Tag: linux
-
Big vendors back Linux Foundation agentic workflows project
Agntcy overlaps with MCP and Agent2Agent but adds proposed standards for a broader range of network layers in the still-emerging ‘internet of agents.’ First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366628236/Big-vendors-back-Linux-Foundation-agentic-workflows-project
-
Ransomware upstart Gunra goes cross-platform with encryption upgrades
Tags: attack, breach, control, data, detection, encryption, endpoint, group, healthcare, linux, ransomware, update, vmware, windows-r” or “ratio” parameter. The “-l” or the “limit” parameter is used to control how much of the file gets encrypted. If no value is provided, the entire file is encrypted,” Trend Micro added.Additionally, the variant offers flexible key-storage options for RSA-encrypted keys. Using the “-s” or ““, store” parameter makes the ransomware save each…
-
Auto-Color Backdoor Targets U.S. Chemical Firm via CVE-2025-31324
Tags: access, backdoor, cve, cyberattack, cybersecurity, exploit, hacker, linux, malware, sap, vulnerabilityIn a three-day cyberattack this April, hackers exploited a newly disclosed SAP vulnerability to infiltrate a U.S.-based chemicals company, deploying a stealthy Linux malware known as Auto-Color backdoor. Cybersecurity firm Darktrace says the attackers gained access through a critical flaw… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/auto-color-backdoor-cve-2025-31324/
-
New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature
The new Gunra group has expanded its attack surface beyond Windows PCs by releasing a Linux version of their virus, which was initially discovered in April 2025. This is a major uptick in the ransomware ecosystem. This development underscores the group’s strategic pivot toward cross-platform targeting, inspired by predecessors like Conti ransomware. Trend Micro’s threat…
-
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. >>In April 2025, Darktrace identified an Auto-Color backdoor malware attack…
-
Hackers Target SAP NetWeaver to Deploy New Auto-Color Linux Malware
Cybersecurity researchers at Darktrace have uncovered a sophisticated attack targeting a US-based chemicals company, marking the first observed instance of threat actors exploiting SAP NetWeaver vulnerabilities to deploy Auto-Color backdoor malware. The incident, which occurred over three days in April 2025, demonstrates an alarming evolution in cyber attack tactics combining enterprise software exploitation with advanced…
-
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.”Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to…
-
Chrome Vulnerabilities Allow Attackers to Hijack Memory and Run Malicious Code
Google has released an emergency security update for its Chrome browser to address critical vulnerabilities that could allow attackers to hijack system memory and execute malicious code on affected devices. The Stable channel has been updated to version 138.0.7204.183/.184 for Windows and Mac systems, and 138.0.7204.183 for Linux, with the rollout scheduled over the coming…
-
Nimble ‘Gunra’ Ransomware Evolves With Linux Variant
The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nimble-gunra-ransomware-linux-variant
-
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-sap-netweaver-bug-to-deploy-linux-auto-color-malware/
-
SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm
Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks. First seen on hackread.com Jump to article: hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/
-
Auto-Color Backdoor Malware Exploits SAP Vulnerability
Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/auto-color-backdoor-exploits-sap/
-
Apple Introduces Containerization Feature for Seamless Kali Linux Integration on macOS
Apple has unveiled a groundbreaking containerization feature that enables seamless integration of Kali Linux on macOS systems, marking a significant advancement in cross-platform development capabilities. Announced during WWDC 2025, this innovative technology brings Linux containerization directly to Apple’s ecosystem, offering developers and security professionals unprecedented flexibility in their workflows. The new containerization feature represents Apple’s…
-
Linux 6.16 Released with Performance and Networking Enhancements
Linux creator Linus Torvalds announced the release of Linux kernel version 6.16 on July 27, 2025, marking the end of what he described as a >>nice and calm
-
AI-Generated Linux Miner ‘Koske’ Beats Human Malware
AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/ai-generated-linux-miner-koske
-
Beware of Fake Error Pages Deploying Platform-Specific Malware on Linux and Windows Systems
Tags: cloud, crypto, cyber, data-breach, exploit, infrastructure, linux, malware, remote-code-execution, scam, service, windowsWiz Research has uncovered an active cryptomining campaign, dubbed Soco404, that exploits misconfigurations in PostgreSQL databases and other cloud services to deploy platform-specific malware on both Linux and Windows systems. This operation, part of a broader crypto-scam infrastructure, leverages opportunistic scanning for exposed services, abusing features like PostgreSQL’s COPY FROM PROGRAM for remote code execution…
-
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks
Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners.The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively.Soco404 “targets both Linux and Windows systems, deploying platform-specific malware,” Wiz First seen on thehackernews.com Jump to article:…
-
Koske, a new AI-Generated Linux malware appears in the threat landscape
Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors…
-
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks
Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners.The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively.Soco404 “targets both Linux and Windows systems, deploying platform-specific malware,” Wiz First seen on thehackernews.com Jump to article:…
-
Mit KI entwickelt: Neue Linux-Malware versteckt sich in süßen Panda-Bildchen
JPEG-Dateien können nicht nur schöne Bilder enthalten, sondern manchmal auch gefährlichen Schadcode. Eine neue Linux-Malware macht davon Gebrauch. First seen on golem.de Jump to article: www.golem.de/news/mit-ki-entwickelt-neue-linux-malware-versteckt-sich-in-suessen-panda-bildchen-2507-198500.html
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
-
New Koske Linux malware hides in cute panda images
A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-koske-linux-malware-hides-in-cute-panda-images/
-
Arch Linux users told to purge Firefox forks after AUR malware scare
The distro’s greatest asset is arguably also its greatest weakness First seen on theregister.com Jump to article: www.theregister.com/2025/07/22/arch_aur_browsers_compromised/
-
Intel announces end of Clear Linux OS project, archives GitHub repos
The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/intel-announces-end-of-clear-linux-os-project-archives-github-repos/
-
Arch Linux pulls AUR packages that installed Chaos RAT malware
Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/
-
Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware
Cryptominer campaign runs for years using legit sites to spread malware, targeting Linux systems through known bugs and avoiding detection. First seen on hackread.com Jump to article: hackread.com/linux-cryptominer-using-legit-sites-to-spread-malware/
-
H2Miner Targets Linux, Windows, and Containers to Illicitly Mine Monero
FortiGuard Labs researchers have uncovered a sophisticated cryptomining campaign where the H2Miner botnet, active since late 2019, has expanded its operations to target Linux, Windows, and containerized environments simultaneously. The campaign represents a significant evolution in cross-platform cryptocurrency mining attacks, with threat actors leveraging updated scripts and infrastructure to maximize financial gains from compromised systems.…
-
Oracle-Lücke birgt Gefahr für RCE-Attacken
Tags: access, bug, cloud, cve, cyberattack, data, exploit, infrastructure, linux, oracle, rce, remote-code-execution, tool, vulnerabilityOracle hat das Sicherheitsproblem im Code Editor bereits gefixt.Forscher von Tenable Research haben eine Sicherheitslücke im Code-Editor von Oracle Cloud Infrastructure (OCI) entdeckt, die Unternehmen für Remote-Code-Execution-Angriffe (RCE) anfällig macht. Die webbasierte integrierte Entwicklungsumgebung (IDI) dient zur Verwaltung von Ressourcen wie Functions, Resource Manager und Data Science und sorgt für nahtlose Entwickler-Workflows.Die enge Integration mit…
-
One click to compromise: Oracle Cloud Code Editor flaw exposed users to RCE
Attacks could have a wider blast radius: Because Code Editor operates on the same underlying file system as the Cloud Shell, essentially a Linux home directory in the cloud, attackers could tamper with files used by other integrated services. This turns the flaw in the seemingly contained developer tool into an exposure for lateral movement…
-
Falco: Open-source cloud-native runtime security tool for Linux
Falco is an open-source runtime security tool for Linux systems, built for cloud-native environments. It monitors the system in real time to spot unusual activity and possible … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/falco-open-source-cloud-native-runtime-linux-security-tool/