Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
210
privilege escalationthreat mitigationcritical vulnerabilityPolkit CVE-2021-4034 Critical Level: Escalation Threat Overview
Here's everything you need to know about the CVE-2021-4034 Polkit privilege escalation vulnerability in the Linux kernel. . Linux is widely known as a highly secure operating system. However, like any other system software, it too can fall prey to loopholes and exploits, the worst of which are privilege escalation vulnerabilities that allow an adversary to elevate their permissions and potentially take over an entire organization. Polkit CVE-2021-4034 is a critical privilege escalation vulnerability that has gone unnoticed for over 12 years and affects all major Linux distributions. It is so devastating that a criticality rating of 8 was issued to the vulnerability. So, what exactly is Polkit CVE-2021-4034, and how can you fix it? Polkit privilege escalation vulnerability weaponizes pkexec , an executable part of the PolicyKit component of Linux. pkexec is an executable that allows a user to execute commands as another user. The pkexec source code had loopholes that anyone could exploit to gain maximum privileges on a Linux system, i.e., become the root user. This bug has been termed "Pwnkit" and is being tracked as CVE-2021-4034. . CVE-2021-4034 highlights a major vulnerability in Polkit, which manages Linux privileges. Learn how this flaw can be exploited and discover ways to mitigate this risk. polkit security, privilege escalation, linux vulnerabilities, threat mitigation, critical linux vulnerabilities. . Brittany Day
Jan 02, 2023
•
Security Vulnerabilities
210
security advisorycriticallocal privilege escalationRed Hat: Local Escalation Patch For Polkit CVE-2021-3560 Critical Risk
A seven-year-old Linux local privilege escalation bug has reared its head and finally gotten a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros including RHEL 8, Fedora 21 or later and Ubuntu 20.04. Patch now! . On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago. To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group. As it is easy to complete and the “highest threat from this vulnerability is to data confidentiality and integrity as well as system availability,” Red Hat has rated the CVE at 7.8 on the 10-point scale. You can see what exploiting this would look like in the proof-of-concept video above, created by Keven Backhouse on GitHub’s YouTube channel. . Investigate a significant seven-year-old vulnerability in polkit privilege escalation impacting major Linux distributions and discover how to resolve it.. Polkit, Privilege Escalation, Security Patch, Linux Distros, RHEL. . Brittany Day
Jun 14, 2021
•
Security Vulnerabilities
210
security advisorylocal privilege escalationroot accessLinux Distributions: Security Advisory CVE-2021-3560 Critical Polkit Bypass
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. This polkit local privilege escalation bug (tracked as CVE-2021-3560 ) was publicly disclosed, and a fix was released on June 3, 2021. . It was introduced seven years ago in version 0.113 and was only recently discovered by GitHub Security Lab security researcher Kevin Backhouse . Even though many Linux distributions haven't shipped with the vulnerable polkit version until recently, any Linux system shipping with polkit 0.113 or later installed is exposed to attacks. . Non-privileged adversaries can take advantage of a polkit vulnerability to attain root privileges across various Linux distributions. Learn more about the solutions available.. polkit exploit, linux privilege escalation, unprivileged access. . Brittany Day
Jun 11, 2021
•
Security Vulnerabilities
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More