Linux.com RSS Feed
To view each : SHIFT then click item

LinuxSecurity.com - Hybrid RSS

The central voice for Linux and Open Source security news.

Expired US Funding Threatened to Disrupt Security Flaw Tracking 4.17.2025

This past weekend, the globally recognized Common Vulnerabilities and Exposures (CVE) database, essential for tracking security flaws in software and systems, narrowly avoided going offline due to funding issues with the U.S. government. For us Linux security admins and open-source developers, the near-disruption wasn't just a bureaucratic oversight''it was a stark reminder of how fragile one of the most vital cornerstones of global cybersecurity truly is. With vulnerabilities being discovered and weaponized faster than ever, the CVE database is a critical tool to help administrators track, prioritize, and remediate issues. Losing or fragmenting access to this central repository could open the door to chaos, confusion, and exploitation.

Securing Kubernetes and Cloud-Native Environments through DevSecOps 4.14.2025

As Kubernetes and cloud-native technologies become increasingly integral to IT infrastructures, we Linux security admins must adapt to a rapidly changing environment where agility and security converge. A recent CNCF survey highlights a significant uptick in Kubernetes deployment, with most organizations using container technology as a backbone for their applications.

5 Steps to Craft a Resilient Ransomware Defense 4.17.2025

Ransomware attacks are surging''and in 2024, damages topped $30 billion .

UNC5174 Reemerges with SNOWLIGHT Malware & VShell Tool 4.16.2025

Recently, the infamous China-linked threat actor UNC5174 has launched a sophisticated campaign targeting Linux systems, employing an evolved variant of the SNOWLIGHT malware and a new tool called VShell. This campaign's sophistication lies in its use of advanced techniques and an open-source Remote Access Trojan (RAT) notorious for its stealth and efficiency.

Mageia 9: 2025-0137 critical: chromium-browser-stable security flaws 4.17.2025

Use after free in Site Isolation. (CVE-2025-3066) Inappropriate implementation in Custom Tabs. (CVE-2025-3067) Inappropriate implementation in Intents. (CVE-2025-3068) Inappropriate implementation in Extensions. (CVE-2025-3069) Insufficient validation of untrusted input in Extensions.

Debian: DSA-5905-1 critical issue with GraphicsMagick DoS or Code Exec 4.17.2025

Two vulnerabilities have been discovered in GraphicsMagick, a set of ommand-line applications to manipulate image files, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.

Fedora 41: 2025-5d61874568 critical: perl-String-Compare-ConstantTime leak 4.17.2025

This release fixes CVE-2024-13939 (leaking the length of a secret string)

Fedora 41: FEDORA-2025-a13867ecbc critical: rust-openssl-sys use-after-free 4.17.2025

Update the openssl crate to version 0.10.72. Update the openssl-sys crate to version 0.9.107. This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 (a possible use-after- free issue in two public functions). A survey of dependent packages in Fedora shows that none of them use the affected API, or do not use them in a way that

Fedora 41: 2025-a13867ecbc critical: rust-openssl use-after-free 4.17.2025

Update the openssl crate to version 0.10.72. Update the openssl-sys crate to version 0.9.107. This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 (a possible use-after- free issue in two public functions). A survey of dependent packages in Fedora shows that none of them use the affected API, or do not use them in a way that

Fedora 41: mysql8.0 2025-8352a35e30 critical database update 4.17.2025

MySQL 8.0.41 Reease notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-41.html


© 1997-2025 hackerzinc
All rights reserved.