Tag: linux

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Aug 10, 2025 10:11 AM

Tags: attack, flaw, linux, vulnerability

Lenovo webcam flaws, dubbed BadCam, let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. Eclypsium researchers found vulnerabilities in some Lenovo webcams, collectively dubbed BadCam, that could let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. Principal security researchers Jesse Michael and Mickey Shkatov demonstrated…
Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks

Aug 9, 2025 9:11 PM

Tags: attack, cybersecurity, exploit, flaw, hacker, linux, vulnerability

Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices.”This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system,” Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News.The First seen…
Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox

Aug 9, 2025 12:11 PM

Tags: browser, chrome, control, cve, cyber, flaw, google, linux, vulnerability

August 9, 2025: A severe security vulnerability in the Linux kernel, dubbed CVE-2025-38236, has been uncovered by Google Project Zero researcher Jann Horn, exposing a pathway for attackers ranging from native code execution within the Chrome renderer sandbox to full kernel-level control on Linux systems. The flaw, tied to the obscure MSG_OOB feature in UNIX…
Network scans find Linux is growing on business desktops, laptops

Aug 8, 2025 5:11 AM

Tags: business, linux, network

Security hardening and DevOps activities the tipping point First seen on theregister.com Jump to article: www.theregister.com/2025/08/06/lansweeper_finds_linux_growth_on/
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Aug 7, 2025 4:11 PM

Tags: control, cybersecurity, data, endpoint, linux, malicious, malware, windows

Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems.”At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it…
Weg von Windows: Linux auf Business-Desktops und -Notebooks immer beliebter

Aug 7, 2025 1:11 PM

Tags: business, linux, open-source, windows

Der treibende Faktor soll weniger der Wunsch nach Open-Source, sondern die Verbesserung der Sicherheitslage in Unternehmen sein. First seen on golem.de Jump to article: www.golem.de/news/weg-von-windows-linux-auf-business-desktops-und-notebooks-immer-beliebter-2508-198920.html
6 ways hackers hide their tracks

Aug 7, 2025 10:11 AM

Tags: access, ai, antivirus, api, attack, backdoor, breach, captcha, ceo, computer, control, credentials, crypto, cybersecurity, data, data-breach, defense, detection, email, endpoint, exploit, github, hacker, injection, intelligence, jobs, law, linux, LLM, login, malicious, malware, monitoring, network, open-source, openai, phishing, programming, RedTeam, resilience, reverse-engineering, risk, rust, service, social-engineering, software, supply-chain, threat, tool, virus, windows

Backdoors in legitimate software libraries: In April 2024, it was revealed that the XZ Utils library had been covertly backdoored as part of years-long supply-chain compromise effort. The widely used data compression library that ships as a part of major Linux distributions had malicious code inserted into it by a trusted maintainer.Over the last decade,…
Minimal, Hardened, and Updated Daily: The New Standard for Secure Containers

Aug 5, 2025 3:28 PM

Tags: container, linux, software, startup, supply-chain

Chainguard provides DevSecOps teams with a library of secure-by-default container images so that they don’t have to worry about software supply chain vulnerabilities. The startup is expanding its focus to include Java and Linux, as well. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/minimal-hardened-updated-daily-new-standard-secure-containers
Forscher warnen: Bisher unbekannte Linux-Malware ist seit Monaten aktiv

Aug 5, 2025 1:28 PM

Tags: linux, malware

Die Malware verfügt über ausgeklügelte Verschleierungstechniken. Bis zuletzt wurde sie von keiner Antivirensoftware auf Virustotal erkannt. First seen on golem.de Jump to article: www.golem.de/news/forscher-warnen-bisher-unbekannte-linux-backdoor-ist-seit-monaten-aktiv-2508-198822.html
Forscher warnen: Bisher unbekannte Linux-Backdoor ist seit Monaten aktiv

Aug 5, 2025 12:28 PM

Tags: backdoor, linux, malware

Die Malware verfügt über ausgeklügelte Verschleierungstechniken. Bis zuletzt wurde sie von keiner Antivirensoftware auf Virustotal erkannt. First seen on golem.de Jump to article: www.golem.de/news/forscher-warnen-bisher-unbekannte-linux-backdoor-ist-seit-monaten-aktiv-2508-198822.html
Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover

Aug 5, 2025 11:28 AM

Tags: ai, flaw, linux, nvidia, rce, remote-code-execution, risk, vulnerability, windows

New flaws in NVIDIA’s Triton Server let remote attackers take over systems via RCE, posing major risks to AI infrastructure. Newly revealed security flaws in NVIDIA’s Triton Inference Server for Windows and Linux could let remote, unauthenticated attackers fully take over vulnerable servers. According to Wiz Research team, chaining these vulnerabilities enables remote code execution…
Ransomware goes cloud native to target your backup infrastructure

Aug 5, 2025 10:28 AM

Tags: access, api, authentication, backup, cloud, container, control, credentials, cybercrime, data, defense, exploit, google, group, identity, infrastructure, least-privilege, linkedin, linux, malicious, malware, mfa, north-korea, ransomware, social-engineering, strategy, threat, vulnerability, vulnerability-management

Credential compromise and misconfiguration woes: More sophisticated threat groups have developed social engineering techniques to the point where they reliably trick targets into helping them to bypass multi-factor authentication (MFA) controls before ransacking compromised cloud-hosted environments.For example, threat actors are using compromised OAuth tokens to bypass MFA and inject malicious code into developer ecosystems via…
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor

Aug 5, 2025 5:28 AM

Tags: antivirus, backdoor, linux, malware

‘Plague’ malware has been around for months without tripping alarms First seen on theregister.com Jump to article: www.theregister.com/2025/08/05/plague_linux_backdoor/
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

Aug 4, 2025 7:28 PM

Tags: ai, control, exploit, flaw, intelligence, linux, nvidia, open-source, remote-code-execution, windows

A newly disclosed set of security flaws in NVIDIA’s Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers.”When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote…
Nextron findet bisher unbekannte Plague-Backdoor in Linux

Aug 4, 2025 6:28 PM

Tags: access, backdoor, linux

Sicherheitsforscher von Nextron Research sind bei der Suche nach unbekannten Bedrohungen mit YARA-Regeln auf eine bisher undokumentierte PAM-basierte Backdoor identifiziert. Diese von den Sicherheitsforschern Plague getaufte Backdoor kann von Angreifern persistent auf Linux-Systemen installiert werden und gewährt einen dauerhaften SSH-Zugriff, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/04/nextron-findet-bisher-unbekannte-plague-backdoor-in-linux/
New Plague Linux malware stealthily maintains SSH access

Aug 4, 2025 5:28 PM

Tags: access, authentication, detection, linux, malware

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/
How ‘Plague’ infiltrated Linux systems without leaving a trace

Aug 4, 2025 2:28 PM

Tags: encryption, hacker, linux, malware

From obfuscation to audit evasion: Plague’s stealth begins at compile time. Early versions used simple XOR-based string encoding, but later variants deployed multi-layer encryption, including custom KSA/PRGA routines and DRBG-based stages, to obfuscate decrypted payloads and strings.The use of advanced cryptographic routines, including algorithms like the Key Scheduling algorithm (KSA), the Pseudo-Random Generation algorithm (PRGA),…
Researchers Use 0-Day to Exploit Google kernelCTF and Debian 12

Aug 4, 2025 2:28 PM

Tags: attack, cyber, exploit, google, linux, network, vulnerability, zero-day

Security researchers have uncovered and weaponized a critical Use-After-Free vulnerability (CVE-2025-38001) in the Linux network packet scheduler’s HFSC queuing discipline, successfully compromising Google kernelCTF instances”, LTS, COS, and mitigation”, and fully updated Debian 12. By ingeniously combining HFSC’s real-time scheduling mode, NETEM’s packet duplication feature, and a throttled Token Bucket Filter (TBF) root queue, the…
How ‘Plague’ infiltrated Linux systems without leaving a trace

Aug 4, 2025 2:28 PM

Tags: encryption, hacker, linux, malware

From obfuscation to audit evasion: Plague’s stealth begins at compile time. Early versions used simple XOR-based string encoding, but later variants deployed multi-layer encryption, including custom KSA/PRGA routines and DRBG-based stages, to obfuscate decrypted payloads and strings.The use of advanced cryptographic routines, including algorithms like the Key Scheduling algorithm (KSA), the Pseudo-Random Generation algorithm (PRGA),…
Ransomware attacks: The evolving extortion threat to US financial institutions

Aug 4, 2025 2:28 PM

Tags: access, ai, antivirus, attack, backup, banking, breach, business, cloud, communications, compliance, control, credentials, crime, crimes, cyber, cybercrime, cybersecurity, dark-web, data, ddos, defense, detection, edr, email, encryption, endpoint, extortion, finance, firewall, governance, group, identity, incident response, infrastructure, insurance, intelligence, international, korea, law, leak, least-privilege, lessons-learned, linkedin, linux, lockbit, login, malicious, mfa, monitoring, network, north-korea, organized, phishing, ransom, ransomware, resilience, risk, rust, service, soc, social-engineering, software, startup, strategy, supply-chain, tactics, theft, threat, tool, training, update, usa, vmware, vulnerability, warfare, windows, zero-trust

Before sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had…
A new era of cyberthreats from sophisticated threat actors is here

Aug 4, 2025 9:29 AM

Tags: access, ai, attack, authentication, backdoor, china, cisa, cloud, communications, control, credentials, crowdstrike, data, data-breach, detection, edr, encryption, endpoint, exploit, group, identity, intelligence, Internet, kev, linux, network, password, phishing, ransomware, remote-code-execution, service, siem, social-engineering, tactics, threat, tool, update, vulnerability, vulnerability-management, windows, zero-day

Identity threats: Scattered Spider: Identity-oriented adversaries exploit human weaknesses to leverage compromised credentials obtained through social engineering and AI-based tools to gain access to networks.Voice-based phishing is one identity-based attack tool rising in prominence, having increased in use by 443% last year, according to Myers. “This is on track to double by the end of…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 56

Aug 3, 2025 4:28 PM

Tags: backdoor, international, linux, malware, ransomware, threat, tool

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Endgame Gear mouse config tool infected users with malware Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal Decrypted: FunkSec Ransomware Threat actor uses…
Security Affairs newsletter Round 535 by Pierluigi Paganini INTERNATIONAL EDITION

Aug 3, 2025 12:28 PM

Tags: backdoor, china, email, international, linux, malicious, nvidia, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New Linux backdoor Plague bypasses auth via malicious PAM module China Presses Nvidia Over Alleged Backdoors…
New Linux backdoor Plague bypasses auth via malicious PAM module

Aug 3, 2025 5:28 AM

Tags: authentication, backdoor, linux, malicious

A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module…
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

Aug 2, 2025 5:28 PM

Tags: access, authentication, backdoor, credentials, cybersecurity, detection, linux, malicious, theft

Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year.”The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access,” Nextron Systems researcher Pierre-Henri Pezier said.Pluggable Authentication Modules First seen on thehackernews.com Jump…
AI Turns Panda Image Into ‘New Breed of Persistent Malware’

Aug 2, 2025 12:28 PM

Tags: ai, crypto, linux, malware

AI-assisted malware named Koske is hidden inside panda images, silently hijacking Linux machines for crypto mining while evading detection. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-malware-linux-panda-images/
New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access

Aug 2, 2025 12:28 PM

Tags: access, antivirus, authentication, backdoor, cyber, linux, malicious, malware, software

Security researchers have discovered a sophisticated Linux backdoor dubbed >>Plague
Kostenlose Datenrettung für Linux-Dateisysteme – R-Linux: freie Linux-Recovery-Software

Aug 1, 2025 12:28 PM

Tags: linux, software

First seen on security-insider.de Jump to article: www.security-insider.de/r-linux-freie-linux-recovery-software-a-cd561c62a9bec6839b06eb465bd0bfe2/
Kali Linux can now run in Apple containers on macOS systems

Jul 31, 2025 9:28 PM

Tags: apple, container, cybersecurity, kali, linux, macOS

Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple’s new containerization framework. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kali-linux-can-now-run-in-apple-containers-on-macos-systems/
Proton launches free standalone cross-platform Authenticator app

Jul 31, 2025 5:28 PM

Tags: android, authentication, linux, macOS, mfa, windows

Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/proton-launches-free-standalone-cross-platform-authenticator-app/