Tag: linux
-
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
-
Best of 2025: New Akira Ransomware Decryptor Leans on Nvidia GPU Power
A software programmer developed a way to use brute force to break the encryption of the notorious Akira ransomware using GPU compute power and enabling some victims of the Linux-focused variant of the malware to regain their encrypted data without having to pay a ransom. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/new-akira-ransomware-decryptor-leans-on-nvidia-gpu-power-2/
-
NDSS 2025 GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets
Tags: attack, conference, detection, exploit, framework, Internet, linux, mitigation, network, software, vulnerabilitySession 6D: Software Security: Vulnerability Detection Authors, Creators & Presenters: Qi Ling (Purdue University), Yujun Liang (Tsinghua University), Yi Ren (Tsinghua University), Baris Kasikci (University of Washington and Google), Shuwen Deng (Tsinghua University) PAPER GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets Since their emergence in 2018, speculative execution attacks have proven difficult…
-
2025 Year in Review at Cloud Security Podcast by Google
Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
-
PoC Exploit Released for UseFree Vulnerability in Linux Kernel POSIX CPU Timers
A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated kernel exploits targeting Android devices. CVE-2025-38352 represents a use-after-free (UAF) vulnerability in the Linux kernel’s POSIX CPU timers implementation. The flaw was previously reported under limited, targeted exploitation in real-world Android…
-
Week in review: Exploited zero-day in Cisco email security appliances, Kali Linux 2025.4 released
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How researchers are teaching AI agents to ask for permission the right way … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/21/week-in-review-exploited-zero-day-in-cisco-email-security-appliances-kali-linux-2025-4-released/
-
pearOS is a Linux that falls rather close to the Apple tree
Revived distro returns on Arch with KDE Plasma, global menus, and a familiar macOS-style sheen First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/pearos/
-
NDSS 2025 Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems
Tags: attack, conference, detection, exploit, injection, Internet, linux, network, programming, software, tool, vulnerabilitySession 6D: Software Security: Vulnerability Detection Authors, Creators & Presenters: Hengkai Ye (The Pennsylvania State University), Hong Hu (The Pennsylvania State University) PAPER Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems Code injection was a favored technique for attackers to exploit buffer overflow vulnerabilities decades ago. Subsequently, the widespread adoption of lightweight…
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
New Linux Kernel Rust Vulnerability Triggers System Crashes
A critical race condition vulnerability has been discovered in the Linux kernel’s Rust Binder module, potentially causing system crashes and memory corruption. Assigned CVE-2025-68260, this issue affects the kernel’s inter-process communication mechanism and requires immediate attention from system administrators and kernel maintainers. The Vulnerability The vulnerability exists in the Rust Binder component’s death_list handling mechanism.…
-
Der Raspberry-Pi-Weckruf für CISOs
Tags: access, authentication, ceo, ciso, control, cyberattack, dns, firewall, group, hacker, Hardware, infrastructure, linux, monitoring, office, risk, switch, tool, voip, vpnKleines Device, große Wirkung.Mitte Dezember wurde eine Fähre in Besitz der Mediterranean Shipping Company über Stunden in einem französischen Hafen festgesetzt, wie Bloomberg berichtete. Der Grund: Es bestand der Verdacht, dass russische Cyberkriminelle versucht haben, das Netzwerk des Schiffs zu hacken mit einem Raspberry Pi. Dieser war demnach mit einem Mobilfunkmodem gekoppelt, das den Fernzugriff…
-
NDSS 2025 Blindfold: Confidential Memory Management By Untrusted Operating System
Session 6B: Confidential Computing 1 Authors, Creators & Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University) PAPER Blindfold: Confidential Memory Management by Untrusted Operating System Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions…
-
NDSS 2025 Blindfold: Confidential Memory Management By Untrusted Operating System
Session 6B: Confidential Computing 1 Authors, Creators & Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University) PAPER Blindfold: Confidential Memory Management by Untrusted Operating System Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions…
-
Singularity Linux Kernel Rootkit with klogctl Detection Evasion
Singularity, a stealth-focused Linux Kernel Module (LKM) rootkit targeting modern 6.x kernels, has added a powerful log”evasion capability that prevents its detection through traditional kernel logging interfaces such as klogctl. Designed as a “final boss” rootkit for defenders, Singularity notes deep kernel hooking, advanced log sanitization, and EDR evasion techniques to stay invisible on compromised systems.…
-
Chrome Security Update Fixes Remote Code Execution Flaws
Tags: browser, chrome, cyber, flaw, google, linux, remote-code-execution, update, vulnerability, windowsGoogle has released an emergency security update for the Chrome browser, addressing two high-severity vulnerabilities that could enable remote code execution attacks. The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.”‹ Critical Vulnerabilities Patched The update fixes two significant security flaws reported by external security researchers. The first…
-
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.”KSwapDoor is a professionally engineered remote access tool designed with stealth in mind,” Justin Moore, senior manager of threat intel research at Palo Alto…
-
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.”KSwapDoor is a professionally engineered remote access tool designed with stealth in mind,” Justin Moore, senior manager of threat intel research at Palo Alto…
-
Kali Linux 2025.4: New tools and >>qualitylife<< improvements
OffSec has released Kali Linux 2025.4, a new version of its widely used penetration testing and digital forensics platform. Most of the changes are related to appearance and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/15/kali-linux-2025-4-new-tools-improvements/
-
New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems
CyberVolk, a pro-Russia hacktivist group first documented in late 2024, has resurfaced with a sophisticated ransomware-as-a-service (RaaS) offering called VolkLocker after months of dormancy caused by Telegram enforcement actions. The group returned in August 2025 with version 2.x, featuring advanced Telegram-based automation and cross-platform capabilities targeting both Linux and Windows systems. VolkLocker is built in…
-
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks
NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems. The security bulletin, published on December 9, 2025, identifies critical flaws in the NVTabular and Transformers4Rec components of NVIDIA…
-
New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems
CyberVolk, a pro-Russia hacktivist group first documented in late 2024, has resurfaced with a sophisticated ransomware-as-a-service (RaaS) offering called VolkLocker after months of dormancy caused by Telegram enforcement actions. The group returned in August 2025 with version 2.x, featuring advanced Telegram-based automation and cross-platform capabilities targeting both Linux and Windows systems. VolkLocker is built in…
-
New 01Flip Ransomware Targets Both Windows and Linux Systems
Security researchers at Palo Alto Networks Unit 42 have identified a newly emerging ransomware family, 01flip, that represents a significant shift in malware development tactics. Discovered in June 2025, this sophisticated threat is entirely written in Rust a modern programming language that enables cross-platform compatibility and currently targets a limited set of victims across the…
-
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress.This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based First seen on…
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight
-
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT.”EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and First seen on thehackernews.com…
-
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-react2shell-flaw-in-etherrat-malware-attacks/
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…
-
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain a low profile while delivering comprehensive remote access and file system manipulation capabilities to threat…