Alerts This Week
Warning Icon 1 625
Alerts This Week
Warning Icon 1 625

Stay Ahead With Linux Security News

2.Motherboard Esm H350
Security Vulnerabilities Price Tag%201security advisory authentication bypass

Fortinet has confirmed active exploitation of three FortiSandbox vulnerabilities . One allows attackers to bypass login controls, while the other two enable command execution directly on the appliance. Combined, they create a path from unauthenticated access to direct interaction with a system many organizations trust to analyze suspicious content. . In many environments, FortiSandbox sits between incoming content and the systems responsible for making security decisions about it. Before a...
1 min read Security Vulnerabilities
Joomla Comp Hero Esm H350
Security Vulnerabilities Price Tag%201security advisory critical

The Joomla Content Editor (JCE), one of the most widely deployed editor extensions for Joomla websites, is currently under active attack due to a critical vulnerability. . The issue, tracked as CVE-2026-48907 , affects JCE versions earlier than 2.9.99.5 and carries a CVSS score of 10.0. Because JCE is installed on a large number of public-facing Joomla sites, the vulnerability has quickly become a high-priority target for attackers and automated scanning campaigns. CISA has added the flaw to...
3 - 6 min read Security Vulnerabilities
Jetbrains Hero Esm H350
Security Trends Price Tag%201security advisory open-source

At least 15 malicious plugins and nearly 70,000 installs later, developers are being reminded that trusted marketplaces can become supply-chain attack vectors overnight. . How Malicious Plugins Steal API Credentials It’s simple. The user installs a plugin. It asks for API credentials. The developer clicks "Apply." A short time later, those keys could be sent to a third-party server. Think of an API key like a valet key to your house. It doesn't give them the deed to the property, but it lets...
3 - 5 min read Security Trends
Freedp Hero Esm H350
Security ProjectsPrice Tag%201security advisory security update

Remote access tools do not need dramatic new features to improve security. Sometimes the more useful change is quieter, like stronger defaults that make weak encryption harder to use by accident. . What FreeRDP Is and Why This Release Matters FreeRDP is an open-source implementation of Microsoft’s Remote Desktop Protocol, used as both a library and a set of clients across Linux, Windows, macOS, Android, and other systems. In Linux environments, it is often the practical RDP client...
2 - 4 min read Security Projects
Simplehelp Hero Esm H350
Security Vulnerabilities Price Tag%201security advisory remote access

Remote support platforms sit close to the systems attackers want most: administrator workflows, technician accounts, and managed endpoints. That is why the SimpleHelp OIDC flaw is more serious than a routine authentication bypass vulnerability. For organizations running these platforms on Linux-based infrastructure, the risk is compounded by the ease with which these services are deployed and integrated into larger management stacks. . What Is SimpleHelp and Why Is It a High-Value Target?...
3 - 5 min read Security Vulnerabilities
Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":564,"type":"x","order":1,"pct":78.66,"resources":[]},{"id":484,"title":"Formal training or courses","votes":32,"type":"x","order":2,"pct":4.46,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.74,"resources":[]},{"id":486,"title":"Other","votes":87,"type":"x","order":4,"pct":12.13,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -3 articles for you...
83
32.Lock Code Circular Esm H240
Price Tag%201linux securitysoftware attackmalicious package

Malicious PyPI Package Installs Monero Cryptominer on Linux Systems

A malicious PyPI package was used to install a Monero cryptominer on Linux systems. . The package in question, secretslib, was pushed to the official third-party software repo for Python on 6th August 2022. The package was described as “secrets matching and verification made easy”. Sonatype’s automated malware detection system flagged secretslib as potentially malicious. Further analysis proved its suspicions to be correct. The link for this article located at Developer is no longer available. . An exploitative package on PyPI dubbed pycryptominer was discovered deploying a Zcash mining tool across Linux platforms.. Linux Cryptominer Threat, PyPI Malware, Malicious Package Installation. . LinuxSecurity.com Team

Calendar%202 Aug 15, 2022 User Avatar LinuxSecurity.com Team Hacks/Cracks
79
27.Tablet Connections Blocks Lock Esm H240
Price Tag%201security risksopen source securitysoftware supply chain

Google's Package Analysis Initiative Focuses on Mitigating Risks

The Google and OpenSSF Package Analysis project aims to reduce security risks created by developers' crazy package-updating schedules. . Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package Analysis Project is one of the software supply chain initiatives from the the Linux Foundation's Open Source Security Foundation (OpenSSF) that should help automate the process of identifying malicious packages distributed on popular package repositories, such as npm for JavaScript and PyPl for Python. It runs a dynamic analysis of all packages uploaded to popular open-source repositories. It aims to provide data about common types of malicious packages and inform those working on open-source software supply chain security about how best to improve it. . Microsoft has outlined initiatives aimed at detecting harmful software components covertly integrated into community-driven applications.. Open Source Security, Google Package Analysis, Malicious Code Detection. . LinuxSecurity.com Team

Calendar%202 May 05, 2022 User Avatar LinuxSecurity.com Team Security Projects
Banner 1 1028x280 1708121660 1771599717
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":564,"type":"x","order":1,"pct":78.66,"resources":[]},{"id":484,"title":"Formal training or courses","votes":32,"type":"x","order":2,"pct":4.46,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.74,"resources":[]},{"id":486,"title":"Other","votes":87,"type":"x","order":4,"pct":12.13,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here