Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 1 articles for you...
210
security advisorydenial of servicenetwork securityLinux Kernel Security Advisory: High Severity DoS Flaws Resolved
Five high severity Linux network security vulnerabiities have been found and fixed. Patch your systems immediately to protect your servers against DoS attacks! . Young and rising Linux security developer Alexander Popov of Russia's Positive Technologies discovered and fixed a set of five security holes in the Linux kernel's virtual socket implementation. An attacker could use these vulnerabilities ( CVE-2021-26708 ) to gain root access and knock out servers in a Denial of Service (DoS) attack. With a Common Vulnerability Scoring System (CVSS) v3 base score of 7.0, high severity, smart Linux administrators will patch their systems as soon as possible. . Critical vulnerabilities in Linux network protocols have been identified and resolved. Prompt application of updates is recommended to protect your systems.. Linux Network Threats, Kernel Security, High Severity Patches. . Brittany Day
Mar 04, 2021 •
Security Vulnerabilities 82
federal agenciescybersecurity challengespolicy changesUS Government Cybersecurity Struggles Amid White House Role Reductions
Amid a report today that the Trump White House plans to cut the administration's cybersecurity coordinator position altogether, new data shows how US federal government agencies continue to struggle to close security holes in their software.. Politico reported that the administration has eliminated the White House cybersecurity position, which was recently vacated by former head Rob Joyce, who has returned to the National Security Agency. Politico said it had obtained an email to the White House National Security Council staff from John Bolton aide Christine Samuelian: "The role of cyber coordinator will end," in an effort to "streamline authority" in the NSC, which includes two senior cybersecurity directors, she said in the email, according to Politico. The link for this article located at DarkReading is no longer available. . Federal entities encounter persistent threats in cybersecurity as significant shifts in regulations impact crucial roles within the government.. US Cybersecurity, Government Cyber Policies, Federal Security Coordination. . Brittany Day
May 16, 2018 • Government 
77
security advisorybug fixesDoS protectionPHP 5.2.12 Security Advisory: Critical Fixes Against Key Threats
The PHP developers have released version 5.2.12 of their popular programming language, fixing over 60 bugs mainly to increase stability, but also closing some security holes. While PHP 5.3 has been available since mid 2009, backwards compatibility issues with various popular PHP applications have prevented many users from upgrading. Since, as a result, the 5.2 branch is still used on numerous systems, the developers continue to update this branch. . The current update particularly prevents attackers from bypassing the safe_mode and open_basedir security functions in connection with the tempnam() and posix_mkfifo() functions. The new max_file_uploads option prevents potential DoS attacks when uploading files by limiting the number of files per upload request. Furthermore, the $_SESSION variable is now less susceptible to manipulations, and the htmlspecialchars() PHP function for converting special characters in HTML code offers enhanced string checking. All of article The link for this article located at H Security is no longer available. . The current update particularly prevents attackers from bypassing the safe_mode and open_basedir sec. developers, released, version, their, popular, programming, language, fixing. . LinuxSecurity.com Team
Dec 18, 2009 • Server Security 82
security advisorydenial of servicesecurity holesEAS Advisory: Security Holes Allow Threats and False Alerts
The US Emergency Alert System (EAS) that lets officials instantly interrupt radio and TV broadcasts to provide emergency information in a crisis suffers from security holes that leave it vulnerable to denial of service attacks, and could even permit hackers to issue their own false regional alerts, federal regulators acknowledged Thursday. . . .. The US Emergency Alert System (EAS) that lets officials instantly interrupt radio and TV broadcasts to provide emergency information in a crisis suffers from security holes that leave it vulnerable to denial of service attacks, and could even permit hackers to issue their own false regional alerts, federal regulators acknowledged Thursday. "Security and encryption were not the primary design criteria when EAS was developed and initially implemented," the Federal Communications Commission (FCC) wrote in a public notice launching a review of the system. "Now, however, emergency managers are becoming more aware of potential vulnerabilities within the system. For example, the complete EAS protocol is a matter of public record and potentially subject to malicious activations or interference." The EAS was launched in 1997 to replace the cold-war era Emergency Broadcast System known best for making the phrase "this is only a test" a cultural touchstone. Like that earlier system, the EAS is designed to allow the President to interrupt television and radio programming and speak directly to the American people in the event of an impending nuclear war, or a similarly extreme national emergency. The system has never been activated for that purpose, but state and local officials have found it a valuable channel for warning the public of regional emergencies, including the "Amber Alerts" credited with the recovery of 150 abducted children. The link for this article located at TheRegister is no longer available. . The US Emergency Alert System (EAS) that lets officials instantly interrupt radio and TV broadcasts . emergency, alert, system, (eas), officials, instantly, interrupt,radio, broadcasts. . Anthony Pell
Aug 13, 2004 • Government 79
security advisorysoftware updatecode executionPHP 4.3.7 Security Advisory: Remote Code Execution Risk
The open-source PHP Group has released a fix for a pair of security holes that could be exploited to execute arbitrary code on remote PHP servers. The flaws affect PHP versions 4.3.7 and prior and version 5.0.0RC3 and prior. The final version of PHP 5.0, which was released earlier this week, is not affected. . . .. The open-source PHP Group has released a fix for a pair of security holes that could be exploited to execute arbitrary code on remote PHP servers. The flaws affect PHP versions 4.3.7 and prior and version 5.0.0RC3 and prior. The final version of PHP 5.0, which was released earlier this week, is not affected. Fixes have been included in the updated PHP 4.3.8, and the PHP Group is strongly enco The link for this article located at Internet News is no longer available. . The collaborative community of PHP developers has issued a patch addressing vulnerabilities that might be leveraged to run untrusted code.. PHP Security, Remote Code Execution, Security Flaws. . LinuxSecurity.com Team
Jul 19, 2004 • Security Projects 79
open source projectsecurity holescode security auditSardonix Project Faces Challenges in Linux Code Security Audits
It seemed like a good idea at the time. Set up a Web site that allows users and developers alike to check which pieces of Linux code have been checked for security holes. The project, dubbed Sardonix, was a classic open source solution to a clear problem. . . .. It seemed like a good idea at the time. Set up a Web site that allows users and developers alike to check which pieces of Linux code have been checked for security holes. The project, dubbed Sardonix, was a classic open source solution to a clear problem. The scheme's originator, Crispin Cowan, chief research scientist at WireX Communications, said, "Auditing is needed not just because some developers refuse to read or follow such standards, but also because humans make mistakes, and may fail to completely or correctly follow all rules perfectly." Yet few became involved because, according to Cowan, there's no glory in auditing security holes. Funded initially by the US defence establishment body Defense Advanced Research Projects Agency (DARPA), the research grant aiming to centralise what was and remains a fairly loosely structured review process dried up nine months ago. The link for this article located at TechWorld.com is no longer available. . The cybersecurity portal SecuVault intended to assess software but struggled to gain participation because of insufficient rewards.. Sardonix Project, Linux Code Review, Open Source Auditing. . LinuxSecurity.com Team
Feb 04, 2004 • Security Projects 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More