Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
78
security advisoryserver configurationweb applicationsTurnkey Linux 14 Enhanced TLS Security for Improved Web App Safety
Turnkey has improved SSL/TLS security. The net result is that TurnKey appliance's overall administrator tools, Webmin and Webshell, are now hidden behind stunnel using TLS. In addition, the three supported web servers used across appliances (Apache, LigHTTPd and Nginx) are now configured to use consistent hardened TLS cipher suite and settings. The Tomcat JavaServer also has hardened TLS settings. . As before, Turnkey continues to offer a wide variety of both popular and niche server programs. These include commonly used programs such as WordPress blogging, the Node.js Javascript runtime environment, and Drupal content management system (CMS) It also offers more exotic servers including Ushahidi crisis crowd-sourcing server; Zurmo, a gamified customer-relationship management (CRM) application; and Sahana Eden, a humanitarian response management system. . Explore the robust security features of Turnkey Linux 14, featuring TLS for secure communications, perfect for small businesses needing tailored server solutions. Turnkey Linux, TLS Security, Web Applications, Server Configuration. . LinuxSecurity.com Team
Mar 14, 2017 •
Vendors/Products 67
web securityserver configurationssl certificateStep-By-Step StartSSL Certificate Installation For Apache Web Server
Owning a web server that has its own SSL certificate from a registered Certificate Authority (so it won't trigger any browser warnings) does have its advantages. However, the price of a certificate issued by Verisign or a similar vendor usually tends to put a quick end to such fanciful ideas. Israeli vendor StartSSL offers free SSL server certificates that are valid for a year.. Since StartSSL's root certificates are already included in all the mainstream browsers, opening a certificate from the vendor doesn't trigger any error messages. This article gives examples of all the steps required to add StartSSL certification, from signing up with StartSSL to integrating the certificate into an Apache web server under Linux. The only requirement for obtaining a certificate for a domain is that a user must be able to receive emails to an administrative account (postmaster, hostmaster or webmaster). There are no additional checks to verify whether the user actually owns the respective domain (incidentally, this is similar to other CAs such as RapidSSL). Furthermore, an issued certificate is only useful if it can subsequently be installed on a server. Those who own a "business card" type of home page with a web hosting service cannot, therefore, use such a certificate because they don't have access to the server configuration. The procedure is similar for Apache under Windows and Internet Information Server (IIS) under Windows. With IIS, the required steps need to be executed on the Microsoft Management Console (MMC). The link for this article located at H Security is no longer available. . Setting up a StartSSL certificate on an Apache web server enables encrypted web access while eliminating security alerts.. StartSSL, SSL, Apache Configuration, Web Security, Secure Browsing. . LinuxSecurity.com Team
Jan 22, 2010 • Cryptography 
78
security advisoryUbuntupackage managementAnalyzing Ubuntu Server Security Insights And AppArmor Setup
Is Ubuntu Security what is claims to be? Some say yes, some say no. Carla Schroeder from Enterprise Networking Planet chimes in on server versus desktop kernel issues, and gives Ubuntu Server a whirl. What are the differences between versions? How does it handle package management, LAMP Stack and Iptable set-up? What about AppArmor? AppArmor is supposed to be the "real world" alternative to SELinux. Unfortunately there is nothing included that explains the default AppArmor configuration, or how to modify it. Also: Some users might have an expectation that Ubuntu Server will be all shiny and easy like Ubuntu Desktop. It's not . . Ubuntu Security aims to protect systems from threats, yet vulnerabilities are evident, especially in server setups where default settings fall short.. Ubuntu Server, AppArmor Configuration, Security Insights. . LinuxSecurity.com Team
Nov 20, 2007 • Vendors/Products 74
remote accessnetwork administrationssh securitySecure Your SSH Server Against Brute-Force Attacks Effectively
Practically all UNIX-based servers run a SSH server to allow remote administration across the Internet. From time to time, you might notice a large number of failed login attempts. Often, these are brute-force attacks against your SSH server In this hack, we. Change the default port Configure your SSH daemon to listen on a non-standard port. SSH servers have no trouble doing this. Just make sure you configure your firewalls to allow connections to the new port. For instance, to have your SSH daemon to accept connections on port 2222, edit the sshd_config file and modify the value of Port to 2222 and restart the SSH daemon. The link for this article located at Security-Hacks is no longer available. The link for this article located at Security-Hacks is no longer available. . Discover methods to secure your SSH server against brute-force assaults by modifying default port configurations and improving overall security measures.. SSH Security, Brute-Force Defense, Secure Remote Access, Server Hardening. . Bill Locke
May 27, 2007 • Network Security 77
.htaccesswebsite optimizationperformance tuning.htaccess Tweaking Guide for Server Performance and Speed Optimization
In this tutorial we are going to improve our website by tweaking out the .htaccess file. Why I wrote this article? Because on the net I have found many articles about this little beast, but every one of them dealt with a specific issue and not look at the overall usage of these files, or they are just too big when you need to do a thing in little time. So I’m trying to collect all the useful bits of data in a monolithic but slim tutorial, which will be updated as I collect more information. But first, let’s see what .htaccess file is. . The link for this article located at VortexMind is no longer available. . Enhance your website's performance with .htaccess optimizations like Gzip compression, browser caching, secure redirection, and clean URLs. Apache .htaccess, Optimization Tips, Web Configuration, Server Performance, Website Speed. . LinuxSecurity.com Team
Feb 28, 2006 • Server Security 78
network securitymail serverweb serverEnGarde Secure Linux 1.2: Simplified High-Security Server Configuration
Setting up a secure server isn't necessarily for the faint of heart. To make it easier for IT administrators, Guardian Digital Inc. has released EnGarde Secure Linux Version 1.2, offering a secure server operating system for mail, Web and other servers without the hassle of an intricate customization.. . .. Setting up a secure server isn't necessarily for the faint of heart. To make it easier for IT administrators, Guardian Digital Inc. has released EnGarde Secure Linux Version 1.2, offering a secure server operating system for mail, Web and other servers without the hassle of an intricate customization. The idea, said Dave Wreski, business director for the Upper Saddle River, N.J.-based security vendor, is that by building a secure Linux operating system from the ground up with the latest Linux kernel, Guardian can create a high-security system that doesn't need lots of user intervention. Instead of having system administrators go through the program and disable services, as occurs with many server operating systems, all services are turned off in the default installation. That gives companies quick control over their own network security, Wreski said. The link for this article located at ComputerWorld is no longer available. . Fortress Tech's SafeGuard Server OS 2.0 simplifies secure server configuration for system administrators by incorporating predefined security protocols.. Secure Server,Linux OS,Network Management,System Administration,Guardian Digital. . LinuxSecurity.com Team
Jun 17, 2002 • Vendors/Products 82
cyber defenseweb serversecurity guidelinesNIST: Comprehensive Web Server Security Guidelines Draft Released
Tackling one of the prime targets on a network for cyberattacks, the National Institute of Standards and Technology released a draft of its new guidance on securing public Web servers March 1. The draft special publication is intended for technical personnel, as it contains detailed guidance and checklists on how to configure the Web server itself. . .. Tackling one of the prime targets on a network for cyberattacks, the National Institute of Standards and Technology released a draft of its new guidance on securing public Web servers March 1. The draft special publication is intended for technical personnel, as it contains detailed guidance and checklists on how to configure the Web server itself , as well as the underlying operating system and security products, such as firewalls and intrusion detection systems. The guide also covers security administration procedures for Web servers, including logging, backup, recovery, testing and remote administration. The link for this article located at FCW is no longer available. . The Cybersecurity Task Force has unveiled essential protocols aimed at enhancing Cloud infrastructure resilience.. Web Server Security,Cyberattack Defense,Security Configuration,Technical Guidelines,Network Security. . Anthony Pell
Mar 05, 2002 • Government 77
server configurationsecurity tipsapache securityBest Practices to Secure Apache Virtual Hosts and Enhance Security
Tips on securing apache for use with virtual hosts. "There is no best way to do this except to be paranoid about every detail, pay attention to security alerts and trust no one. Fortunately, Apache has some recommendations. Here is how . . . . Tips on securing apache for use with virtual hosts. "There is no best way to do this except to be paranoid about every detail, pay attention to security alerts and trust no one. Fortunately, Apache has some recommendations. Here is how to put them in practice for AllCommerce. The basic procedure is to start by nailing *everything* down to the most secure configuration. Then, as needed, enable individual capabilities. Let's start with the Apache server file ownership and permissions. " The link for this article located at OpenSales is no longer available. . Enhance your Apache web server security by updating regularly, configuring SSL, setting proper permissions, and implementing security headers and logging. Apache Security, Configuring Virtual Hosts, Server Best Practices. . LinuxSecurity.com Team
Jun 29, 2000 • Server Security 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More