Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 4 articles for you...
78
security advisorycross-site scriptingcritical fixWordPress 4.1.2 Critical Advisory: XSS Flaw Fix for All Versions
The maintainers of WordPress announced a new version for the blogging platform, which is considered a critical security release that addresses a highly important cross-site scripting (XSS) vulnerability. . The XSS glitch affects all earlier versions of the content management system (CMS), and successful exploitation would allow a potential attacker to compromise a vulnerable website. The link for this article located at Softpedia is no longer available. . WordPress 5.6.3 resolves a significant vulnerability in cross-site scripting impacting all earlier content management system versions effectively.. WordPress Security,XSS Flaw Fix,Content Management System Update. . LinuxSecurity.com Team
Apr 23, 2015
•
Vendors/Products
77
security advisorythreatxssWordPress 3.5.2 Moderate: XSS, DoS, and SSRF Security Fixes
With the second security and maintenance release of WordPress 3.5, the developers of the popular open source blogging software have closed 12 bugs, seven of them security issues. In their announcement, the developers "strongly encourage" all users to update all their installations of the software to version 3.5.2 immediately. . In addition to the fixed vulnerabilities, the new release also includes some proactive changes intended to harden the platform against attacks. The link for this article located at H Online is no longer available. . The latest WordPress version 3.5.2 comes packed with vital patches addressing XSS, DoS, and SSRF vulnerabilities, advising every user to upgrade immediately.. WordPress Update, XSS Fixes, DoS Mitigation, SSRF Security. . LinuxSecurity.com Team
Jun 24, 2013
•
Server Security
78
security advisorymedium severityxssPython 2.6.7 Medium Severity Advisory: XSS and DoS Risk Fix
The Python developers have released Python 2.6.7, as noted when Python 2.5.6 was released last week. Python 2.6 is in "security fix only" mode until October 2013, with no new bug fixes or features to come; Python 2.6.7 saw three medium severity issues addressed.. According to the Python 2.6.7 NEWS file, these were a vulnerability to XSS attacks in SimpleHTTPServer, a failure to follow redirections with file: schemes in urllib and urllib2 (CVE-2011-1521), and smtpd.py being vulnerable to DoS attacks due to missing error handling when accepting a new connection. Still to come this month are Python 3.2.1 on June 5 and Python 2.7.2 and 3.1.4 on June 11. Unlike the 2.5.6 and 2.6.7 security only updates, Python 2.7.2 and 3.1.4 will be more general maintenance releases and 3.2.1 will be the latest in the ongoing development of Python. The link for this article located at H Security is no longer available. . Python 2.6.7 introduces a crucial security update mitigating XSS and Denial of Service risks stemming from significant vulnerabilities.. Python 2.6 Security, XSS Risk, DoS Attack Fix, Security Enhancement. . LinuxSecurity.com Team
Jun 06, 2011
•
Vendors/Products
78
security advisorysoftware updatexssWordPress 3.1.1 Moderate: CSRF and XSS Security Issues Fixed
The WordPress.org development team has issued version 3.1.1 of its open source blogging and publishing platform, a maintenance and security update to WordPress 3.1 from late February. According to the developers, the update addresses nearly 30 issues in WordPress, including three security vulnerabilities.. WordPress 3.1.1 corrects a cross-site request forgery (CSRF) vulnerability in the media uploader, as well as a PHP related crash caused when handling specially crafted links in comments. A cross-site scripting (XSS) issue has also been fixed. The link for this article located at H Security is no longer available. . WordPress 5.8.2 addresses several security flaws including CSRF, XSS vulnerabilities and enhances safety measures within the media uploader for this open-source platform.. WordPress Update, CSRF Fix, XSS Resolution, Blogging Security, Open Source Improvement. . LinuxSecurity.com Team
Apr 07, 2011
•
Vendors/Products
83
security advisorysoftware updatexssDrupal Context 6.x-2.0-rc4 Moderate: XSS Access Threat Mitigated
The development team behind the Drupal module Context have released version 6.x-2.0-rc4, which fixes a cross-site scripting (XSS) vulnerability when displaying block descriptions. If a user with 'administer blocks' permission clicks on a crafted link, JavaScript contained in the link is executed with the privileges of the Drupal page. Attackers can exploit this to gain access to a system. . Just a few weeks ago, a 'simple' XSS vulnerability in a bug-tracking system allowed root access to Apache Software Foundation servers, so XSS vulnerabilities are certainly not to be treated lightly. Update: According to Drupal security team member Heine Deelstra, there is no URL manipulation or JavaScript contained in the link itself involved in the exploitation of the vulnerability. The vulnerability occurs if a user with 'administrator blocks' permission has added JavaScript to a block description on the block administration page. The impact is low since not that many sites using context have role seperation between block admins and other admins. Only a small subsection of the sites using the context release candidate are affected. The link for this article located at H Security is no longer available. . The WordPress plugin Editor Enhancements resolves a minor CSRF vulnerability impacting user roles with editing privileges. Critical security update.. Drupal Security, XSS Attack, Context Module. . LinuxSecurity.com Team
May 12, 2010
•
Hacks/Cracks
77
cross-site scriptingsecurity threatsxssMeta Information Facilitating XSS Attacks in Web Services
According to security expert Tyler Reguly of nCircle, data fields for storing meta-information offer plenty of latitude for future cross-site scripting (XSS) attacks. JavaScript embedded in Whois and DNS records and in SSL certificates, for instance, can, under certain circumstances, be executed in a browser. . There are, for example, web services which carry out online checks on SSL certificates from other servers. As well as cryptographically relevant information, such services also display data on a certificate's owner and who it was issued by. If a service fails to filter the query data correctly, the user's browser may execute JavaScript contained in the query. Attackers could exploit this to carry out various activities, such as copying login cookies or changing a user's profile settings (for their account for the web service). SSL Shopper is one service provider which was affected by this issue The link for this article located at H Security is no longer available. . Explore the role of metadata in enhancing vulnerabilities within cross-domain scripting for online applications and secure socket layer assessments.. Cross Site Scripting, SSL Exploits, Web Service Security, Security Risks. . LinuxSecurity.com Team
Apr 08, 2010
•
Server Security
77
malicious codexsssecurity riskUnderstanding CSRF Attacks and Their Associated Security Risks
Cross Site Request Forgery (also known as XSRF, CSRF, and Cross Site Reference Forgery) works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls (Example: ;stock=ebay) allowing specific actions to be performed when requested. If a user is logged into the site and an attacker tricks their browser into making a request to one of these task urls, then the task is performed and logged as the logged in user. Typically an attacker will embed malicious HTML or JavaScript code into an email or website to request a specific 'task url' which executes without the users knowledge, either directly or by utilizing a Cross-site Scripting Flaw. Injection via light markup languages such as BBCode is also entirely possible. These sorts of attacks are fairly difficult to detect potentially leaving a user debating with the website/company as to whether or not the stocks bought the day before was initiated by the user after the price plummeted. . Most of the functionality allowed by the website can be performed by an attacker utilizing CSRF. This could include posting content to a message board, subscribing to an online newsletter, performing stock trades, using an shopping cart, or even sending an e-card. CSRF can also be used as a vector to exploit existing Cross-site Scripting flaws in a given application. For example imagine an XSS issue on an online forum or blog, where an attacker could force the user through CSRF to post a copy of the next big website worm. An attacker could also utilize CSRF to relay an attack against a site of their choosing, as well as perform a Denial Of Service attack in the right circumstances. The link for this article located at CGI Security is no longer available. . Grasping XSS strategies uncovers the ways malicious actors can take advantage of web features without detection. Discover additional insights.. Cross-Site Request Forgery, Web Attack Techniques, XSRF Exploits. . LinuxSecurity.com Team
Jan 19, 2007
•
Server Security
77
security advisoryweb applicationmalwareXSS Risks: Understanding Trends in Web Application Security
Web administrators beware: cross-site scripting vulnerabilities are now far more attractive targets than more notorious bugs such as buffer overflows, according to new figures from Mitre, a U.S. government-funded research organization. Buffer overflows have long been one of the most common types of bugs attacked by malware, with Intel and Advanced Micro Devices (AMD) even building in hardware support for an anti-buffer overflow technology called NX (No Execute) or XD (Execution Disable). . But a shift is under way, according to Mitre's findings. While buffer overflows affect executable files written in languages such as C, the increasing popularity of cross-site scripting (XSS) bugs indicates attackers are looking more at programming languages typically used for Web applications, such as Java, .Net and PHP. Client-side scripting languages generally include same-origin policies, which allow interaction between Web objects and pages only as long as they come from the same domain and over the same protocol. XSS bugs allow malicious Web sites to find ways around these policies, potentially accessing sensitive data in other objects or browser windows. The link for this article located at Network World is no longer available. . Recent statistics indicate an increase in cross-site scripting incidents, overshadowing conventional buffer overflow exploits.. Cross-Site Scripting, Web Application Security, XSS Trends. . LinuxSecurity.com Team
Sep 19, 2006
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More