Tag: linux

Kali GPT Revolutionizing Penetration Testing with AI on Kali Linux

Jun 9, 2025 12:54 PM

Tags: ai, automation, cyber, cybersecurity, kali, linux, penetration-testing, tool

In the rapidly evolving digital world, cybersecurity professionals are continually seeking innovative tools that not only streamline workflows but also empower users with deeper insights and automation capabilities. Enter Kali GPT, a groundbreaking AI assistant explicitly tailored for the Kali Linux ecosystem, engineered by XIS10CIAL. This article examines the origins, capabilities, and tangible benefits of…
Kali GPT-Revolutionizing Penetration Testing with AI on Kali Linux

Jun 9, 2025 8:54 AM

Tags: ai, cyber, cybersecurity, kali, linux, penetration-testing, tool

In the rapidly shifting digital world, cybersecurity professionals are constantly seeking innovative tools that not only streamline workflows but also empower users with deeper insights and automation. Enter Kali GPT”, a groundbreaking AI assistant tailored specifically for the Kali Linux ecosystem, engineered by XIS10CIAL. This article explores the genesis, capabilities, and tangible advantages of Kali…
Linux Foundation tries to play peacemaker in ongoing WordPress scuffle

Jun 8, 2025 11:54 AM

Tags: linux, wordpress

FAIR Package Manager project aims to prevent political power plays First seen on theregister.com Jump to article: www.theregister.com/2025/06/06/linux_foundation_wordpress_peacemaker/
From StackStorm to DeepTempo

Jun 8, 2025 7:54 AM

Tags: ai, attack, ceo, ciso, control, crowdstrike, cybersecurity, data, detection, exploit, linux, malware, ml, network, open-source, phishing, soar, soc, threat, tool, training, vulnerability, zero-day

And what does it tell us about Cybersecurity? As the founding CEO of StackStorm and now DeepTempo, I’ve seen how the needs of CISOs and SOCs have changed over the last 10+ years. New challenges and a better color scheme! When we started StackStorm, the cybersecurity landscape was different. Our power users rarely asked for more alerts”Š”,…
New versions of Chaos RAT target Windows and Linux systems

Jun 5, 2025 11:55 PM

Tags: attack, flaw, linux, rat, windows

Acronis researchers reported that new Chaos RAT variants were employed in 2025 attacks against Linux and Windows systems. Acronis TRU researchers discovered new Chaos RAT variants targeting Linux and Windows in recent attacks. Originally seen in 2022, Chaos RAT evolved in 2024, with fresh samples emerging in 2025. TRU also discovered a critical flaw in…
Open-source Chaos RAT used in recent attacks targeting Linux

Jun 5, 2025 10:55 PM

Tags: attack, linux, open-source, rat

First seen on scworld.com Jump to article: www.scworld.com/news/open-source-chaos-rat-used-in-recent-attacks-targeting-linux
New Chaos RAT Targets Linux and Windows Users to Steal Sensitive Data

Jun 5, 2025 9:55 PM

Tags: cyber, data, espionage, linux, malware, open-source, rat, threat, tool, windows

A new wave of cyber threats has emerged with the discovery of updated variants of Chaos RAT, a notorious open-source remote administration tool (RAT) first identified in 2022. As reported by Acronis TRU researchers in their recent 2025 analysis, this malware continues to evolve, targeting both Linux and Windows environments with sophisticated capabilities for espionage…
KDE targets Windows 10 ‘exiles’ claiming ‘your computer is toast’

Jun 5, 2025 8:54 PM

Tags: computer, linux, windows

Encourages move to Linux but, for goodness sake, RTFM first First seen on theregister.com Jump to article: www.theregister.com/2025/06/04/kde_windows_10_exiles/
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Jun 4, 2025 4:55 PM

Tags: access, attack, linux, malware, network, open-source, rat, threat, tool, windows

Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems.According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments.”Chaos RAT is…
Malicious PyPI packages aim to backdoor Windows, Linux systems

Jun 3, 2025 9:55 PM

Tags: backdoor, linux, malicious, pypi, windows

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-packages-aim-to-backdoor-windows-linux-systems
New Linux PumaBot Targets IoT Devices with SSH Credential Brute-Force Attack

Jun 3, 2025 5:54 PM

Tags: attack, botnet, credentials, cyber, cybersecurity, exploit, Internet, iot, linux, strategy, threat

A new and insidious threat has surfaced in the cybersecurity landscape as Darktrace’s Threat Research team uncovers PumaBot, a Go-based Linux botnet meticulously designed to exploit embedded Internet of Things (IoT) devices. Unlike conventional botnets that cast a wide net through indiscriminate internet scans, PumaBot employs a highly targeted strategy, fetching a curated list of…
Qualys entdeckt zwei lokale Sicherheitslücken in Apport und Systemd-Coredump in Linux-Systemen

Jun 3, 2025 3:54 PM

Tags: linux, threat

Die Qualys Threat Research Unit (TRU) hat zwei lokale Sicherheitslücken in Apport und Systemd-Coredump entdeckt, die die Offenlegung von Informationen ermöglichen. Bei beiden Problemen handelt es sich um Race-Condition-Schwachstellen. Die erste (CVE-2025-5054) betrifft den Core-Dump-Handler von Ubuntu, Apport, und die zweite (CVE-2025-4598) zielt auf Systemd-Coredump ab, den Standard-Core-Dump-Handler unter Red-Hat-Enterprise-Linux 9 und der kürzlich veröffentlichten…
Per Coredump: Angreifer können unter Linux Passwort-Hashes abgreifen

Jun 3, 2025 1:54 PM

Tags: linux, password

Mehrere Versionen von Ubuntu, Fedora und RHEL sind angreifbar. Böswillige Akteure können Anwendungen crashen und vertrauliche Daten erbeuten. First seen on golem.de Jump to article: www.golem.de/news/per-coredump-angreifer-koennen-unter-linux-passwort-hashes-abgreifen-2506-196786.html
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Widespread Linux password hash theft likely with new bugs

Jun 2, 2025 10:54 PM

Tags: linux, password, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-linux-password-hash-theft-likely-with-new-bugs
Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes

Jun 2, 2025 8:54 PM

Tags: cve, flaw, linux, password, tool, vulnerability

Qualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how… First seen on hackread.com Jump to article: hackread.com/linux-crash-reporting-flaws-expose-password-hashes/
New Linux Vulnerabilities Expose Password Hashes via Core Dumps

Jun 2, 2025 5:54 PM

Tags: data, flaw, linux, password, tool, vulnerability

Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linux-vulnerabilities-expose/
Sophisticated Malware Campaign Targets Windows and Linux Systems

Jun 2, 2025 5:54 PM

Tags: credentials, linux, malware, theft, tool, windows

A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-campaign-targets-windows/
Critical Linux Vulnerabilities Risk Password Hash Theft Worldwide

Jun 2, 2025 4:54 PM

Tags: data, linux, password, risk, theft, vulnerability

Critical Linux vulnerabilities that expose password hashes on millions of systems. Learn how to protect your data now! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/critical-linux-vulnerabilities-risk-password-hash-theft-worldwide/
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows

Jun 2, 2025 1:54 PM

Tags: cyber, detection, exploit, hacker, linux, malware, tool, windows

OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as a default component in Windows 10 version 1803, attackers have increasingly exploited its presence, leveraging it as a >>Living Off the Land Binary
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux

Jun 2, 2025 1:54 PM

Tags: attack, cyber, linux, malicious, open-source, pypi, supply-chain, tactics, windows

Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosystem Typo-Squatting…
Backdoors in Python and NPM Packages Target Windows and Linux

Jun 2, 2025 11:54 AM

Tags: attack, backdoor, data, linux, theft, windows

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control. First seen on hackread.com Jump to article: hackread.com/backdoors-python-npm-packages-windows-linux/
New Linux Security Bugs Could Expose Password Hashes Across Millions of Devices

Jun 2, 2025 9:55 AM

Tags: cve, cyber, data, linux, password, threat, vulnerability

The Qualys Threat Research Unit (TRU) has disclosed two significant local information disclosure vulnerabilities”, CVE-2025-5054 and CVE-2025-4598″, impacting the core-dump handlers Apport and systemd-coredump on millions of Linux systems. These race-condition vulnerabilities could enable local attackers to extract highly sensitive data, including password hashes, by manipulating the crash reporting mechanisms embedded in popular distributions such…
Security Affairs newsletter Round 526 by Pierluigi Paganini INTERNATIONAL EDITION

Jun 1, 2025 12:55 PM

Tags: data, email, flaw, international, linux, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Two Linux flaws can lead to the disclosure of sensitive data Meta stopped covert operations from…
Two Linux flaws can lead to the disclosure of sensitive data

May 31, 2025 6:55 PM

Tags: data, flaw, linux, vulnerability

Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora distros. Researchers discovered a vulnerability in Apport (Ubuntu’s core dump handler) and another bug in systemd-coredump, which is used in the default configuration of Red Hat Enterprise Linux 9 and the Fedora distribution. systemd-coredump automatically captures >>core…
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

May 31, 2025 12:55 PM

Tags: access, cve, flaw, linux, password, theft, threat, tool, vulnerability

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools…
Cybersecurity Snapshot: New Standard for AI System Security Published, While Study Finds Cyber Teams Boost Value of Business Projects

May 31, 2025 6:55 AM

Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, ceo, ciso, cloud, compliance, computer, conference, control, cyber, cybersecurity, data, email, extortion, framework, group, guide, hacker, Hardware, intelligence, Internet, kubernetes, law, linux, login, metric, mfa, microsoft, mobile, phishing, ransom, ransomware, risk, service, software, supply-chain, technology, threat, tool, unauthorized, update, windows

Check out ETSI’s new global standard for securing AI systems and models. Plus, learn how CISOs and their teams add significant value to orgs’ major initiatives. In addition, discover what webinar attendees told Tenable about their cloud security challenges. And get the latest on properly decommissioning tech products; a cyber threat targeting law firms; and…
Linux Crash Dump Flaws Expose Passwords, Encryption Keys

May 30, 2025 7:55 PM

Tags: data, encryption, exploit, flaw, hacker, leak, linux, password, tool

Race-Condition Bugs in Ubuntu and Red Hat Tools Could Leak Sensitive Memory Data. Hackers could exploit a tool that stores crashed system data in older Linux operating systems to obtain passwords and encryption keys, warn researchers. The flaw lies in the way certain Linux distributions, including Ubuntu, Red Hat, and Fedora, handle application crashes. First…
Linux Zero-Day Vulnerability Discovered Using Frontier AI

May 30, 2025 6:55 PM

Tags: ai, flaw, linux, LLM, openai, vulnerability, zero-day

Vulnerability Researchers: Start Tracking LLM Capabilities, Says Veteran Bug Hunter. Large language models have taken a big step forward in their ability to help chase down code flaws, said a vulnerability researcher who successfully trained OpenAI’s o3 to review Linux kernel code, leading to the LLM – in an apparent first – discovering a new…
Novel PumaBot slips into IoT surveillance with stealthy SSH break-ins

May 30, 2025 12:55 PM

Tags: access, botnet, cctv, control, credentials, detection, exploit, firewall, Internet, iot, linux, login, malware, monitoring, network, password, service, vulnerability

bypasses the usual playbook of conducting internet-wide scanning and instead brute-forces secure shell (SSH) credentials for a list of targets it receives from a command and control (C2) server.”DarkTrace researchers have identified a custom Go-based Linux botnet targeting embedded Linux Internet of Things (IoT) devices,” researchers said in a blog post. “The botnet gains initial access…