragroute," Song wrote in a posting to security mailing list Bugtraq on Thursday. The link for this article located at cnet is no longer available. . A new tool for manipulating packets of data that travel over the Internet could allow attackers to c. manipulating, packets, travel, internet, allow, attackers. . LinuxSecurity.com Team
Apr 19, 2002 • Hacks/Cracks 74
internet protocolsfirewall bypasshost detectionTechniques to Detect Filtered Hosts and Bypass Firewalls
This paper will attempt to describe techniques used to discover heavily filtered and firewalled hosts, that will not answer to standard PING responses. It is assumed that the reader has a firm knowledge of the major internet protocols (TCP,IP,UDP,ICMP). . . . . This paper will attempt to describe techniques used to discover heavily filtered and firewalled hosts, that will not answer to standard PING responses. It is assumed that the reader has a firm knowledge of the major internet protocols (TCP,IP,UDP,ICMP). Most other protocols will not be discussed but techniques described here can be applied to many protocols. The link for this article located at Net-Security.org is no longer available. . Delve into cutting-edge methods for unearthing devices shielded by firewalls, amplifying your cybersecurity expertise.. Host Detection, Firewall Bypass, TCP Protocols, Network Security. . Anthony Pell
Jan 18, 2001 • Network Security 72
security risksfirewall bypassprotocol issuesMicrosoft SOAP Protocol Issues: Firewall Bypasses and Security Risks
Microsoft is championing a protocol for cross-platform communication that can bypass firewall defences and could leave . . . . Microsoft is championing a protocol for cross-platform communication that can bypass firewall defences and could leave companies open to what experts describe as a fresh class of security vulnerabilities. The Simple Object Access Protocol, or Soap, specifies how to encode an HTTP header and an XML (eXtensible Markup Language) file so that a program in one computer can call a program in another computer and pass it information. It also defines how the called program can return a response. The link for this article located at vnunet.com - John Leyden is no longer available. . Microsoft's new protocol could bypass traditional firewalls, improving internal communication but posing serious security risks to organizations, necessitating updated defenses. Cross-Platform Communication, Microsoft Protocol, Firewall Vulnerabilities, SOAP Security, Security Risks. . Anthony Pell
Jun 21, 2000 • Firewalls 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More