Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
210
security advisorysecurity updatehigh severityCritical Vulnerabilities in Chrome 122.0.6261.128: DoS and Data Exposures
Multiple severe security issues were discovered in Chromium before version 122.0.6261.128, which could result in arbitrary code execution, denial of service, or information disclosure. Let's examine these vulnerabilities, their impact, and how to protect against them. . What Security Bugs Have Been Discovered in Chromium? Security vulnerabilities recently identified in Chromium include: CVE-2024-2173 : Out-of-bounds memory access in V8 allows a remote attacker to access out-of-bounds memory via a crafted HTML page. CVE-2024-2174 : Inappropriate implementation in V8 allows a remote attacker to exploit heap corruption via a crafted HTML page. CVE-2024-2176 : Use after free in FedCM allows a remote attacker to exploit heap corruption via a crafted HTML page. CVE-2024-2400 : Use after free in Performance Manager allows a remote attacker to exploit heap corruption via a crafted HTML page. CVE-2024-1669 : Out-of-bounds memory access in Blink. CVE-2024-1670 : Use after free in Mojo. CVE-2024-1671 : Inappropriate implementation in Site Isolation. CVE-2024-1672 : Inappropriate implementation in Content Security Policy. CVE-2024-1673 : Use after free in Accessibility. Inappropriate implementation in Navigation. CVE-2024-1675 : Insufficient policy enforcement in Download. CVE-2024-1676 : Inappropriate implementation in Navigation. These flaws have all received a Chromium security severity rating of "High," as they could allow attackers to corrupt your data, disrupt services, or run rogue programs on your computer. How Can I Secure My Systems Against These Vulnerabilities? An essential update for Chromium, version 122.0.6261.128, has been released to fix these harmful vulnerabilities. Given these bugs’ severe threat to affected systems, if left unpatched, we strongly recommend all impacted users apply the updates released to protect against data compromise and service disruption. Tostay informed of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter , and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on X for real-time updates on advisories for your distro(s) . . Critical vulnerabilities found in Chromium may result in code execution, denial of service, or data leakage. Ensure your systems are updated immediately!. Chromium Vulnerabilities, Security Issues, Code Execution Risks. . Brittany Day
Mar 24, 2024
•
Security Vulnerabilities
210
security advisorydebiancritical severityDebian: DSA-5462-1 Critical: Zenbleed Microcode Info Disclosure
It was discovered that under specific microarchitectural circumstances, a register in "Zen 2" CPUs might not be written to 0 correctly, potentially causing data from another process and/or thread to be stored in the YMM register ( CVE-2023-20593 , also known as Zenbleed). . This vulnerability could result in the exposure of sensitive data. Updated microcode packages that mitigate this flaw are now available for Amd Epyc gen 2 CPUs. Other Zen 2-based CPUs will get their microcode update later when AMD has fixed and validated the microcodes. Given that this bug poses a severe threat to the confidentiality of sensitive information, it is crucial that all impacted users apply the updates issued by Debian , D ebian LTS , Fedora , Mageia , Oracle , Slackware , SUSE and Ubuntu now to prevent potential compromise of their critical data. To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s) . . This risk may reveal confidential information. Firmware updates are being deployed promptly to address the concern.. Microcode Update, AMD Security, Zen 2 Threat, Data Exposure, Information Disclosure. . Brittany Day
Aug 03, 2023
•
Security Vulnerabilities
210
security advisoryhigh severitysecurity issueLinux Kernel Update: Fixing DoS Threats And Info Disclosure Issues
Several important security issues have been found in the Linux kernel, including a slab-out-of-bound read problem (CVE-2023-1380), a heap out-of-bounds read/write vulnerability in the traffic control (QoS) subsystem (CVE-2023-2248), and an out-of-bounds write issue in the kernel before 6.2.13 (CVE-2023-31436). The vulnerabilities have received a National Vulnerability Database (NVD) rating of “high-severity” due to their high confidentiality, integrity and availability impact. . These issues could result in denial of service (DoS) attacks, the exposure of sensitive information, unauthorized execution of management commands, and privilege escalation attacks. We strongly recommend that all impacted users apply the kernel updates issued by their distro(s) immediately to protect against attacks leading to loss of system access and the compromise of critical systems and confidential data. To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user , then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s) . . Urgent vulnerabilities detected in the Linux kernel necessitate swift patches to mitigate DoS threats and safeguard sensitive data.. Linux Kernel Security, DoS Risk Management, Info Disclosure Prevention. . Brittany Day
May 26, 2023
•
Security Vulnerabilities
210
security advisoryhigh severityarbitrary code executionWebKitGTK Security Advisory: High Risk of Arbitrary Code Execution
Several high-severity vulnerabilities have been found in the WebKitGTK web engine, including a use after free issue that may have been actively exploited (CVE-2023-28205). . These bugs could result in the exposure of sensitive information and the execution of arbitrary code. The following vulnerabilities have been discovered in WebKitGTK: CVE-2022-0108: Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information. CVE-2022-32885: P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-27932: An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy. CVE-2023-27954: An anonymous researcher discovered that a website may be able to track sensitive user information. CVE-2023-28205: Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. With a low attack complexity, no privileges required to exploit, and a high confidentiality, integrity and availability impact, we strongly recommend that all impacted users apply the WebKitGTK updates issued but their distro(s) now to protect against attacks leading to downtime and the compromise of confidential information. To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user , then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s) . . Address critical WebKitGTKvulnerabilities that pose risks of data leakage and unauthorized code execution. Perform the update immediately.. WebKitGTK vulnerabilities, high severity, info disclosure, arbitrary code execution. . Brittany Day
May 11, 2023
•
Security Vulnerabilities
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More