Tag: linux
-
Koske, a new AI-Generated Linux malware appears in the threat landscape
Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors…
-
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks
Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners.The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively.Soco404 “targets both Linux and Windows systems, deploying platform-specific malware,” Wiz First seen on thehackernews.com Jump to article:…
-
Mit KI entwickelt: Neue Linux-Malware versteckt sich in süßen Panda-Bildchen
JPEG-Dateien können nicht nur schöne Bilder enthalten, sondern manchmal auch gefährlichen Schadcode. Eine neue Linux-Malware macht davon Gebrauch. First seen on golem.de Jump to article: www.golem.de/news/mit-ki-entwickelt-neue-linux-malware-versteckt-sich-in-suessen-panda-bildchen-2507-198500.html
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
-
New Koske Linux malware hides in cute panda images
A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-koske-linux-malware-hides-in-cute-panda-images/
-
Arch Linux users told to purge Firefox forks after AUR malware scare
The distro’s greatest asset is arguably also its greatest weakness First seen on theregister.com Jump to article: www.theregister.com/2025/07/22/arch_aur_browsers_compromised/
-
Intel announces end of Clear Linux OS project, archives GitHub repos
The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/intel-announces-end-of-clear-linux-os-project-archives-github-repos/
-
Arch Linux pulls AUR packages that installed Chaos RAT malware
Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/
-
Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware
Cryptominer campaign runs for years using legit sites to spread malware, targeting Linux systems through known bugs and avoiding detection. First seen on hackread.com Jump to article: hackread.com/linux-cryptominer-using-legit-sites-to-spread-malware/
-
H2Miner Targets Linux, Windows, and Containers to Illicitly Mine Monero
FortiGuard Labs researchers have uncovered a sophisticated cryptomining campaign where the H2Miner botnet, active since late 2019, has expanded its operations to target Linux, Windows, and containerized environments simultaneously. The campaign represents a significant evolution in cross-platform cryptocurrency mining attacks, with threat actors leveraging updated scripts and infrastructure to maximize financial gains from compromised systems.…
-
Oracle-Lücke birgt Gefahr für RCE-Attacken
Tags: access, bug, cloud, cve, cyberattack, data, exploit, infrastructure, linux, oracle, rce, remote-code-execution, tool, vulnerabilityOracle hat das Sicherheitsproblem im Code Editor bereits gefixt.Forscher von Tenable Research haben eine Sicherheitslücke im Code-Editor von Oracle Cloud Infrastructure (OCI) entdeckt, die Unternehmen für Remote-Code-Execution-Angriffe (RCE) anfällig macht. Die webbasierte integrierte Entwicklungsumgebung (IDI) dient zur Verwaltung von Ressourcen wie Functions, Resource Manager und Data Science und sorgt für nahtlose Entwickler-Workflows.Die enge Integration mit…
-
One click to compromise: Oracle Cloud Code Editor flaw exposed users to RCE
Attacks could have a wider blast radius: Because Code Editor operates on the same underlying file system as the Cloud Shell, essentially a Linux home directory in the cloud, attackers could tamper with files used by other integrated services. This turns the flaw in the seemingly contained developer tool into an exposure for lateral movement…
-
Falco: Open-source cloud-native runtime security tool for Linux
Falco is an open-source runtime security tool for Linux systems, built for cloud-native environments. It monitors the system in real time to spot unusual activity and possible … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/falco-open-source-cloud-native-runtime-linux-security-tool/
-
Ransomware Threat Grows as Attackers Move Into VMware and Linux
Linux has been the reliable backbone of business infrastructure for many years; it powers 96% of the top million web servers worldwide and more than 80% of workloads in public clouds. Its reputation for reliability and inherent security has long shielded it from the intense scrutiny faced by Windows environments. However, this era of relative…
-
PoC Released for High-Severity Git CLI Vulnerability Allowing Arbitrary File Writes
A critical vulnerability in Git’s command-line interface has been disclosed with public proof-of-concept exploits available, allowing arbitrary file writes and remote code execution on Linux and macOS systems. CVE-2025-48384 affects Git installations usinggit clone recursiveon weaponized repositories, exploiting improper handling of carriage return characters in.gitmodulesfiles to bypass security controls. Field Details CVE ID CVE-2025-48384 CVSS…
-
BERT Ransomware Can Force Shutdown of ESXi Virtual Machines to Hinder Recovery
A newly identified ransomware group, BERT, tracked by Trend Micro as Water Pombero, has emerged as a significant threat to organizations across Asia, Europe, and the US. First observed in April, BERT targets critical sectors such as healthcare, technology, and event services, employing a dual-platform approach to infect both Windows and Linux systems. Threat Targeting…
-
New Bert Ransomware Evolves With Multiple Variants
An emerging ransomware group that calls itself Bert is quickly evolving after hitting the cybercrime scene in April, targeting both Windows and Linux systems used by organizations in the health care, tech, and other industries in the United States, Europe, and Asia. It may be a Russian group whose malware evolved from REvil code. First…
-
How a 12-year-old bug in Sudo is still haunting Linux users
Sudo is trusting the wrong host: CVE-2025-32462, which remained unnoticed for over 12 years, requires a specific, but common configuration of restricting Sudo rules to certain hostnames or hostname patterns.According to the researchers, the sudoers file uses flexible syntax to suit any organization size, allowing a single configuration to work across Linux and UNIX systems…
-
Pakistan’s Transparent Tribe Hits Indian Defence with Linux Malware
Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma. First seen on hackread.com Jump to article: hackread.com/pakistan-transparent-tribe-indian-defence-linux-malware/
-
Bert Blitzes Linux & Windows Systems
The new ransomware strain’s aggressive multithreading and cross-platform capabilities make it a potent threat to enterprise environments. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/bert-blitzes-linux-windows-systems
-
Inside the ZIP Trap: How APT36 Targets BOSS Linux to Exfiltrate Critical Data
CYFIRMA has uncovered a highly sophisticated cyber-espionage campaign orchestrated by APT36, also known as Transparent Tribe, a Pakistan-based threat actor with a notorious history of targeting Indian defense and government sectors. This latest operation marks a significant shift in tactics, as APT36 adapts its arsenal to infiltrate Linux-based environments, specifically focusing on BOSS Linux, a…
-
RingReaper: New Linux EDR Evasion Tool Exploits io_uring Kernel Feature
A new tool named RingReaper is raising eyebrows among defenders and red teamers alike. By leveraging the legitimate, high-performance Linux kernel feature known as io_uring, RingReaper demonstrates how advanced attackers can sidestep even modern Endpoint Detection and Response (EDR) systems. The Rise of io_uring in Offensive Security Introduced in Linux kernel 5.1, io_uring was designed to provide…
-
Linux Boot Vulnerability Lets Attackers Bypass Secure Boot Protections
A newly highlighted vulnerability in the Linux boot process exposes a critical weakness in the security posture of many modern distributions. Despite widespread adoption of Secure Boot, full-disk encryption, and bootloader passwords, attackers can still bypass these defenses by exploiting the Initial RAM Filesystem (initramfs) debug shell”, a loophole often overlooked in hardening guides, as…
-
PoC Released for Linux Privilege Escalation Flaw in udisksd and libblockdev
Security researchers disclosed a critical local privilege escalation (LPE) vulnerability affecting Fedora, SUSE, and other major Linux distributions. The flaw, tracked asCVE-2025-6019, resides in the interaction between theudisksddaemon and its backend library,libblockdev. A proof-of-concept (PoC) exploit has been released, demonstrating how a user in the allow_active group can escalate privileges to root with minimal effort in certain…
-
Sudo – Beliebtes Linux-Tool mit kritischer Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-cve-2025-32463-unix-linux-werkzeug-sudo-a-f8deff0dda4422a2deaa2ca3a40e3f16/
-
APT36 Unleashes Linux Malware: Transparent Tribe Targets Indian Government with Go-Based Espionage Tools
The post APT36 Unleashes Linux Malware: Transparent Tribe Targets Indian Government with Go-Based Espionage Tools appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt36-unleashes-linux-malware-transparent-tribe-targets-indian-government-with-go-based-espionage-tools/
-
Critical Sudo bugs expose major Linux distros to local Root exploits
Critical Sudo flaws let local users gain root access on Linux systems, the vulnerabilities affect major Linux distributions. Cybersecurity researchers disclosed two vulnerabilities in the Sudo command-line utility for Linux and Unix-like operating systems. Local attackers can exploit the vulnerabilities to escalate privileges to root on affected systems. Sudo (short for >>superuser do
-
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines.A brief description of the vulnerabilities is below -CVE-2025-32462 (CVSS score: 2.8) – Sudo before 1.9.17p1, when used with a sudoers file that specifies…
-
Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/kali-gpt-ai-assistant-that-transforms-penetration-testing-on-kali-linux/