Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 13 articles for you...
210
security advisoryzero-daysoftware exploitApache HTTP Server Urgent Patch: Zero-Day Exploit Severity
Developers behind the Apache HTTP Server Project are urging users to apply a fix immediately to resolve a zero-day vulnerability. . According to a security advisory dated October 5, the bug is known to be actively exploited in the wild. Apache HTTP Server is a popular open source project focused on the development of HTTP server software suitable for operating systems including UNIX and Windows. . The PostgreSQL Global Development Group emphasizes immediate measures for an essential update that tackles persistent security vulnerabilities.. apache http, zero-day exploit, software vulnerability, open source patching. . Dave Wreski
Oct 07, 2021 •
Security Vulnerabilities 83
zero-daycybersecuritythreat detectionCombatting Zero-Day Threats and Vulnerabilities Effectively Today
How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well. . Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unknown . Zero-day vulnerabilities pose significant cybersecurity risks due to being unknown to vendors. Proactive defense strategies and workforce awareness are vital for mitigation. Zero-Day Vulnerability, Threat Detection, Software Exploitation, Defense Strategies. . LinuxSecurity.com Team
Mar 14, 2017 • Hacks/Cracks 
83
malwaresecurity threatsoftware exploitBitcoin Botnet Affects Thousands After Cracked Watch Dogs Download
Tens of thousands of pirate gamers have been enslaved in a Bitcoin botnet after downloading a cracked copy of popular game Watch Dogs.. A torrent of the infected title, which supposedly has had its copy-protection removed, had almost 40,000 active users (seeders and leachers) and was downloaded a further 18,440 times on 23 May on one site alone. The link for this article located at The Register UK is no longer available. . A torrent of the infected title, which supposedly has had its copy-protection removed, had almost 40. thousands, pirate, gamers, enslaved, bitcoin, botnet, downloading, cracke. . LinuxSecurity.com Team
May 28, 2014 • Hacks/Cracks 76
online securitysoftware exploitbrowser exploitPwn2Own Day One: Researchers Earn $400K Through Major Browser Exploits
Researchers on Wednesday cracked Microsoft's Internet Explorer 11 (IE11), Mozilla's Firefox and Adobe's Flash and Reader at the Pwn2Own hacking contest, earning $400,000 in prizes, a one-day record for the challenge.. Pwn2Own continues today, when other teams and individual researchers will take their turns trying to break Apple's Safari and Google's Chrome. The link for this article located at Network World is no longer available. . In the latest Pwn2Own event, participants have collectively earned $400,000 by successfully uncovering vulnerabilities in leading web browsers, including Chrome, Safari, and others.. Pwn2Own, Hacking Contest, Browser Security, Internet Explorer, Mozilla Firefox. . Alex
Mar 13, 2014 • Organizations/Events 79
security policysoftware exploitsecurity expertsGoogle's Zero-Day Disclosure Policy Change: Mixed Reactions from Experts
Google's dramatic shift to a seven-day grace period before disclosing actively exploited zero-day vulnerabilities in software has drawn both praise and derision from security experts.. Security engineers Chris Evans and Drew Hintz said on Wednesday in the Google Online Security Blog that the company was dropping the previous 60-day window. The link for this article located at CSO Online is no longer available. . Security engineers Chris Evans and Drew Hintz said on Wednesday in the Google Online Security Blog t. google's, dramatic, shift, seven-day, grace, period, disclosing, actively, exploited, zero-day. . LinuxSecurity.com Team
Jun 03, 2013 • Security Projects 78
security advisorydata theftconsumer electronicsDiscovering Security Flaws in Internet-Ready TVs Leads to Data Theft
New York: Researchers at Mocana are being troubled with their recent discovery of an easy way of hacking into a best-selling internet-ready HDTV model. The security technology company in San Francisco easily discovered a loop hole in the software that shows Web sites on the TV and used that as an opportunity in order to gain a control on the information being sent to the television. . By doing this, it becomes a cakewalk for them to put up a fake screen for a site like Amazon.com and then request for a credit card billing detail regarding the purchase made. This strategy also enables them to monitor data being sent from the TV to sites, reports Ashlee Vance from the New York Times. "Consumer electronics makers as a class seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's chief executive. "I can tell you for a fact that the design teams at these companies have not put enough thought into security.". By doing this, it becomes a cakewalk for them to put up a fake screen for a site like Amazon.com and. researchers, mocana, being, troubled, their, recent, discovery. . LinuxSecurity.com Team
Dec 28, 2010 • Vendors/Products 79
malicious activitysoftware exploitdefense strategySandboxing Techniques To Mitigate Software Attacks And Exploits
Exploitation of just ONE software vulnerability is typically all that separates the bad guys from compromising an entire machine. The more complicated the code, the larger the attack surface, and the popularity of the product increases the likelihood of that outcome. Operating systems, document readers, Web browsers and their plug-ins are on today. Visit a single infected Web page, open a malicious PDF or Word document, and bang The link for this article located at ZDNet Blogs is no longer available. . Discover the increasing dangers posed by cyber threats and examine how sandboxing technologies can safeguard your infrastructure against harmful invasions.. Sandboxing Techniques, Code Exploitation, Software Defense Strategies. . LinuxSecurity.com Team
Dec 22, 2010 • Security Projects 79
security advisorysecurity issuemalwareApple Security Advisory: 20 Bugs Exposed By Charlie Miller
Charlie Miller has a habit of publicly upending Apple's security claims. Real cyberspies may be doing the same thing in private. Charlie A. Miller loves his Macbook Pro laptop. And his four other Apple PCs, the iPhone he uses daily and two older iPhones he keeps for tinkering. But his relationship with the company that created those gadgets is somewhat more complicated. . In March, for instance, the 36-year-old security researcher publicized his discovery of 20 security vulnerabilities in Apple software. Each would allow a cybercriminal to take over the computer of a user who's tricked into opening a certain PDF attachment or who simply visits an infected Web page using Apple's Safari browser. That haul of security bugs is a record even for Miller, who over the last four years has become perhaps the world's most prominent Mac hacker. It may also be the most definitive proof yet that Apple devices aren't safe "right out of the box," as the company has claimed for years. "When I first began saying that Macs were less secure than Windows, everyone thought I was an idiot," says Miller. "So I had to prove it again and again and again." In 2007 Miller became the first to hack the iPhone, using a flaw in its Safari browser to remotely gain control of the no-so-smart phone. Six months later he hacked a Macbook Air in two minutes at a competition in Vancouver. Last summer he revealed a method that allowed him to virally hijack the iPhone using text messages spread via a user's contact list. The link for this article located at Forbes is no longer available. . In March, for instance, the 36-year-old security researcher publicized his discovery of 20 security . charlie, miller, habit, publicly, upending, apple's, security, claims, cyberspies. . LinuxSecurity.com Team
Mar 26, 2010 • Security Projects 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More