Linux admins -

We've long trusted Snap packages as a convenient, sandboxed way to deploy software — but a new wave of supply-chain attacks is turning that trust against us. In the latest campaign, adversaries are reclaiming expired developer domains, hijacking Snap publisher accounts, and pushing crypto-stealing malware through legitimate Snap updates. This is a real risk. Compromised wallet apps are harvesting recovery seeds and draining funds before users even notice.

If you’re responsible for Linux fleets, this episode should make you rethink how you vet snaps, manage update policies, and detect subtle post-installation abuse. Read on to learn what went wrong, what to watch for, and how to harden your systems against this stealthy vector.

Yours in Open Source, 

Dv Signature Newsletter 2024 Esm W150

Dave Wreski

LinuxSecurity Founder

Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages

The Discovery 

Several crypto-stealing campaigns are using Snap packages to land quietly on Ubuntu Linux systems.

11.Locks IsometricPattern Esm W400

The Impact

These stealthy attacks can result in cryptomining on impacted systems.

The Fix

Admins should implement specific monitoring and logging practices and policy decisions to mitigate risk.

When Security Tools Become a Risk: Cisco Snort 3 Flaws & Network Security Threats

The Discovery 

 Crafted network traffic can crash the Snort 3 inspection engine, force restarts, or degrade analysis without raising clear alarms.

32.Lock Code Circular Esm W400

The Impact

In some cases, unauthenticated attackers can expose memory data.

The Fix

 To protect against these flaws, admins should implement policy and monitoring changes that reduce network inspection risk.