Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -3 articles for you...
79
security practicessecurity assessmentvulnerability managementWhitebox Security Testing Using Code Scanning For Software Safety
Whitebox testing is notoriously difficult to do. Without automatic code scanning tools, scanning the source code requires a keen eye, concentration and an enormous amount of time to scan each line for security vulnerabilities. As intruders become more sophisticated at finding security vulnerabilities and writing exploitative code, it becomes more necessary to take every precaution before shipping software.These precautions can range from security training throughout the security development lifecycle (SDLC) to using tools such as source code scanners and vulnerability scanners. . Last year, more vulnerabilities were reported in shipping software than any previous year, according to CERT. Nearly 6000 new vulnerabilities surfaced in shipped software, and the state of the industry seems grim. Despite attempts by the larger and more proactive players in the industry, like Microsoft, IBM, HP and CISCO, to incorporate security in all phases of the SDLC, the number of reported vulnerabilities continues to increase. Where are the greatest weaknesses in software security? Were nearly 2000 more vulnerabilities discovered because security trainers did not transfer their knowledge properly? Or are hackers getting better at discovering these vulnerabilities? Do software corporations rely too much on perimeter defenses, such as firewalls, intrusion detection systems, deep packet inspectors and anti virus solutions? Is it just sheer complacency? Or is it really a combination of all of these things and more? The link for this article located at Dr. Dobbs Journal is no longer available. . The previous year witnessed an unprecedented volume of security flaws in released software applications. Delve into the methodologies and instruments associated with white-box testing.. Whitebox Tools, Code Scanning, Software Security, Vulnerability Assessment. . LinuxSecurity.com Team
Aug 16, 2006 •
Security Projects 79
security toolsecurity flawcode analysisExploring RATS And Flawfinder For Source Code Security Improvement
David Wheeler, author of the Secure Programming HOWTO and the RATS development team from Secure Software Solutions today announced open source source code security flaw scanners. " RATS scans through code, finding potentially dangerous function calls. . . . . David Wheeler, author of the Secure Programming HOWTO and the RATS development team from Secure Software Solutions today announced open source source code security flaw scanners. " RATS scans through code, finding potentially dangerous function calls. The goal of this tool is not to definitively find bugs. Instead, this tool aims to provide a reasonable starting point for performing manual security audits." "Flawfinder" states it will "scan source code and identify out potential security flaws, ranking them by likely severity." Both teams mentioned they will be joining forces to produce a single GPLd 'best of breed' source code scanner. Currently only capable of scanning C/C++ code, "Flawfinder will miss some security problems, and point out issues that aren't really security problems, but nevertheless I think it can help track down security problems in code so that the code can be fixed." "Flawfinder is in its very early stages - I'm labelling it version "0.12". It works reliably, but its ruleset is currently small and rudimentary. It can already find some security problems now, but expanding its ruleset will give it much more power." Rough Auditing Tool for Security, the code analysis effort by SSS, looks also to be promising. "The initial vulnerability database is taken directly from things that could be easily found when starting with the forthcoming book, "Building Secure Software" by Viega and McGraw. We plan on actively maintaining RATS. We welcome any feedback, bug reports or contributions. Particularly, we would like to incorporate any vulnerability information people contribute. However, we will need to determine that information is public knowledge before we can incorporate it into the release. Feedback will be useful as we workon new versions of the tool. In the future, we plan on enhancing the tool with better analysis Additionally, we plan on extending the tool to handle other programming languages. We'd appreciate feedback on which languages are most important to people. The developers can be reached at:
Jun 19, 2002 • Security Projects 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More