Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
79
Linux updatessecurity moduleremote loggingHighlights of LKRG 0.9.8: Enhanced Kernel Safety and Remote Logging
Openwall has released Linux Kernel Runtime Guard (LKRG) 0.9.8 with significant updates and improvements. For those unfamiliar with Linux Kernel Runtime Guard (LKRG), it is a kernel module that performs runtime integrity checking of the Linux kernel and detects security vulnerability exploits against the kernel. . We'll explain the significance of LKRG in more depth, explore its remote logging functionality, and discuss the significant changes introduced in LKRG 0.9.8. What Is the Significance of LKRG? LKRG was a project of Adam 'pii3' Zabrocki that was brought under the Openwall umbrella and released to the public in 2018. It performs runtime integrity checks on the Linux kernel to detect security vulnerabilities exploited against the kernel. LKRG tries to detect and respond quickly to unauthorized kernel modifications or changes in credentials for running system processes. This protects against exploits gaining unauthorized access to root through kernel vulnerabilities. LKM Rootkits, Docker containers, and other threats are all included in the module, enabling it to combat most existing and future Linux kernel vulnerabilities. LKRG offers security by diversity but without the drawbacks of running an unusual OS. LKRG works best on systems that are unlikely to be rebooted to a new kernel or live-patched whenever a kernel vulnerability is found. It provides robust protection from kernel vulnerability exploits without requiring much effort by the user. There is no need to configure a security policy, etc. LKRG is especially beneficial for systems not expected to be updated consistently. The module can be installed easily in various distros such as RHEL, CentOS, Ubuntu, Whonix, Debian, Rocky Linux, and AlmaLinux. Remote Logging with LKRG Remote logging is critical for troubleshooting incidents, centralizing processing for SIEM and EDR, and compliance. While there are pre-existing Linux kernel remote logging solutions, LKRG is an excellent option for Linux kernel remotelogging. It offers transport security, provides long-term encryption and authentication of messages and blobs, and is not too susceptible to DoS attacks. LKRG also offers: Reliable delivery Congestion control Message prioritization Roaming support Message encapsulation According to security specialist Solar Designer , "Delivery, storage, and processing of LKRG security events to/on a remote system is a natural extension of LKRG's functionality. Remote logging is also valuable on its own, including for troubleshooting and post-mortem analyses of (non-)security incidents, where the system's local logs might be unavailable, incomplete, or tampered with." For more technical details, I encourage you to explore Solar Designer's recent presentation on Linux kernel remote logging: approaches, challenges, implementation. What's New in LKRG 0.9.8? According to Openwall, the following significant changes have been made in LKRG 0.9.8: Added optional remote kernel message logging, including the sending component in LKRG itself and the receiving/logging counterpart in a userspace daemon, as well as additional utilities to generate a public/secret keypair and to process the logs and documentation in LOGGING. Added support for RHEL 8.8+. More complete documentation of the build requirements. The most notable change in this release is the addition of built-in remote kernel message logging capabilities. You can get LKRG 0.9.8 here . Our Final Thoughts on LKRG 0.9.8 LKRG 0.9.8 is an exciting release for those looking to enhance kernel security, especially if they are not engaging in frequent updates. We encourage you to check it out and share your thoughts on X @lnxsec ! That being said, keeping your systems patched against the latest security flaws is another essential defense mechanism against attacks exploiting known vulnerabilities. Be sure to subscribe to our newsletters for the latest updates, news, and advisories impacting your securityas a Linux user. . Explore the significant advancements in LKRG 0.9.8, its critical role in safeguarding kernel integrity, and how enhanced remote logging improves overall defense mechanisms.. Linux Kernel Runtime Guard, LKRG Updates, Kernel Integrity, Remote Logging Solutions. . Dave Wreski
Mar 05, 2024 •
Security Projects 76
security toolthreat detectionKubernetesFalco Graduation: Importance for Runtime Security in Cloud-Native Systems
In the world of cloud-native computing, security is paramount. The recent announcement by the Cloud Native Computing Foundation (CNCF) about the graduation of Falco , a cloud-native security tool, brings it to the forefront. Falco, described as the de facto Kubernetes threat detection engine, has gained significant traction among notable organizations like Booz Allen Hamilton, GitLab, Shopify, and many more. . This critical analysis aims to delve into the article and explore the implications of Falco's graduation for Linux admins, infosec professionals, internet security enthusiasts, and sysadmins, focusing on long-term consequences and its impact on security practitioners. What Is the Significance of Falco in the Realm of Security? The Cloud Native Computing Foundation (CNCF) has elevated Falco to graduation status, highlighting its adoption and growth within the cloud native ecosystem. Falco, developed and open-sourced by Sysdig in 2016, has seen continuous improvements and enhancements, leading to its acceptance into the CNCF Sandbox in 2018 and subsequent graduation in 2024. The project has garnered support from major industry players like Amazon, Apple, IBM, and Red Hat, further solidifying its credibility. Falco's success can be attributed to its effective detection and alerting capabilities. By employing custom rules on kernel events, Falco provides real-time visibility into abnormal behavior, potential security threats, and compliance violations. It contributes to comprehensive runtime security, helping organizations gain insights and take proactive measures to safeguard their cloud-native deployments. Through its plugin system, Falco aims to expand its use cases and strengthen its position in the security landscape. The graduation of Falco from incubation status underscores the importance of runtime security in cloud-native environments. Linux admins, infosec professionals, and sysadmins can leverage Falco's capabilities to enhance the security posture of theirinfrastructure. Interestingly, Falco employs eBPF , a promising technology that enables deep introspection into the Linux kernel, to power its threat detection engine. This presents an opportunity for security practitioners to explore and contribute to developing eBPF-powered security solutions. The growing community around Falco is another notable aspect. With over 30 public adopters and a significant increase in active contributors, Falco's potential for further advancements and innovation is evident. The collaboration of organizations like Cisco, Shopify, Skyscanner, and Vinted in adopting Falco speaks to its relevance and effectiveness in real-world scenarios. Security practitioners can benefit from the collective wisdom and experiences shared within this active community, deepening their understanding of runtime security challenges and solutions. Implications & Questions One of the long-term consequences of Falco's graduation is the increased awareness and adoption of runtime security measures in cloud native computing. As more organizations recognize the importance of detecting threats in real-time, the demand for robust and scalable runtime security solutions will grow. This trend raises questions about integrating such solutions with existing security frameworks and the potential impact on overall system performance. Furthermore, Falco's successful graduation from incubation status sets a standard for other security tools and projects within the CNCF ecosystem. This raises the bar for future projects and further validates the importance of runtime security in cloud-native environments. It also prompts security practitioners to critically evaluate the maturity and effectiveness of other security tools in their arsenal. Falco's Impact on Cloud-Native Security: Our Final Thoughts Falco's graduation is a significant milestone in cloud-native runtime security. The tool's real-time visibility, threat detection capabilities, and active community support commend its value to securitypractitioners. Linux admins, infosec professionals, internet security enthusiasts, and sysadmins stand to benefit from its continued development and integration. As the native cloud landscape evolves, Falco's graduation serves as a reminder that proactive and comprehensive runtime security is essential in protecting valuable assets and ensuring the integrity of native cloud deployments. . Falco's graduation marks a key shift in cloud-native security, urging Linux admins to adopt its advanced intrusion detection and behavior monitoring for better protection. Falco, Cloud Native, Runtime Protection, Threat Detection. . Dave Wreski
Mar 02, 2024 • Organizations/Events 
79
eBPFruntime securitykernel instrumentationGoogle KRSI: eBPF Dynamic MAC Policies and Audit Enhancements
Back in September was an initial "request for comments" by Google on some kernel work they are doing with Kernel Runtime Security Instrumentation (KRSI) for providing eBPF-powered security helpers, ultimately for creating dynamic MAC and audit policies. Just before Christmas the first official version of this new eBPF-based instrumentation was sent out and is being prepared for deployment within Google. Learn more about Google's work with KRSI in a great Phoronix article: . The patch series proposing KRSI to bpf-next explains the background and design of the Kernel Runtime Security Instrumentation.The patch series also goes on to describe how KRSI differs from Landlock LSM and other security modules currently available within the kernel tree. The link for this article located at Phoronix is no longer available. . Uncover how Google utilizes Kernel Runtime Security Instrumentation via eBPF, boosting dynamic MAC frameworks and inspection protocols.. Kernel Runtime Security, KRSI, eBPF Security, Google Security, MAC Policies. . LinuxSecurity.com Team
Jan 01, 2020 • Security Projects 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More