Tag: linux
-
Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware
Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware. First seen on hackread.com Jump to article: hackread.com/atomic-arch-hijacks-linux-aur-packages-malware/
-
Over 400 Arch Linux packages compromised to push rootkit, infostealer
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/
-
PoC Exploit Released for Linux Kernel GuestHost Escape Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments. The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem and allows a malicious guest virtual machine to execute arbitrary commands on the host with…
-
Attacke über Dienstleister: VerdantBamboo infiziert Linux-Appliances
Die Hackergruppe VerdantBamboo nutzt eine BSD-Variante der BRICKSTORM-Malware sowie die Schadprogramme PLENET und AGENTPSD zur Linux-Spionage. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-appliances-verdantbamboo
-
High-severity vulnerability in Linux caused by a single faulty character
Use-after-free bug can be exploited to evade sandbox defenses. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/
-
High-severity vulnerability in Linux caused by a single faulty character
Use-after-free bug can be exploited to evade sandbox defenses. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/
-
High-severity vulnerability in Linux caused by a single errant character
Use-after-free bug can be exploited to evade sandbox defenses. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/
-
A single errant character in the Linux kernel allows attacker to gain root
Use-after-free bug can be exploited to evade sandbox defenses. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/a-single-errant-character-in-the-linux-kernel-allows-attacker-to-gain-root/
-
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was…
-
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was…
-
Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges
A newly disclosed Linux kernel vulnerability tracked as CVE-2026-23111 allows local attackers to escalate privileges to root by exploiting a use-after-free flaw in the nftables subsystem. The vulnerability, patched upstream on February 5, 2026, affects the netfilter framework, specifically nftables, which is widely used for packet filtering, NAT, and firewall rule management across modern Linux…
-
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container.The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8,…
-
Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs
Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version 149.0.7827.53/54, is being rolled out gradually and includes fixes across multiple components, including ANGLE, GPU,…
-
Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs
Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version 149.0.7827.53/54, is being rolled out gradually and includes fixes across multiple components, including ANGLE, GPU,…
-
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems.The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking…
-
Trend Micro Deep Security Agent Flaw Allows Repeatable Security Bypass
Trend Micro’s Deep Security Agent for Linux contains a design flaw in its behavior-monitoring stack that allows a local, unprivileged attacker to repeatedly force short “blind spots” in which endpoint protections are temporarily bypassed. The issue stems from how the agent unloads and reloads its bmhook and tmhook kernel modules under heavy local event load,…
-
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics
A new Gafgyt-family botnet, tracked as C0XMO, marks a notable technical shift in IoT malware design: the separation of scanning and propagation into distinct components and multi-architecture payloads that maximize reach across heterogeneous Linux devices. The operator delivered C0XMO by exploiting CVE-2021-27137 a stack buffer overflow in the UPnP SSDP parser of vulnerable DD-WRT firmware…
-
AI-Powered Worm Leverages Stolen Compute to Target Linux, Windows, and IoT Devices
AI-powered malware is moving from theory to reality, with new proof-of-concept worms showing how large language models (LLMs) can autonomously compromise mixed networks of Linux, Windows, and IoT devices while parasitically hijacking GPU compute for their own reasoning. Instead of shipping with a fixed exploit toolkit, this new class of AI-driven malware uses an embedded…
-
CISA Issues Alert on Actively Exploited Linux Kernel Security Flaw
Tags: authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, linux, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a fresh alert warning organizations about the active exploitation of a Linux kernel vulnerability tracked as CVE-2022-0492. The flaw, categorized as an improper authentication issue, affects Linux systems using the cgroups v1 release_agent feature and can allow attackers to escalate privileges within compromised environments. Linux…
-
Chinese APT VerdantBamboo Targets Appliances with BRICKSTORM Malware
BRICKSTORM is a modular remote access trojan (RAT) originally seen in Golang and later in Rust. It uses a wssoft library with pluggable “tasks” for shell commands, a Socks5 proxy, and a simple web server for file listing. An incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine…
-
CISA adds Android and Linux kernel flaws to exploited vulnerabilities catalog
First seen on scworld.com Jump to article: www.scworld.com/brief/cisa-adds-android-and-linux-kernel-flaws-to-exploited-vulnerabilities-catalog
-
CISA warns of active attacks exploiting Android, Linux bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-active-attacks-exploiting-android-linux-bugs/
-
Expiring Microsoft Secure Boot Keys May Block DBX Updates on Legacy Devices
Expiring Microsoft Secure Boot keys will not brick unmigrated systems on June 27, 2026. However, they will silently freeze DB/DBX updates and lock affected Windows and Linux fleets out of future boot”‘level protections. On June 27, 2026, the Microsoft Corporation KEK CA 2011 used to authorize DB/DBX updates via Windows Update reaches its end of…
-
Expiring Microsoft Secure Boot Keys May Block DBX Updates on Legacy Devices
Expiring Microsoft Secure Boot keys will not brick unmigrated systems on June 27, 2026. However, they will silently freeze DB/DBX updates and lock affected Windows and Linux fleets out of future boot”‘level protections. On June 27, 2026, the Microsoft Corporation KEK CA 2011 used to authorize DB/DBX updates via Windows Update reaches its end of…
-
U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw added to the catalog, tracked…
-
New CIFSwitch vulnerability allows Linux privilege escalation
First seen on scworld.com Jump to article: www.scworld.com/brief/new-cifswitch-vulnerability-allows-linux-privilege-escalation
-
Microsoft’s Coreutils project brings Linux commands to Windows
Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsofts-coreutils-project-brings-linux-commands-to-windows/
-
Red Hat betroffen: Wurm kapert NPM-Pakete und sammelt Zugangsdaten
Eine neue Variante der Mini-Shai-Hulud-Malware schleust sich selbst in NPM-Pakete ein. Auch den Linux-Entwickler Red Hat hat es jetzt erwischt. First seen on golem.de Jump to article: www.golem.de/news/wurm-im-npm-oekosystem-mehrere-softwarepakete-von-red-hat-kompromittiert-2606-209295.html
-
Wurm im NPM-Ökosystem: Mehrere Softwarepakete von Red Hat kompromittiert
Eine neue Variante der Mini-Shai-Hulud-Malware schleust sich selbst in NPM-Pakete ein. Auch den Linux-Entwickler Red Hat hat es jetzt erwischt. First seen on golem.de Jump to article: www.golem.de/news/wurm-im-npm-oekosystem-mehrere-softwarepakete-von-red-hat-kompromittiert-2606-209295.html
-
KDE Linux security audit cuts kernel modules and unused packages
KDE Linux, the in-progress operating system from the KDE community, removed several kernel modules and software packages after a security audit of the components shipped with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/kde-linux-security-audit-update/