Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -3 articles for you...
79
security advisorysignature verificationLinux moduleMicrosoft Hornet: Enhance Kernel Security with eBPF Signature Verification
In a significant move towards boosting the security of the Linux kernel, Microsoft has introduced Hornet, a new Linux security module (LSM) designed to provide signature verification for eBPF (extended Berkeley Packet Filter) programs. As a Linux security administrator, understanding the nuances of Hornet is crucial. . This module ensures that only authenticated and verified eBPF code runs in the kernel, reducing the risk of malicious attacks and maintaining the integrity of your system. By leveraging a signature verification process similar to that used for kernel modules, Hornet helps maintain a secure and trustworthy kernel environment. Additionally, it introduces tools like sign-ebpf to facilitate the signing and management of eBPF programs, making it easier to incorporate these security measures into your existing workflows. Whether managing high-performance networking setups or implementing custom monitoring solutions , integrating Hornet into your system can provide a critical layer of security against unauthorized code execution. What is Hornet? Hornet, a Linux security module developed by Microsoft, focuses on verifying eBPF programs. To those unfamiliar, extended Berkeley Packet Filter, commonly called eBPF, allows the safe execution of custom code within Linux kernel processes while remaining flexible enough for performance monitoring and network security applications. Since its advent, many applications have taken advantage of eBPF's flexibility and efficiency, with Hornet providing additional protection through a signature verification mechanism for improved safety when using this technology. Hornet's core functionality ensures that the code being executed inside the kernel is trusted and verified. It uses an approach similar to the signature verification used on kernel modules to verify eBPF programs' integrity. To accomplish this task, Hornet appends a PKCS#7 signature file onto each executable file that can then be validated when an eBPF program is loaded via the bpf_prog_load syscall. This ensures only executable code with valid signatures is executed. Enhanced Security through Signature Verification Hornet's core advantage is its ability to enforce robust security for eBPF programs. Hornet prevents unauthorized and potentially malicious programs from running by ensuring that each eBPF code snippet loaded into the kernel comes with a validated signature. This is particularly significant for environments that leverage eBPF for critical tasks such as security monitoring and network traffic management. Without such a verification mechanism, the inherent risk is that an attacker could insert unauthorized eBPF code to exploit kernel vulnerabilities. This could lead to exfiltration of sensitive data or other malicious activities. Hornet’s stringent signature verification safeguards against these threats, making it a beneficial addition to the security toolkit of any Linux administrator. Managing eBPF Integrity with sign-ebpf To streamline the adoption of Hornet, Microsoft has also introduced a new tool called sign-ebpf . This tool aids administrators in signing their eBPF programs, embedding the necessary PKCS#7 signature for verification. The sign-ebpf tool is an indispensable part of admins' workflows, ensuring that all eBPF programs are properly signed before deployment. Integrating sign-ebpf into your workflow involves signing the eBPF program right after it's written and before deploying it. Automating this step through scripts or as part of your CI/CD pipeline ensures that the security measures are consistently applied without adding significant overhead. This proactive approach saves time and boosts confidence in the integrity of the eBPF programs being used. Designed for Compatibility Hornet has been designed with compatibility in mind, ensuring that it can seamlessly integrate with existing systems and tools. It works well with light-skeleton-based loaders and any statically generated programs that do not rely heavily onuser-space instruction rewriting. This design ensures that the module can be adopted without significant changes to existing eBPF programs or the methods used to load them. Moreover, Hornet implicitly trusts programs that are executed from within the kernel. This means certain preloaded programs—BPF_PRELOAD—and outputs for syscall programs—BPF_SYSCALL—can run without additional verification. This implicit trust reduces overhead and ensures that Hornet can maintain the performance benefits that eBPF provides while enhancing security. Configuration and Flexibility One of Hornet's particularly appealing aspects for admins is its flexible configuration. The module is controlled via the SECURITY_HORNET Kconfig option, allowing you to enable or disable the feature based on specific security requirements and system configurations. This flexibility ensures you can tailor the security mechanisms to align with your organization's unique needs and practices. For instance, you might temporarily disable Hornet in development environments or situations requiring rapid iteration. Conversely, enabling Hornet in production systems or sensitive environments ensures that all eBPF programs meet strict security requirements before execution. This adaptability makes Hornet a versatile tool suitable for various scenarios. The Practical Benefits of Hornet For us Linux security admins, the practical benefits of adopting Hornet are manifold. First and foremost, the module simplifies the complex task of ensuring the integrity of eBPF programs. By automating the signature verification process, Hornet dramatically enhances the security posture of the systems under your management. Hornet's robust verification mechanism provides peace of mind in environments where security is paramount—such as financial services, healthcare, or critical infrastructure. By preventing unauthorized eBPF code from running in the kernel, you can safeguard against a range of potential attacks and vulnerabilities. This protectssensitive data and ensures compliance with stringent security and regulatory standards. Hornet also aligns with the broader industry trend toward adopting zero-trust security models . By verifying every piece of code before it is allowed to execute, you enforce a more stringent security posture that reduces the attack surface. This approach is particularly relevant with the increase in cyber threats and the growing sophistication of attacks targeting kernel-level vulnerabilities. Our Final Thoughts on Securing the Linux Kernel with eBPF Verification Microsoft’s introduction of Hornet represents a pivotal advancement in the quest for enhanced Linux kernel security . By focusing on signature verification of eBPF programs, Hornet ensures that only authenticated, trusted code is executed within the kernel. This module provides an indispensable layer of security for Linux security admins, safeguarding against unauthorized code execution and upholding system integrity. Incorporating Hornet into your security strategy involves adopting tools like sign-ebpf, ensuring compatibility with existing workflows and leveraging flexible configuration options to meet specific security needs. With the practical benefits of automated, consistent security checks and alignment with zero-trust principles, Hornet significantly contributes to a robust security posture. As Linux continues to dominate in areas ranging from servers to IoT devices, the need for strong, scalable security measures has never been greater. Hornet offers a robust, practical solution that empowers administrators to maintain the integrity and security of their systems in the face of advancing threats. Adopting Hornet is not just a step towards better security; it’s a commitment to maintaining the highest standards of trust and integrity in your Linux environments. . Buzzard strengthens system security by validating only authorized eBPF functions, markedly improving operational safety.. Hornet eBPF, Linux security module, kernelintegrity, Microsoft Hornet, signed eBPF. . Brittany Day
Mar 25, 2025 •
Security Projects 79
Linux updatessecurity moduleremote loggingHighlights of LKRG 0.9.8: Enhanced Kernel Safety and Remote Logging
Openwall has released Linux Kernel Runtime Guard (LKRG) 0.9.8 with significant updates and improvements. For those unfamiliar with Linux Kernel Runtime Guard (LKRG), it is a kernel module that performs runtime integrity checking of the Linux kernel and detects security vulnerability exploits against the kernel. . We'll explain the significance of LKRG in more depth, explore its remote logging functionality, and discuss the significant changes introduced in LKRG 0.9.8. What Is the Significance of LKRG? LKRG was a project of Adam 'pii3' Zabrocki that was brought under the Openwall umbrella and released to the public in 2018. It performs runtime integrity checks on the Linux kernel to detect security vulnerabilities exploited against the kernel. LKRG tries to detect and respond quickly to unauthorized kernel modifications or changes in credentials for running system processes. This protects against exploits gaining unauthorized access to root through kernel vulnerabilities. LKM Rootkits, Docker containers, and other threats are all included in the module, enabling it to combat most existing and future Linux kernel vulnerabilities. LKRG offers security by diversity but without the drawbacks of running an unusual OS. LKRG works best on systems that are unlikely to be rebooted to a new kernel or live-patched whenever a kernel vulnerability is found. It provides robust protection from kernel vulnerability exploits without requiring much effort by the user. There is no need to configure a security policy, etc. LKRG is especially beneficial for systems not expected to be updated consistently. The module can be installed easily in various distros such as RHEL, CentOS, Ubuntu, Whonix, Debian, Rocky Linux, and AlmaLinux. Remote Logging with LKRG Remote logging is critical for troubleshooting incidents, centralizing processing for SIEM and EDR, and compliance. While there are pre-existing Linux kernel remote logging solutions, LKRG is an excellent option for Linux kernel remotelogging. It offers transport security, provides long-term encryption and authentication of messages and blobs, and is not too susceptible to DoS attacks. LKRG also offers: Reliable delivery Congestion control Message prioritization Roaming support Message encapsulation According to security specialist Solar Designer , "Delivery, storage, and processing of LKRG security events to/on a remote system is a natural extension of LKRG's functionality. Remote logging is also valuable on its own, including for troubleshooting and post-mortem analyses of (non-)security incidents, where the system's local logs might be unavailable, incomplete, or tampered with." For more technical details, I encourage you to explore Solar Designer's recent presentation on Linux kernel remote logging: approaches, challenges, implementation. What's New in LKRG 0.9.8? According to Openwall, the following significant changes have been made in LKRG 0.9.8: Added optional remote kernel message logging, including the sending component in LKRG itself and the receiving/logging counterpart in a userspace daemon, as well as additional utilities to generate a public/secret keypair and to process the logs and documentation in LOGGING. Added support for RHEL 8.8+. More complete documentation of the build requirements. The most notable change in this release is the addition of built-in remote kernel message logging capabilities. You can get LKRG 0.9.8 here . Our Final Thoughts on LKRG 0.9.8 LKRG 0.9.8 is an exciting release for those looking to enhance kernel security, especially if they are not engaging in frequent updates. We encourage you to check it out and share your thoughts on X @lnxsec ! That being said, keeping your systems patched against the latest security flaws is another essential defense mechanism against attacks exploiting known vulnerabilities. Be sure to subscribe to our newsletters for the latest updates, news, and advisories impacting your securityas a Linux user. . Explore the significant advancements in LKRG 0.9.8, its critical role in safeguarding kernel integrity, and how enhanced remote logging improves overall defense mechanisms.. Linux Kernel Runtime Guard, LKRG Updates, Kernel Integrity, Remote Logging Solutions. . Dave Wreski
Mar 05, 2024 • Security Projects 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More