Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 15 articles for you...
82
incident responsecyber attackransomwareChilean Government Agency Ransomware Attack: Virtual Machines Compromised
Chile's national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country. . The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency. The hackers stopped all running virtual machines and encrypted their files, appending the ".crypt" filename extension. . A cybercriminal incident affected a governmental organization's virtual systems in Chile, commencing on August 25.. Chilean Government, Server Security, Cybersecurity Incident, Virtual Machine Attack. . Brittany Day
Sep 30, 2022 •
Government 82
data protectioncybersecurity reportgovernment agencySenate Report Exposes Government Agencies' Cybersecurity Shortcomings
Federal agencies tasked with protecting the personal and financial data of millions of Americans have failed to update their systems or implement basic cybersecurity defenses, according to a recent Senate report. . The June report, titled “Federal Cybersecurity: America’s Data at Risk,” is the product of a subcommittee’s 10-month review of a decades’ worth of inspectors general reports of core government agencies. Eight agencies, including the Department of Homeland Security, the Department of State, the Department of Education and the Social Security Administration, were found to have several vulnerabilities in their cybersecurity systems and practices. “The federal government remains unprepared to confront the dynamic cyber threats of today,” the report reads. “The longstanding cyber vulnerabilities consistently highlighted by Inspectors General illustrate the federal government’s failure to meet basic cybersecurity standards to protect sensitive data.” The link for this article located at Security Today is no longer available. . The recent analysis outlines significant deficiencies within national bodies in bolstering defenses against evolving cyber risks.. Federal Cybersecurity, Cybersecurity Report, Data Protection, Security Failures. . Brittany Day
Jul 09, 2019 • Government 
83
data breachnational securitysecurity riskOPM Data Breach Analysis: Security Risks And Executive Resignations
In April of 2015, IT staffers within the United States Office of Personnel Management (OPM), the agency that manages the government's civilian workforce, discovered that some of its personnel files had been hacked. Among the sensitive data that was exfiltrated were millions of SF-86 forms, which contain extremely personal information gathered in background checks for people seeking government security clearances, along with records of millions of people's fingerprints.. The OPM breach led to a Congressional investigation and the resignation of top OPM executives, and its full implications—for national security, and for the privacy of those whose records were stolen—are still not entirely clear. As the official Congressional report on the incident says, "The exact details of how and when the attackers gained entry ... are not exactly clear." Nevertheless, researchers have been able to construct a rough timeline of when the breaches began and what the attackers did. The link for this article located at CSO Online is no longer available. . The Equifax data leak prompted a Senate investigation, leading to executives stepping down amid concerns over consumer protection and data security threats.. OPM Data Breach, Cybersecurity Practices, Security Executive Resignation, Personnel File Breach. . LinuxSecurity.com Team
Nov 06, 2018 • Hacks/Cracks 82
data breachnotificationsecurity issuesUS OPM Notification Delay: Affected Individuals Still Awaiting News
Nearly three months after the US Office of Personnel Management (OPM) discovered its databases had been compromised by Chinese hackers, the government still hasn't notified the employees and contractors affected by the breach. On Tuesday, the OPM said it planned to start the process of informing victims "later this month," and that reaching everyone is expected to take several weeks.. The Department of Defense will send notifications directly to affected people by postal mail, the agency said. The link for this article located at The Register UK is no longer available. . Those impacted find themselves uninformed four months post the significant cyber incident, sparking worries about transparency.. US Government Breach, OPM Data Compromise, Employee Security Update. . Anthony Pell
Sep 02, 2015 • Government 82
security advisorycyber threatcertificate authorityGoogle Identifies Unapproved Digital Certificates by Indian NIC
Google has identified and blocked unauthorized digital certificates for a number of its domains issued by the National Informatics Centre (NIC) of India, a unit of India. National Informatics Center (NIC) holds several intermediate Certification Authority (CA) certs trusted by the Indian government The link for this article located at The Hacker News is no longer available. . National Informatics Center (NIC) holds several intermediate Certification Authority (CA) certs trus. google, identified, blocked, unauthorized, digital, certificates, number, domains. . Alex
Jul 10, 2014 • Government 82
risk managementcyber defensegovernment agencyDHS Cybersecurity Concerns Amid Staffing Changes and Rising Threats
A new wave of cyberattacks is hitting American companies at a particularly vulnerable time for the Department of Homeland Security, the federal agency charged with fending them off. . That is because the department has been grappling with the departures of its top cybersecurity officials. In the last four months, Jane Holl Lute, the agency The link for this article located at NY Times is no longer available. . That is because the department has been grappling with the departures of its top cybersecurity offic. cyberattacks, hitting, american, companies, particularly, vulnerable. . Pooja Shah
May 15, 2013 • Government 83
security breachdatabasecyberattackFederal Reserve Cyber Breach: Hacker Group Investigated
The Federal Reserve says an internal website was briefly breached by hackers on Sunday, making it the latest government agency to fall victim to a cyberattack. . It involved a database that belongs to the St. Louis Fed Emergency Communications System. The link for this article located at CBS is no longer available. . A breach in the Federal Reserve's internal site links to a hacker group, prompting a serious investigation into implications.. Federal Reserve Breach, Hacker Investigations, Database Security. . LinuxSecurity.com Team
Feb 07, 2013 • Hacks/Cracks 83
hackingcyber attackDDoS attackLulzSec: DDoS Attack Disables U.K. Serious Organised Crime Agency
A day after a pair of hacker groups promised to step up their attacks against government Web sites, one of them claimed to have knocked the U.K.'s Serious Organised Crime Agency (SOCA) offline.. LulzSec today announced today that it had brought down SOCA. "Tango down -- soca.gov.uk -- in the name of #AntiSec," the group said on its Twitter account Monday around noon ET. LulzSec has claimed responsibility for a large number of recent database breaches and distributed denial-of-service (DDoS) attacks, including against Sony and other gaming companies, the Central Intelligence Agency (CIA) and the U.S. Senate . The link for this article located at Network World is no longer available. . LulzSec claims responsibility for halting operations at the U.K.'s Serious Organized Crime Agency in a bold act of defiance against the government.. DDoS Attack, Cybersecurity Threats, Hacking Incidents. . LinuxSecurity.com Team
Jun 21, 2011 • Hacks/Cracks 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More