LinuxSecurity.com - Hybrid RSS

The central voice for Linux and Open Source security news.

Hidden in Plain Sight: Koske Linux Malwares Stealthy Panda Image Delivery 7.29.2025

The days of straightforward Linux security threats''malware you could spot with a cursory glance at the logs''are fading fast. Meet "Koske," a new breed of malware that has arrived quietly but with an alarming sophistication. What's making waves here isn't just its technical prowess but how it's delivering its payload''hidden in images of pandas. Yep, pandas. But don't let the friendly wildlife fool you; this is stealthy malware designed to persist, adapt, and dodge detection like nothing else out there.

Soco404: Linux Cryptomining Campaign Masquerades as 404 Error Pages 7.28.2025

Let's talk about something that's been slipping under the radar: Soco404 . If you manage Linux systems in any capacity''or just spend time keeping production environments stable in the face of constant threats''this discovery warrants your immediate attention. What you've got here is a sneaky cryptomining campaign that digs into misconfigured PostgreSQL databases, outdated Apache Tomcat servers, and poorly secured cloud setups. The reason it's making waves? It pulls off its moves while hiding behind fake 404 error pages.

Debian 13 Trixie: RISC-V Support, Security Upgrades & A Bold Future 7.29.2025

If you've been running Debian for years''and let's face it, many of us have''it's easy to get complacent with its reputation for stability and predictability. But we're standing on the cusp of something different with Debian 13 ''Trixie.'' Scheduled for release on August 9, 2025, this version combines thoughtful updates with bold steps forward, all while staying rooted in its values: reliability, versatility, and accessibility.

SELinux vs. AppArmor: Uptake Trends & Security Considerations for Admins 7.28.2025

Let's get one thing clear upfront: Mandatory Access Control (MAC) isn't new, but its role in Linux security has shifted from being a ''nice-to-have'' to a cornerstone of system hardening. If you've ever built or maintained a Linux environment''whether it's a small personal project or a sprawling enterprise setup''you already know security is not about installing once and walking away. It's system isolation, granular policy enforcement, compliance readiness, and an ongoing effort to deal with the evolving threat landscape.

openSUSE Leap 15.6: Important Fix for java-1_8_0-openj9 Heap Corruption 7.30.2025

SUSE: java-1_8_0-openj9 Important Heap Corruption Issues Fix 2025:02545-1 7.30.2025

* bsc#1246575 * bsc#1246580 * bsc#1246595 * bsc#1246598

SUSE: MozillaThunderbird Important Update CVE-2025-6424 Security Advisory 7.30.2025

* bsc#1244670 * bsc#1246664 Cross-References: * CVE-2025-6424

openSUSE: MozillaThunderbird Important Security Patch Advisory 2025:02546-1 7.30.2025

SUSE: 2025:02547-1 Important libxml2 Heap Corruption CVE-2025-7425 7.30.2025

* bsc#1246296 Cross-References: * CVE-2025-7425

SUSE: Docker Moderate CVE-2025-22872 Security Advisory 2025:02366-2 7.30.2025

* bsc#1240150 * bsc#1241830 * bsc#1242114 * bsc#1243833 * bsc#1244035