Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
210
security advisoryOpenOfficemoderate severityLibreOffice & OpenOffice: CVE-2021-41832 Moderate Document Spoofing Threat
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. "Allowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code." . Although the severity of the flaw is classified as moderate, the implications could be dire. The digital signatures used in document macros are meant to help the user verify that the document hasn’t been altered and can be trusted. The discovery of the flaw, which is tracked as CVE-2021-41832 for OpenOffice, was the work of four researchers at the Ruhr University Bochum. The same flaw impacts LibreOffice, which is a fork of OpenOffice spawned from the main project over a decade ago, and for their project is tracked as CVE-2021-25635. . A serious vulnerability in LibreOffice and OpenOffice allows malicious actors to forge signatures on documents, putting user security at risk. Take precautions immediately!. LibreOffice Vulnerability, OpenOffice Flaw, Document Security. . Brittany Day
Oct 12, 2021 •
Security Vulnerabilities 77
security advisoryXSSmoderate severityJoomla 1.5.13 Moderate XSS And Severe File Upload Risks Advisory
The Joomla developers have announced the release of version 1.5.13 of their content management system (CMS). The security update addresses a critical vulnerability in the Tiny browser included with the TinyMCE 3.0 editor that could allow files to be uploaded or removed without a user needing to be logged in. Version 1.5.12 is affected. Additional details, however, have not been provided.. A moderate cross site scripting (XSS) issue has also been fixed that could cause some files to miss the JEXEC check, causing scripts to expose internal path information to the host. All 1.5.x versions up to and including 1.5.12 are affected. The 1.5.13 update addresses both of the issues. The link for this article located at H Security is no longer available. . Joomla 1.5.13 resolves significant file-related problems and XSS vulnerabilities, bolstering its security capabilities.. Joomla Security, XSS Risk Management, File Upload Protection. . LinuxSecurity.com Team
Jul 23, 2009 • Server Security 
74
security advisorybuffer overflowmoderate severityTrillian 0.74i Advisory: Moderate Risk of Buffer Overflow in MSN Module
Security researchers have issued a warning of a flaw in the Trillian cross-platform instant messaging (IM) client that puts users at risk of malicious hacker attacks. . . .. Security researchers have issued a warning of a flaw in the Trillian cross-platform instant messaging (IM) client that puts users at risk of malicious hacker attacks. The vulnerability has been reported in Trillian 0.74i, which is a free version of the product distributed by Cerulean Studios. An advisory from Secunia attached a "moderately critical" rating to the flaw, saying it exists in the MSN Module, which allows the client to connect to Microsoft's chat network. Secunia said the vulnerability is caused by a boundary error within the MSN module and can be exploited to cause a buffer overflow by passing an overly long string (about 4096 bytes) from an MSN Messenger server. The link for this article located at Ryan Naraine is no longer available. . Alert released regarding Trillian vulnerability that can lead to cyber intrusions as a result of buffer overflow in its MSN component.. Trillian Flaw, Buffer Overflow, Instant Messaging Security. . Anthony Pell
Sep 10, 2004 • Network Security 77
security advisorymoderate severityBINDBIND 4.9.7-OW5 and 4.9.8-OW1 Moderate: Infoleak and Complain Bug
Solar Designer has updated his OpenWall patches for BIND 4.9.7 and BIND 4.9.8. COVERT Labs at PGP Security has published a security advisory on a number of BIND vulnerabilities:. . .. Solar Designer has updated his OpenWall patches for BIND 4.9.7 and BIND 4.9.8. COVERT Labs at PGP Security has published a security advisory on a number of BIND vulnerabilities: I've released updated versions of the BIND 4.9.x patches (which make it run as a non-root user and chrooted) that include the new fixes. The BIND 4.9.7-OW5 patch contains fixes for the two most critical vulnerabilities (known as "infoleak" and "complain bug") that affect BIND 4.9.7. Older released versions of the BIND 4.9.7-OW patches didn't include these fixes and should be upgraded to at least 4.9.7-OW5 (the -OW patches, when used properly, reduced the impact of the "complain bug" vulnerability, though). The BIND 4.9.8-OW1 patch no longer needs the "infoleak" and "complain bug" fixes (as these bugs are fixed in the 4.9.8 release), but adds a back-port of two fixes from BIND 8.2.2-P3+ (to the "naptr" and "maxdname" bugs, which are believed to be relatively minor and thus were not fixed in deprecated BIND versions including BIND 4). . The security expert Solar Designer has released new OpenWall updates for BIND versions 4.9.7 and 4.9.8, targeting significant vulnerabilities.. BIND Fixes, OpenWall Patches, BIND Security Advisory. . LinuxSecurity.com Team
Jan 29, 2001 • Server Security 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More