Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
83
security advisorycriticalVoIPSkype: Critical Security Risk Enables User Location Tracking
A glaring security flaw's been uncovered in Skype and other VoIP systems, potentially allowing hackers to access users' identities, locations and even files.. Skype claims more than a half-billion registered users, and one report suggests that one in five overseas calls is made using the service. But researchers headed by a team at the Polytechnic Institute of New York University say that Skype can be used to track not only users The link for this article located at TG Daily is no longer available. . Skype claims more than a half-billion registered users, and one report suggests that one in five ove. glaring, security, flaw's, uncovered, skype, other, systems, potentially, allowing, hacke. . LinuxSecurity.com Team
Oct 25, 2011 •
Hacks/Cracks 82
online securityinternet privacydata retentionExploring How Access Logs Affect Privacy and Security Issues Today
When you use the Internet, a certain record of your activities is invariably created and - at least for a short time - retained by your Internet Service Provider. For example, when you establish an account with your ISP - whether it is AOL, Comcast, Verizon, Time-Warner, or any of thousands of ISPs you generally provide the ISP with your name, address, telephone number, and if it is a paid service, some form of payment - credit card, bank account, etc. The ISP will typically retain this account information, and will also keep records that associate this account information with any accounts that you create. Thus, while you think you are so clever creating the online persona "cyber-stud" the ISP knows that you are really a twenty nine year old permanent undergraduate engineering student living at home in your mother's basement. . This "real world" account information - associating a cyber persona with a real identity - is a gold mine for marketers, law enforcement agencies and the intelligence community, as they want to know who their customers or the users of online services really are. This information can be used for good or for evil. If there is an online pedophile or terrorist, one certainly wants the police to have the ability to, in close-to-real-time when necessary, be able to learn who these people are, and physically where they are as well. One would think that the police would need a subpoena or court order for this information, right? Well, not exactly. The link for this article located at is no longer available. . Digital footprints can expose personal data, merging online behaviors with real-life identities; this raises significant issues for privacy and safety in internet usage.. Access Logs, Data Retention, Internet Privacy. . Brittany Day
Jun 12, 2006 • Government 
78
red hatsecurity enhancementidentity managementRed Hat Security Enhancements: Smartcards And User Identity Management
Not content to rest on its laurels, Linux leader Red Hat is advancing its security aresenal with a number of enhancements and certifications. Red Hat Certificate System (RHCS) will be updated this year with support for smartcards and automated log-ins on Red Hat, as well as other platforms including Windows servers, desktop and Internet Explorer. RHCS, which evolved from technologies acquired from Netscape in 2004, triggers the deployment and maintenance of user identities via a Public Key Infrastructure (PKI) (define). . The link for this article located at InternetNews.com is no longer available. . Explore the ways in which Red Hat enhances security through innovative functionalities and accreditations related to user identity oversight.. Red Hat Security, Identity Management, Smartcard Support, PKI Enhancements. . LinuxSecurity.com Team
Feb 20, 2006 • Vendors/Products 74
user identityauthentication technologysecurity planningExploring Authentication Options And Trust Frameworks For Security
There are plenty of options for user authentication, but none is a "one-size-fits-all" solution. With so many available technologies, how do you select the right one for your organization's needs? "Systems architects sometimes get stuck on security planning, because it's hard . . . . There are plenty of options for user authentication, but none is a "one-size-fits-all" solution. With so many available technologies, how do you select the right one for your organization's needs? "Systems architects sometimes get stuck on security planning, because it's hard to choose among all the competing products and technologies. And nothing is tougher than finding a reliable means to identify and authenticate the user population. Reliable authentication is essential, of course, because so many security mechanisms base their accept/reject decisions on user identity. But there's no overall consensus about methods-that is, about the best way to authenticate someone in a given setting. Some security "experts" will tout a particular technology (biometrics, for instance, or PKI) as a one-size-fits-all solution. Others may rely on whatever off-the-shelf technology lies immediately at hand. The problem is that selecting a specific technology before you implement the general structure or "design pattern" of the solution is like putting the cart in front of the horse." . Investigate different methodologies for user identity verification, and discover customized approaches to strengthen your cybersecurity framework.. User Authentication, Trust Frameworks, Security Planning. . Anthony Pell
Sep 07, 2000 • Network Security 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More