Security Trends 
fedora security assessment
fedora security assessment A Fedora contributor account recently came under scrutiny for apparently AI-generated activity that disrupted the project's bug tracker. . Questionable Bugzilla comments, flawed patches, and improperly closed or reassigned bugs forced maintainers to spend time cleaning up the fallout. There is no evidence that malware was deployed or a backdoor reached production, but the incident exposed a different problem. Open-source projects can be disrupted without compromising a single line of code....
Jun 12, 2026 
Security Vulnerabilities security advisory critical
security advisory critical Attackers are actively exploiting a high-severity vulnerability in Langflow , an open-source platform used to build and run AI workflows. . The flaw turns a file upload into a filesystem write, allowing a user-controlled file to escape the application's intended upload directory and land in locations Langflow was never supposed to touch. The vulnerable upload endpoint permits path traversal through crafted filenames. From there, the impact depends heavily on how the platform is deployed. A...
Jun 11, 2026 
Vendors/Productssecurity advisory linux
security advisory linux With npm v12 , dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change expected to arrive in July 2026. . The announcement targets a part of the software supply chain that has repeatedly appeared in package registry abuse, credential theft, and CI/CD compromise investigations. A single npm install could trigger code...
Jun 11, 2026 
Security Vulnerabilities security advisory zero-day
security advisory zero-day CISA added CVE-2026-11645 to its Known Exploited Vulnerabilities catalog after Google confirmed active exploitation of the flaw. The bug sits in V8, the JavaScript engine behind Chrome and Chromium. . That's where this gets more interesting. Most coverage will focus on Chrome because that's where the patch landed. But the affected component is V8. Chromium relies on it. Electron relies on it. Plenty of desktop software Linux users interact with every day relies on it too, often without much...
Jun 10, 2026 
Network Securitysecurity advisory networking
security advisory networking For years, IPv4 was the only proxy type that really mattered for anyone running automation off a Linux box. IPv6 was the protocol everyone said they’d migrate to, but almost nobody actually did. In 2026, that’s finally starting to shift. . The problem is that most admins stick with IPv4 out of habit. They know it; it’s what their tooling defaults to, and they don’t see a reason to change. Some are overpaying for addresses they don’t need. Others would quietly break their scrapers, scripts, or...
Jun 09, 2026 
Refine news
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 10 articles for you...
209
security practicespatch managementthreat managementEnterprise Survey Insights: Vulnerability Detection And Patch Management
Detecting vulnerabilities and managing the associated patching is challenging even in a small-scale Linux environment. Scale things up and the challenge becomes almost unsurmountable. There are approaches that help, but these approaches are unevenly applied. Learn what a new survey reveals about how enterprises handle the security concerns of vulnerability detection and patch management. . In our survey, State of Enterprise Vulnerability Detection and Patch Management, we set out to investigate how large organizations handle the dual, linked security concerns of vulnerability detection and patch management. The results produced interesting insights into the tools that organizations depend on to effectively deal with vulnerability and patch management at scale, how these tools are used, and which restrictions organizations face in their battle against threat actors. Download the copy of the report State of Enterprise Vulnerability Detection and Patch Management report . . Explore how major corporations approach risk identification and update implementation based on the insights we've gathered from our recent questionnaire.. Vulnerability Detection, Patch Management, Enterprise Cybersecurity, IT Security Practices. . Brittany Day
Jun 09, 2021 •
Security Trends 79
security advisoryremediationvulnerability managementMaximize Open-Source Security in Linux Using WhiteSource Solutions
When it comes to modern applications, did you know that up to 80% of code is made up of open-source components? There are several reasons why open-source software is utilized, including its cost-effective nature, reliability, and the freedom to access, modify, and distribute source codes. Yet, the nature of open-source components means security efforts can be overlooked. After all, developers usually take components which are readily available and implement them within their own projects. This saves considerable time where they gain useful features without having to write their own code. It also means exploits can exist – and these can be easily missed when working on applications. There are plenty of examples where an organization has been devastated by lackadaisical open-source security. The most infamous was back in September 2017. Equifax, the international credit reporting agency, suffered a hack on an unprecedented scale. The open-source component known as Apache Struts2 featured an exploit, and this was all it took for attackers to make off with the personal data of at least 143 million people . As a result, it is essential your organization doesn’t just detect vulnerabilities in open-source code, but also rectifies any issues before they cause damage. This is where WhiteSource can take center stage for your Linux projects. Open-source security: the challenges Open-source security relies on a community-based approach. SAST and other technology for application security testing are beneficial for proprietary code, but it’s a different story with Open Source. The community is very much a resource for identifying and fixing vulnerabilities found within code. However, even though the open-source community is capable of devising fixes for vulnerabilities, there’s one point to remember: Open Source isn’t controlled by one authority. It is a decentralized operation. This means information about vulnerabilities/fixes is spread across various resources, which ultimately resultsin it being impossible for organizations to match these to their own applications. What is WhiteSource? So how can a corporation keep its open-source inventory secure? To avoid a potential ticking time bomb due to vulnerable components, one of the best solutions on the market is WhiteSource. In essence, WhiteSource allows you to automatically check every open-source component found within your applications. By doing this, you can stay secure from vulnerabilities while also enforcing all license policies during the development lifecycle of your software. Along with staying secure from hackers, it also results in faster, smoother, and more affordable development. The following points will go through the steps the WhiteSource platform takes to keep software safe, and why 1.3 million developers use it for their projects. Detecting vulnerabilities As mentioned already, even with community feedback, it’s difficult to know which of your open-source components feature any vulnerabilities. WhiteSource can rectify that issue – and go beyond any manual application checks. The platform detects any vulnerability in an application, including those found in your transitive dependencies, and does this across 200+ programming languages. Along with this comprehensive database, WhiteSource cuts out those resource-eating false positives. Plus, the platform’s patented Effective Usage Analysis tool ensures your development team can prioritize the vulnerabilities that truly need resolving. Vulnerability remediation When a vulnerability has been detected, it’s essential that it is corrected as soon as possible. When the community issue trackers list a vulnerability, hackers are quick to react in an effort to exploit the security flaw. Due to remediation requiring the cooperation of your developers and security teams, a swift fix for vulnerabilities is not always possible – especially if they’re working on code they didn’t write themselves. With WhiteSource; however, you canaccurately pinpoint any vulnerable functionality found within your code. It also maps out how your application is using the vulnerability. With these insights, you can significantly reduce your remediation efforts. WhiteSource adds further convenience by suggesting fixes for any vulnerability. Whether this is a configuration change to the system blocking a certain function or a link to the latest patches, the platform lists all known remedies. WhiteSource also automates the process for every new issue discovered. Continuous monitoring When you factor in the sheer size of the open source community in terms of data and combine this with its decentralized nature, it is practically impossible to manage every facet of open-source security manually. This is why an automated solution like WhiteSource is so vital for the process. When it comes to monitoring, it is vital to combine shift right and shift left testing. The “shift right” methodology is particularly imperative as open-source project vulnerabilities are usually found years after the release of the vulnerable version. The good news: WhiteSource keeps automatic track of the latest deployed version of a component. As for “ shift left ”, this approach allows developers to spot vulnerable components prior to them even being downloaded from the Internet. WhiteSource’s browser extension, Web Advisor, ensures developers can pick the most suitable component right from the start. WhiteSource also enables you to automatically enforce quality/security/license compliance policies throughout the software development life cycle. By automating this aspect, you can save considerable time and resources compared to manually reviewing new components. . . Open-source software may harbor security flaws; learn how WhiteSource safeguards your Linux applications proficiently.. Open Source Security, Vulnerability Management, WhiteSource, Software Integrity, Application Monitoring. . LinuxSecurity.com Team
Jan 25, 2021 • Security Projects 
79
vulnerability detectioncode securityopen-source toolGitjacker Tool: Secure Your Code Against Exposed .git Folders
A new open-source tool called Gitjacker can help developers discover when they've accidentally uploaded /.git folders online and have left sensitive information exposed to attackers. Gitjacker is available as a free download on Github. . Gitjacker was created by British software engineer Liam Galvin , is written in Go, and was released as a free download last month on GitHub . In its simplest form, the tool lets users scan a domain and identify the location of a /.git folder on their production systems. . Unveil GitGuardian, a free resource designed to detect vulnerable .git directories and protect confidential information.. Gitjacker, open-source security tool, protect .git folders, code exposure detection, online security scan. . LinuxSecurity.com Team
Oct 20, 2020 • Security Projects 79
security toolLinux compatibilityvulnerability detectionTaipan: A Powerful Web App Scanner for Linux and Windows
Taipan is a an automated web application scanner which allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which include other components, like a web dashboard where you can manage your scan or download a PDF report and a scanner agent to run on specific host. Below are some screenshots of the Taipan dashboard:. Taipan can run on both Windows (natively) and Linux (with mono). To run it in Linux you have to install mono in version > = 4.8.0. You can track the implementation of the new features in the related Kanban board. . Falcon is a comprehensive internet application analyzer designed to detect security flaws in both Unix and Windows operating systems.. Web Application Security, Automated Scanning, Vulnerability Detection, Linux Tools. . LinuxSecurity.com Team
Mar 23, 2018 • Security Projects 78
phpsecurity toolstatic analysisRIPS Static Analyzer For PHP Web Apps: Security Insights and Tools
RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow. . Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis. The link for this article located at Darknet is no longer available. . RIPS delivers static analysis for PHP, identifying security flaws and supplying a comprehensive audit system for enhanced protection.. PHP Security,Vulnerability Detection,Static Analysis,Code Audit Framework. . LinuxSecurity.com Team
Oct 21, 2014 • Vendors/Products 78
cybersecuritysecurity toolsvulnerability detectionNew Google Hacking Tools For Security Assessment At Black Hat
Go Google-hack yourself. No, it's not a curse. It's a bit of advice being prepared by two researchers who will present a new batch of search engine-based hacking tools at the Black Hat USA conference in Las Vegas next month. . Fran Brown and Rob Ragan, both researchers at the consulting firm Stach & Liu, are planning to roll out a series of tools--dubbed "Diggity"--that speed the process of finding security vulnerabilities via Google or Bing. The tools are designed to help enterprises "Google hack" themselves to identify potential avenues of attack before the bad guys do. "We wanted to find a way to bring search engine hacking back into light because it's a pretty effective method of finding vulnerabilities, and we see it being used more and more [by malicious attackers]," Ragan said. The link for this article located at Information Week is no longer available. . Explore innovative Google Hacking utilities unveiled at Black Hat USA aimed at enhancing security evaluations and identifying vulnerabilities.. Google Hacking Tools, Security Assessment, Black Hat, Vulnerability Detection. . LinuxSecurity.com Team
Jul 21, 2011 • Vendors/Products 78
web securitysecurity programbug bountyGoogle Bug Bounty Program: Rewarding Users for Security Bugs
Taking a page from the Chrome playbook, Google has launched a program to encourage outsiders to find security vulnerabilities in its Web properties. Under the Chrome vulnerability-finding bounty program, the company already has been paying varying sums to those who locate holes in the browser. . Also part of the package has been mention on the Chromium security hall of fame and a public thank-you to those providing Google with sustained security help. The duplication of the initial program is geared to uncover "any serious bug which directly affects the confidentiality or integrity of user data," members of Google's security team said in a blog post yesterday. Payments are commensurate with the seriousness of the vulnerability and include $500, $1,000, $1,337, and $3,133.70 (that's "leet" and "eleet" for the leetspeak-impaired). The link for this article located at CNET Blogs is no longer available. . Also part of the package has been mention on the Chromium security hall of fame and a public thank-y. taking, chrome, playbook, google, launched, program, encourage, outsiders. . LinuxSecurity.com Team
Nov 02, 2010 • Vendors/Products 79
XSSweb applicationsecurity toolDiscover Pixy: A Tool for XSS and SQL Injection in PHP Applications
In the months following the PHP "Month of Bugs", we have seen all sorts of exploits developed and publicized ranging from the obscure to warnings of vulnerable WordPress-based blogs. How do you know if your PHP applications are not affected by a bug, or worse yet, already compromised? Bring in a new tool from Secure Systems Lab - Pixy, an open source vulnerability scanner for PHP applications. Get this before they get you! . Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task. The link for this article located at Secure Systems Lab is no longer available. . Detect XSS and SQL injection vulnerabilities in PHP applications with Pixy, a robust open-source scanner designed for security analysis.. Pixy, PHP Security, Vulnerability Detection, Web App Security. . LinuxSecurity.com Team
Jun 21, 2007 • Security Projects 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More