Tag: linux

Novel PumaBot slips into IoT surveillance with stealthy SSH break-ins

May 30, 2025 12:55 PM

Tags: access, botnet, cctv, control, credentials, detection, exploit, firewall, Internet, iot, linux, login, malware, monitoring, network, password, service, vulnerability

bypasses the usual playbook of conducting internet-wide scanning and instead brute-forces secure shell (SSH) credentials for a list of targets it receives from a command and control (C2) server.”DarkTrace researchers have identified a custom Go-based Linux botnet targeting embedded Linux Internet of Things (IoT) devices,” researchers said in a blog post. “The botnet gains initial access…
Attacks with new Pumabot botnet hit Linux IoT devices

May 29, 2025 9:55 PM

Tags: attack, botnet, iot, linux

First seen on scworld.com Jump to article: www.scworld.com/brief/attacks-with-new-pumabot-botnet-hit-linux-iot-devices
PumaBot Targets Linux Devices in Latest Botnet Campaign

May 29, 2025 7:55 PM

Tags: botnet, linux, tactics

While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/pumabot-targets-linux-devices-botnet-campaign
PumaBot Malware Targets Linux IoT Devices

May 28, 2025 11:55 PM

Tags: botnet, cctv, credentials, Internet, iot, linux, malware

Stealthy Malware Installs Cryptomining Software. A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet PumaBot, since its malware checks for the string Pumatronix, the name of a Brazilian manufacturer of surveillance and traffic camera systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/pumabot-malware-targets-linux-iot-devices-a-28526
New PumaBot botnet brute forces SSH credentials to breach devices

May 28, 2025 10:55 PM

Tags: botnet, breach, credentials, iot, linux, malicious, malware

A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/
New PumaBot targets Linux IoT surveillance devices

May 28, 2025 5:55 PM

Tags: attack, botnet, credentials, Internet, iot, linux, malware

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. PumaBot skips broad internet scans and instead pulls a list of targets from its…
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

May 28, 2025 3:55 PM

Tags: attack, botnet, control, credentials, crypto, Internet, iot, linux, malware

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.”Rather than scanning the internet, the malware retrieves a list of targets…
Chrome Security Patch Addresses High-Severity Vulnerabilities Enabling Code Execution

May 28, 2025 10:55 AM

Tags: browser, chrome, cyber, google, linux, update, vulnerability, windows

The Chrome team at Google has officially released Chrome 137 to the stable channel for Windows, Mac, and Linux platforms. This update, version 137.0.7151.55/56, brings a host of security improvements, bug fixes, and technical enhancements, reinforcing Chrome’s position as a leading web browser for both everyday users and enterprise environments. Security Enhancements and Technical Fixes…
Die wertvollsten Security-Zertifizierungen

May 28, 2025 6:54 AM

Tags: access, ai, blockchain, china, cisa, cisco, cloud, compliance, control, cyberattack, cybersecurity, data, DSGVO, endpoint, framework, germany, governance, hacker, hacking, identity, incident response, injection, international, jobs, kali, linux, monitoring, network, password, penetration-testing, privacy, resilience, risk, risk-management, sans, security-incident, service, siem, skills, social-engineering, sql, threat, usa, vulnerability, windows

Zertifizierte IT-Sicherheitsprofis sind (unter anderem) gefragter und verdienen besser.(Cybersecurity-)Zertifizierungen können eine aktienähnliche Volatilität entfalten: Ihre Popularität kann steigen oder auch fallen und sie können an Relevanz verlieren, wenn sie nicht mit den aktuellen Branchenentwicklungen Schritt halten. Allerdings sind davon nicht alle Zertifizierungen gleichermaßen betroffen: Sogenannte “Blue Chips” haben sich über den Lauf der Zeit bewährt…
Linux 6.15 Launches with Major Performance and Hardware Upgrades

May 26, 2025 12:54 PM

Tags: cyber, Hardware, linux, nvidia, open-source, rust

The Linux 6.15 kernel, released on May 25, 2025, marks a pivotal moment in open-source development, introducing several groundbreaking features and technical advancements. Most notably, this release debuts the first Rust-written Direct Rendering Manager (DRM) driver, NOVA, targeting NVIDIA RTX 2000 “Turing” series and newer GPUs. The NOVA driver, written entirely in Rust, represents a…
Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills

May 23, 2025 11:55 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, cctv, cisa, cloud, computer, control, credentials, crypto, cyber, cybercrime, cybersecurity, data, detection, email, espionage, exploit, finance, framework, germany, group, Hardware, infrastructure, injection, intelligence, iot, kev, law, linux, malware, metric, mfa, military, mitigation, network, nist, open-source, organized, passkey, password, phishing, risk, russia, skills, software, sql, tactics, technology, tool, training, ukraine, unauthorized, update, vpn, vulnerability, wifi, zero-trust

Check out expert recommendations for protecting your AI system data. Plus, boost your IT department’s cybersecurity skills with a new interactive framework. In addition, learn about a malware campaign targeting critical infrastructure orgs. And get the latest on Russian cyber espionage and on a NIST effort to enhance vulnerability prioritization. Dive into five things that…
Chrome 0-Day CVE-2025-4664 Exposes Windows, Linux Browser Activity

May 23, 2025 1:55 PM

Tags: browser, chrome, cve, google, linux, login, update, windows, zero-day

A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately. First seen on hackread.com Jump to article: hackread.com/chrome-0-day-cve-2025-4664-windows-linux-browser-activity/
AI Finds What Humans Missed: OpenAI’s o3 Spots Linux Zero-Day

May 23, 2025 9:55 AM

Tags: ai, cve, flaw, linux, openai, vulnerability, zero-day

A zero-day vulnerability in the Linux kernel’s SMB (Server Message Block) implementation, identified as CVE-2025-37899, has been discovered using OpenAI’s powerful language model, o3. The vulnerability is a use-after-free flaw located in the First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-37899-zero-day-in-linux-smb-kernel/
Linux Kernel Zero-Day SMB Vulnerability Discovered via ChatGPT

May 22, 2025 5:54 PM

Tags: ai, chatgpt, cyber, linux, openai, vulnerability, zero-day

Security researcher has discovered a zero-day vulnerability (CVE-2025-37899) in the Linux kernel’s SMB server implementation using OpenAI’s o3 language model. The vulnerability, a use-after-free bug in the SMB ‘logoff’ command handler, could potentially allow remote attackers to execute arbitrary code with kernel privileges. This discovery marks a significant advancement in AI-assisted vulnerability research, demonstrating how…
Google flags malicious use of Linux .desktop files

May 21, 2025 10:54 PM

Tags: google, linux, malicious

First seen on scworld.com Jump to article: www.scworld.com/brief/google-flags-malicious-use-of-linux-desktop-files
LastOS slaps neon paint on Linux Mint and dares you to run Photoshop

May 20, 2025 5:54 PM

Tags: linux, windows

Another distro for Windows users presumably ones who love bling First seen on theregister.com Jump to article: www.theregister.com/2025/05/19/lastos/
RedisRaider Campaign Targets Linux Servers by Exploiting Misconfigured Redis Instances

May 20, 2025 4:54 PM

Tags: cyber, exploit, linux, threat, vulnerability, worm

Datadog Security Research has uncovered a formidable new cryptojacking campaign dubbed >>RedisRaider,
The Windows Subsystem for Linux goes open source

May 20, 2025 11:54 AM

Tags: github, linux, microsoft, open-source, windows

Microsoft has officially open-sourced the Windows Subsystem for Linux (WSL), closing the very first issue ever filed on the Microsoft/WSL GitHub repository: “Will this be open … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/20/microsoft-wsl-open-sourced/
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

May 20, 2025 10:54 AM

Tags: cybersecurity, jobs, linux, malicious, malware, vulnerability

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers.The malicious activity has been codenamed RedisRaider by Datadog Security Labs.”RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,” First seen on thehackernews.com Jump to…
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks

May 20, 2025 5:57 AM

Tags: ai, authentication, browser, chrome, cloud, container, cve, cyber, data, docker, exploit, flaw, framework, hacker, infrastructure, linux, microsoft, network, nvidia, open-source, oracle, risk, software, technology, tool, vmware, vulnerability, zero-day

Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
Microsoft open-sources Windows Subsystem for Linux at Build 2025

May 19, 2025 6:54 PM

Tags: github, linux, microsoft, open-source, windows

Microsoft has open-sourced the Windows Subsystem for Linux (WSL), making its source code available on GitHub, except for a few components that are part of Windows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-open-sources-windows-subsystem-for-linux-at-build-2025/
GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems

May 19, 2025 8:56 AM

Tags: cve, cyber, exploit, flaw, linux, malicious, vulnerability

Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially affecting millions of Linux systems worldwide. The flaw, identified as CVE-2025-4802, involves statically linked setuid binaries that incorrectly search library paths, potentially allowing attackers to execute malicious code with elevated privileges. While no exploitations have been reported in the wild, the…
VMware ESXi, Firefox, Red Hat Linux SharePoint Hacked Pwn2Own Day 2

May 17, 2025 1:54 PM

Tags: browser, conference, cyber, linux, vmware, vulnerability, zero-day

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning $435,000 in bounties. The competition, now in its second day at the OffensiveCon conference in Berlin, has awarded a cumulative total of $695,000 with participants revealing 20 unique zero-day vulnerabilities thus far. With…
Linux Foundation Shares Framework for Building Effective Cybersecurity Teams

May 16, 2025 9:54 PM

Tags: cybersecurity, framework, guide, linux, skills

The Linux Foundation this week made available a customizable reference guide intended to help organizations identify critical cybersecurity skills requirements. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/linux-foundation-shares-framework-for-building-effective-cybersecurity-teams/
The ‘End of 10’ is nigh, but don’t bury your PC just yet

May 16, 2025 9:54 PM

Tags: linux

Linux types mobilize website to help people avoid creating more e-waste First seen on theregister.com Jump to article: www.theregister.com/2025/05/15/end_of_10_campaign/
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own

May 16, 2025 9:54 PM

Tags: exploit, hacker, linux, microsoft, oracle, vmware, zero-day

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-vmware-esxi-microsoft-sharepoint-zero-days-at-pwn2own/
Pwn2Own Day 1 Windows 11, Red Hat Linux, Oracle VirtualBox Hacked

May 16, 2025 11:54 AM

Tags: ai, cyber, exploit, linux, oracle, vulnerability, windows

Security researchers successfully illustrated significant vulnerabilities across several platforms on the first day of Pwn2Own Berlin 2025, taking home a total of $260,000 in prizes. The competition featured 11 different exploit attempts, including the inaugural AI category entries. STAR Labs has taken an early lead in the Master of Pwn competition, showcasing their technical prowess…
Tor Oniux Tool Offers Anonymous Linux App Traffic

May 16, 2025 8:54 AM

Tags: cyber, data, leak, linux, network, privacy, risk, tool

Tor Project has unveiled oniux, a new command-line utility that provides comprehensive network isolation for Linux applications, ensuring all traffic routes exclusively through the Tor network. This tool aims to eliminate the risk of accidental data leaks that can occur with traditional SOCKS proxy configurations, offering enhanced privacy protection for users handling sensitive information. Oniux…
Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed

May 16, 2025 7:54 AM

Tags: cybersecurity, framework, guide, jobs, linux, skills

The Linux Foundation, in collaboration with OpenSSF and Linux Foundation Education, has released the Cybersecurity Skills Framework, a global reference guide that helps … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/16/cybersecurity-skills-framework-linux-foundation/
Windows 11 and Red Hat Linux hacked on first day of Pwn2Own

May 15, 2025 6:54 PM

Tags: docker, exploit, linux, oracle, windows, zero-day

On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-11-and-red-hat-linux-virtualbox-hacked-on-first-day-of-pwn2own/