Tag: linux
-
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
From profile manipulation to root shell: The blog post detailed a full privilege escalation chain demonstrated on a default Ubuntu Server installation with the Postfix mail server. By loading a crafted security profile that blocks a specific privilege-dropping capability in Sudo, the researchers said they forced Sudo into a “fail-open” condition: unable to shed its…
-
Unprivileged users could exploit AppArmor bugs to gain root access
Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have existed since 2017 and could allow unprivileged users to bypass protections, escalate privileges to root,…
-
‘CrackArmor”: Neun Sicherheitslücken in Millionen von Linux-Systemen entdeckt
Tags: linuxFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/crackarmor-sicherheitsluceken-linux-kernel
-
‘CrackArmor’ Vulnerability in AppArmor Impacts 12.6M Linux Systems
Qualys uncovers ‘CrackArmor’ vulnerabilities in AppArmor that could expose 12.6M Linux systems to root access and container escapes. First seen on hackread.com Jump to article: hackread.com/crackarmor-vulnerability-apparmor-linux-systems/
-
Qualys Threat Research Unit entdeckt CrackArmor – Sicherheitslücken in AppArmor
Die Qualys Threat Research Unit (TRU) hat heute ‘CrackArmor” enthüllt eine Sammlung von neun Sicherheitslücken im weit verbreiteten Linux-Sicherheitsmodul AppArmor. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-threat-research-unit-entdeckt-crackarmor/a44107/
-
Sicherheitsmodul im Linux-Kernel weist neun Sicherheitslücken auf
Die Qualys Threat Research Unit (TRU) hat ‘CrackArmor” entdeckt. Dabei handelt es sich um eine Reihe von neun Schwachstellen in <>, einem weit verbreiteten Sicherheitsmodul im Linux-Kernel. Diese Schwachstellen haben seit 2017 über 12 Millionen Unternehmenssysteme, auf denen Ubuntu-, Debian- und Suse-Distributionen laufen, angreifbar gemacht, sodass lokale Angreifer vollständigen Root-Zugriff erlangen, Container-Ausbrüche ausführen und systemweite…
-
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel’s AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees.The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The First seen on thehackernews.com Jump to…
-
Qualys Threat Research Unit entdeckt ‘CrackArmor”
Die Qualys Threat Research Unit (TRU) hat heute ‘CrackArmor” enthüllt eine Sammlung von neun Sicherheitslücken im weit verbreiteten Linux-Sicherheitsmodul AppArmor. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/qualys-threat-research-unit-entdeckt-crackarmor/a44107/
-
Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Full Root Takeover
A newly disclosed set of nine vulnerabilities, dubbed >>CrackArmor,<< has exposed a critical flaw in AppArmor, a foundational Linux security module. AppArmor serves as the default mandatory access control system for Ubuntu, Debian, SUSE, and numerous cloud platforms, this flaw allows unprivileged local users to bypass container isolation and gain full root control over compromised…
-
OpenSSH GSSAPI Flaw Can Be Exploited to Crash SSH Child Processes
A newly discovered vulnerability in the GSSAPI Key Exchange patch for OpenSSH is putting multiple Linux distributions at risk. Tracked as CVE-2026-3497, the flaw allows unauthenticated attackers to crash SSH child processes using a single crafted packet. This leads to reliable denial-of-service conditions and to privilege separation boundary violations. The issue was discovered by security…
-
US disrupts SocksEscort proxy network powered by Linux malware
Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-disrupts-socksescort-proxy-network-powered-by-linux-malware/
-
March Patch Tuesday: Three high severity holes in Microsoft Office
aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…
-
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…
-
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-cyber-threat-critical-asian-sectors
-
ClipXDaemon Malware Targets Crypto Users in Linux X11 Sessions
ClipXDaemon is a new Linux malware family that hijacks cryptocurrency clipboard data in X11 sessions, operating fully offline without any command”‘and”‘control (C2) infrastructure. It reuses a ShadowHS-style loader built with the public bincrypter framework but delivers a completely different, autonomous financial payload. ShadowHS used an obfuscated shell loader to deploy an in”‘memory hackshell for long”‘term…
-
ClipXDaemon Malware, a Stealthy Cryptocurrency Clipboard Hijacker on Linux
Security researchers have identified a new Linux malware strain called ClipXDaemon, a stealthy threat designed to target cryptocurrency users by manipulating copied wallet addresses. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/clipxdaemon-linux-malware/
-
ClipXDaemon Malware, a Stealthy Cryptocurrency Clipboard Hijacker on Linux
Security researchers have identified a new Linux malware strain called ClipXDaemon, a stealthy threat designed to target cryptocurrency users by manipulating copied wallet addresses. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/clipxdaemon-linux-malware/
-
New Linux Rootkits Leverage Advanced eBPF and io_uring Techniques for Stealthy Attacks
Linux rootkits have historically received less attention than their Windows counterparts, but the rapid adoption of Linux in cloud infrastructure, containers, and IoT devices has shifted the threat landscape. Attackers are constantly innovating, and over the past two decades, Linux rootkits have evolved significantly. While early threats relied on easily detectable userland shared object injections…
-
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants.The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow.It’s worth First seen…
-
Chinese state hackers target telcos with new malware toolkit
A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-state-hackers-target-telcos-with-new-malware-toolkit/
-
Codenotary Trust delivers autonomous AI security for Linux and Kubernetes
Codenotary has announced Codenotary Trust, a unified SaaS platform that uses AI to instantly detect, prioritize, and autonomously fix security, configuration, and performance … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/05/codenotary-trust-saas-platform/
-
RingH23 Threat Actors Target MacCMS and CDN Infrastructure with New Arsenal
Threat actors are abusing a new Linux-based toolkit dubbed RingH23 to silently compromise MacCMS-based video sites and hijack CDN infrastructure at scale, redirecting millions of users to gambling, pornography, and fraud platforms.”‹ Evidence shows Funnull has re-emerged with a fully owned attack framework that no longer parasitizes public CDNs, but actively compromises CDN nodes and…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Immutable Linux distribution Nitrux 6.0.0 adds GPU passthrough, boot-level recovery, C++ update system
Nitrux 6.0.0, released March 3, 2026, packages several components that security practitioners running Linux workstations will find worth examining: a new hypervisor … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/immutable-linux-distribution-nitrux-6-release/
-
Immutable Linux distribution Nitrux 6.0.0 adds GPU passthrough, boot-level recovery, C++ update system
Nitrux 6.0.0, released March 3, 2026, packages several components that security practitioners running Linux workstations will find worth examining: a new hypervisor … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/immutable-linux-distribution-nitrux-6-release/
-
mquire: Open-source Linux memory forensics tool
Linux memory forensics has long depended on debug symbols tied to specific kernel versions. These symbols are not installed on production systems by default, and sourcing them … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/mquire-open-source-linux-memory-forensics-tool/