Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 1 articles for you...
83
security advisoryUbuntusoftware attackUbuntu 22.04 LTS Advisory: Command-Not-Found Rogue Package Risk
A potential security vulnerability exists in the command-not-found tool in Ubuntu, which threat actors could exploit to recommend and install malicious packages on systems running Ubuntu operating systems. The command-not-found tool is installed by default on Ubuntu systems and suggests packages to install when users attempt to run commands that are not available. . How Does This Exploit Work? The command-not-found tool relies on the Advanced Packaging Tool (APT) and snap packages for recommendations. However, cybersecurity researchers have discovered a potential loophole that allows attackers to manipulate the tool and recommend malicious packages through the snap repository. This vulnerability could lead to software supply chain attacks and pose a significant security risk for Ubuntu users. By exploiting the command-not-found tool, attackers can recommend and trick users into installing rogue packages, compromising the integrity and security of their systems. This vulnerability could be leveraged for software supply chain attacks, where malicious packages infiltrate the system through deceptive recommendations. The alias mechanism loophole allows threat actors to register corresponding snap names associated with aliases and deceive users into installing malicious packages. Additionally, attackers could claim the snap name related to an APT package and upload a malicious snap, which would be suggested instead of the legitimate APT package. This deceptive recommendation increases the risk of users falling victim to the fake snap package. The high percentage of APT package commands that are vulnerable to impersonation by malicious actors is a significant concern. As many as 26% of the APT package commands can be registered under an attacker's account, further emphasizing the severity of the security risk. This vulnerability puts many Ubuntu users at risk, potentially compromising their systems and sensitive data. What Are the Implications for Ubuntu Users? The implications of thisvulnerability are far-reaching and have long-term consequences. Ubuntu users, especially Linux admins, infosec professionals, internet security enthusiasts, and sysadmins, must be aware of this security flaw and take proactive measures to mitigate the risks. Verifying the source of packages before installation and checking the maintainers' credibility are crucial steps to prevent falling victim to this vulnerability. Additionally, developers of APT and snap packages are advised to register the associated snap name for their commands to prevent misuse. The impact on security practitioners is significant. They must remain vigilant and implement proactive defense strategies to safeguard their systems and networks. This vulnerability underscores the importance of continually monitoring and securing open-source and Linux environments, as even widely used and trusted tools can be exploited by adversaries. Our Final Thoughts on This Security Loophole This article sheds light on a critical security vulnerability in the command-not-found tool in Ubuntu. It highlights the potential consequences and provides essential recommendations for users and developers to mitigate the risks. Security practitioners must remain proactive, exercise caution, and establish robust defense strategies to safeguard against such vulnerabilities and protect their systems from malicious actors. Be sure to subscribe to our weekly newsletters to stay up-to-date on issues like this impacting the security of your Linux systems. Stay safe out there, Ubuntu users! . The command-not-found tool in Ubuntu helps users find installable commands, but a vulnerability may allow attackers to mislead users into installing harmful packages. Ubuntu Command-Not-Found Risk, Malicious Package Security, Software Integrity. . Brittany Day
Feb 14, 2024
•
Hacks/Cracks
83
malicious packageremote access toolnpm threatMalicious Packages Found in NPM and PyPI: Crypto-Miners and RATs
Security researchers have discovered yet another sizable haul of malicious packages on the open source registries npm and PyPI. These packages, which could cause problems if developers downloaded them without realizing it, can be found here. . It comes with a number of different packages, all of which contain the same malicious package. go file is a Trojan horse programme that was developed to mine cryptocurrency on Linux computers. According to Sonatype, sixteen of these were able to be traced back to the same actor known as trendava, who has since been removed from the npm registry. The total number of packages that have been identified as malicious, suspicious, or proof-of-concept since 2019 has nearly reached 107,000 thanks to the discoveries made by the company’s AI tooling. A new piece of Python malware with capabilities combining those of a remote access tool (RAT) and information stealer was also found by the security vendor. . Explore perilous npm and PyPI modules harboring crypto-miners and RATS that jeopardize developers' safety.. Malicious Packages, Npm Threats, Python Malware, Open Source Security. . LinuxSecurity.com Team
Feb 22, 2023
•
Hacks/Cracks
83
open sourcelinuxmalicious package241 Malicious Npm And Pypi Packages Downloading Cryptominers Threat
More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week. . These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers. Researchers have caught at least 241 malicious npm and PyPI packages that drop cryptominers after infecting Linux machines. These packages are typosquats of popular open source libraries and commands like React , argparse , and AIOHTTP , but instead, download and install cryptomining Bash scripts from the threat actor's server. On Wednesday, software developer and researcher Hauke Lübbers shared coming across " at least 33 projects " on PyPI that all launched XMRig , an open source Monero cryptominer, after infecting a system. . Over 250 nefarious npm and PyPI packages identified that install cryptominers via typosquatting on Unix-like operating systems.. Malicious Packages, Cryptominer Threat, Open Source Vulnerabilities. . LinuxSecurity.com Team
Aug 23, 2022
•
Hacks/Cracks
83
linux securitysoftware attackmalicious packageMalicious PyPI Package Installs Monero Cryptominer on Linux Systems
A malicious PyPI package was used to install a Monero cryptominer on Linux systems. . The package in question, secretslib, was pushed to the official third-party software repo for Python on 6th August 2022. The package was described as “secrets matching and verification made easy”. Sonatype’s automated malware detection system flagged secretslib as potentially malicious. Further analysis proved its suspicions to be correct. The link for this article located at Developer is no longer available. . An exploitative package on PyPI dubbed pycryptominer was discovered deploying a Zcash mining tool across Linux platforms.. Linux Cryptominer Threat, PyPI Malware, Malicious Package Installation. . LinuxSecurity.com Team
Aug 15, 2022
•
Hacks/Cracks
210
credential theftmalicious packagedependency confusionDependency Confusion Attack Targets Amazon and Slack Apps
Malicious actors are exploiting a new 'Dependency Confusion' vulnerability to target Amazon, Zillow, Lyft, and Slack NodeJS apps and steal Linux/Unix password files and open reverse shells back to the attackers. . Last month, BleepingComputer reported that security researcher Alex Birsan earned bug bounties from 35 companies by utilizing a new flaw in open-source development tools. This flaw works by attackers creating packages utilizing the same names as a company's internal repositories or components. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company's internal packages when building the application. . Cybercriminals take advantage of a recently discovered dependency confusion flaw to infiltrate large corporations and extract sensitive login information.. Dependency Confusion, NPM Security, Attack Vector, Credential Theft. . Brittany Day
Mar 02, 2021
•
Security Vulnerabilities
210
security advisoryroot accessLinuxTeamViewer RPM Repository Vulnerability: Malicious Package Risk Exploit
A vulnerability discovered in TeamViewer RPM auto-updates on Linux allowed attackers to easily install and execute arbitrary software with root permissions. Luckily, TeamViewer has fixed this flaw in version 15.11.6. . Three months ago, I discovered a security vulnerability in TeamViewer RPM auto-updates on Linux. The vulnerability allowed an attacker-in-the-middle (AITM) to subvert the TeamViewer RPM package repository to install and execute arbitrary software with root permissions. First thing first: TeamViewer followed best practices and used cryptographic signing (GPG) on the repository metadata and its software packages. These measures should have prevented anyone from tampering with either the repository or any of its packages. However, it assumes that the system has a copy of TeamViewer’s public GPG key. . An exploit in TeamViewer RPM updates allows unauthorized root permissions for software installations. Version 15.11.6 addresses this issue.. TeamViewer Vulnerability, Linux Auto-Update Security, Malicious Package Risk. . Brittany Day
Nov 06, 2020
•
Security Vulnerabilities
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More