Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
83
user privacydata theftbrowser exploitBrowser Data Theft: Exploiting Extension APIs by Malicious Websites
Malicious websites can exploit browser extension APIs to execute code inside the browser and steal sensitive information such as bookmarks, browsing history, and even user cookies.. The latter, an attacker can use to hijack a user's active login sessions and access sensitive accounts, such as email inboxes, social media profiles, or work-related accounts. The link for this article located at ZDNet is no longer available. . Harmful sites may leverage browser add-on interfaces to run scripts and pilfer user information such as session tokens or saved links.. Browser Exploit, Malicious Websites, Data Theft, Extension APIs. . LinuxSecurity.com Team
Jan 20, 2019 •
Hacks/Cracks 78
safe browsingbrowser securityuser protectionNSS Labs Findings: Google Chrome Safe Browsing API and Security Concerns
From the start, Google's Safe Browsing API was designed to spot malicious web pages so users wouldn't get trapped in them. Google identifies these sites through its own algorithms and user notification. . Google Chrome isn't the only browser to do this. FireFox and Safari rely on the lists made available in the Safe Browsing API, and Microsoft has its Application Reputation with Internet Explorer, which essentially does the same thing. This week, NSS Labs, a firm that specializes in the testing of security systems, found something in its monitoring that just didn't feel right. The link for this article located at CSO Online is no longer available. . Google Chrome isn't the sole browser leveraging the Safe Browsing API; dive into NSS Labs' analysis and its consequences for web security.. Google Chrome Security, NSS Labs Insights, Safe Browsing API, Browser Safety. . LinuxSecurity.com Team
Feb 08, 2012 • Vendors/Products 
83
security advisorysecurity patchsecurity riskAndroid Security Advisory: Data Theft Risk Moderate From Malicious Websites
Google is working to patch a new data-stealing vulnerability that affects all versions of the Android operating system. The vulnerability was discovered by security researcher Thomas Cannon. "While doing an application security assessment one evening I found a general vulnerability in Android which allows a malicious website to get the contents of any file stored on the SD card," he said on his blog.. "It would also be possible to retrieve a limited range of other data and files stored on the phone using this vulnerability." In other words, a successful exploit wouldn't provide the attacker with root access to all device data. Cannon said that after he emailed Google about the bug, the company made contact to discuss the issue just 20 minutes later. Google also asked him to withhold some details while it works on a fix. "As my intention is to inform people about the risk, not about how to exploit users, I've agreed," he said. The link for this article located at Information Week is no longer available. . A recently identified flaw in Android systems poses a risk of unauthorized access to data stored on SD cards. Google's team is actively developing a fix.. Android Data Theft, Android Vulnerabilities, Security Patch, Malicious Websites, Data Protection. . LinuxSecurity.com Team
Nov 30, 2010 • Hacks/Cracks 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More