Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

Stay Ahead With Linux Security News

Open Source Hero Esm H350
GovernmentPrice Tag%201European Commission public sector

Some of the software the world depends on most is maintained by people most users will never know by name. The project might be sitting inside Linux distributions, enterprise software, cloud platforms, and government systems without most users ever realizing it is there. . The problem is not difficult to find. Critical software components can end up supporting thousands of products and services while being maintained by small teams with limited resources. By the time a vulnerability,...
1 min read Government
Openstack Hero Image Esm H350
Server SecurityPrice Tag%201security advisory privilege escalation

The recent Keystone advisory is unusual because the vulnerabilities are scattered across several features but keep affecting the same class of security controls. Application credentials, trusts, RBAC enforcement, project ownership validation, token expiration. Different code paths. Similar failures. . Most require authentication already. The concern is what happens after access exists. Several of the disclosed vulnerabilities affect how Keystone validates identity, ownership, delegation, and...
5 - 9 min read Server Security
2.Motherboard Esm H350
Security Vulnerabilities Price Tag%201security advisory authentication bypass

Fortinet has confirmed active exploitation of three FortiSandbox vulnerabilities . One allows attackers to bypass login controls, while the other two enable command execution directly on the appliance. Combined, they create a path from unauthenticated access to direct interaction with a system many organizations trust to analyze suspicious content. . In many environments, FortiSandbox sits between incoming content and the systems responsible for making security decisions about it. Before a...
3 - 6 min read Security Vulnerabilities
Joomla Comp Hero Esm H350
Security Vulnerabilities Price Tag%201security advisory critical

The Joomla Content Editor (JCE), one of the most widely deployed editor extensions for Joomla websites, is currently under active attack due to a critical vulnerability. . The issue, tracked as CVE-2026-48907 , affects JCE versions earlier than 2.9.99.5 and carries a CVSS score of 10.0. Because JCE is installed on a large number of public-facing Joomla sites, the vulnerability has quickly become a high-priority target for attackers and automated scanning campaigns. CISA has added the flaw to...
3 - 6 min read Security Vulnerabilities
Jetbrains Hero Esm H350
Security Trends Price Tag%201security advisory open-source

At least 15 malicious plugins and nearly 70,000 installs later, developers are being reminded that trusted marketplaces can become supply-chain attack vectors overnight. . How Malicious Plugins Steal API Credentials It’s simple. The user installs a plugin. It asks for API credentials. The developer clicks "Apply." A short time later, those keys could be sent to a third-party server. Think of an API key like a valet key to your house. It doesn't give them the deed to the property, but it lets...
3 - 5 min read Security Trends
Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

Is automated patching safe for servers?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/152-is-automated-patching-safe-for-servers?task=poll.vote&format=json
152
radio
0
[{"id":491,"title":"No: Bad updates break production","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":492,"title":"Yes: unpatched flase are worse","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":493,"title":"Only with AI-driven testing rollback","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -4 articles for you...
210
32.Lock Code Circular Esm H240
Price Tag%201security advisorysecurity issueRed Hat

Red Hat RPM Security Advisory: Major Flaw by CloudLinux Developer

Red Hat has used RPM for software package distribution for decades, but thanks to CloudLinux developer Dmitry Antipov we now know that RPM contained a nasty hidden security bug since Day One. A repair patch for this major security hole has been submitted, but Antipov fears that it may be months before the fix is released. . In 1995, when Linux 1.x was the hot new Linux kernel, early Red Hat founding programmers Marc Ewing and Erik Troan created RPM . This software package management system became the default way to distribute software for Red Hat Linux-based distributions such as Red Hat Enterprise Linux (RHEL) , CentOS Stream , AlmaLinux OS , and Rocky Linux . Unfortunately, hidden within its heart is a major security hole. Dmitry Antipov, a Linux developer at CloudLinux , AlmaLinux OS's parent company, first spotted the problem in March 2021. Antipov found that RPM would work with unauthorized RPM packages . This meant that unsigned packages or packages signed with revoked keys could silently be patched or updated without a word of warning that they might not be kosher. . An important vulnerability in RPM identified by Dmitry Antipov poses risks for Red Hat and related distributions.. Red Hat Package Management, RPM Security Flaw, Linux Issues, CloudLinux. . Brittany Day

Calendar%202 Jul 01, 2021 User Avatar Brittany Day Security Vulnerabilities
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

Is automated patching safe for servers?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/152-is-automated-patching-safe-for-servers?task=poll.vote&format=json
152
radio
0
[{"id":491,"title":"No: Bad updates break production","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":492,"title":"Yes: unpatched flase are worse","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":493,"title":"Only with AI-driven testing rollback","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here