Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -2 articles for you...
82
security advisoryaccess controlsystem updateSELinux 6.6 Update: Eliminating NSA Origins For Improved Access Control
Security Enhanced Linux (SELinux) has been part of the mainline kernel for two decades to provide a security module implementing access control security policies and is now widely-used for enhancing the security of production Linux servers and other systems. Those that haven't been involved with Linux for a long time may be unaware that SELinux originates from the US National Security Agency (NSA). But now with Linux 6.6 the NSA references are being removed. . The United States National Security Agency worked on the original code around Security Enhanced Linux and was the primary original developer. The NSA has continued to contribute to SELinux over the years while with its increased adoption does see contributions from a wide range of individuals and organizations. With a lot of bad press for the NSA over the past decade due to various scandals, some open-source enthusiasts have questioned the NSA's involvement in SELinux and made other critical remarks. While there are NSA developers that remain involved with SELinux, beginning in Linux 6.6 the "NSA" references are being dropped -- in part to reflect that it's not an NSA-only affair. The link for this article located at Phoronix is no longer available. . Linux 6.6 sees SELinux evolving beyond its NSA origins, enhancing access control and privacy while prioritizing community collaboration and transparency. SELinux Security Module, Linux 6.6, Open Source Security, Access Control. . Brittany Day
Sep 03, 2023 •
Government 78
attack analysishacktivismsoftware modificationUnderstanding Anonymous's Sony Attack and Console Modifications
Recently, we have saw a . Why attack Sony? Because Anonymous believes individuals should be able to modify PlaySation3 consoles and Sony The link for this article located at Corrections is no longer available. . In 2011, Anonymous targeted Sony for limiting user freedoms, emphasizing the clash between gamer rights and corporate control in digital spaces.. Anonymous Hacking,Cyber Activism,Playstation 3 Security,Console Modification. . LinuxSecurity.com Team
May 16, 2011 • Vendors/Products 
74
buffer overflowkerberossecurity protocolKerberos Legal Issues And Security Protocol Modifications Amid Concerns
This article discusses the recent turmoil over the Slashdot postings regarding Kerberos, and the modifications that Microsoft has made to the Kerberos security protocol. "On Thursday, lawyers for Andover.Net, the parent company of the Linux enthusiast site Slashdot, posted . . .. This article discusses the recent turmoil over the Slashdot postings regarding Kerberos, and the modifications that Microsoft has made to the Kerberos security protocol. "On Thursday, lawyers for Andover.Net, the parent company of the Linux enthusiast site Slashdot, posted a response to a legal challenge posed by Microsoft Corp. lawyers last week over Kerberos. On the same day, the Massachusetts Institute of Technology announced it was working with Apple Computer Inc. to ensure availability of Kerberos for the forthcoming Mac OS X operating system. And to top it all off, CERT warned of a Kerberos buffer overflow that could result in severe security problems for certain implementations." The link for this article located at Interactive Week is no longer available. . This article discusses the recent turmoil over the Slashdot postings regarding Kerberos, and the mod. article, discusses, recent, turmoil, slashdot, postings, regarding, kerberos. . Anthony Pell
May 19, 2000 • Network Security 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More