Tag: linux
-
Neuer RemoteTrojaner ‘ZynorRAT” steuert Opfer per Telegram
Das Threat-Research-Team (TRT) von Sysdig hat mit eine neue Malware-Familie identifiziert. Der Remote-Access-Trojaner wurde in Go entwickelt, läuft auf Linux und Windows und wird über einen Telegram-Bot ferngesteuert. Erstmals tauchte am 8. Juli 2025 auf Virus-Total auf. Seither deuten Funde und Telemetriedaten auf Ursprünge in der Türkei hin. ist ein Fernzugriffswerkzeug (RAT), […] First seen…
-
BlackLock Ransomware Targets Windows, Linux, and VMware ESXi Systems
BlackLock, a rebranded ransomware group formerly known as El Dorado, has emerged as a formidable threat to organizations worldwide. First identified in June 2024 when its Dedicated Leak Site (DLS) began exposing victim data, the gang is believed to have been active since March 2024. The latest analysis by AhnLab Security Intelligence Center (ASEC) sheds…
-
PureVPN Vulnerability Reveals IPv6 Address While Reconnecting to Wi-Fi
A critical security vulnerability has been discovered in PureVPN’s Linux clients that exposes users’ real IPv6 addresses during network reconnections, undermining the privacy protections that users expect from their VPN service. The vulnerability affects both the graphical user interface (GUI version 2.10.0) and command-line interface (CLI version 2.0.1) on Linux systems, specifically tested on Ubuntu…
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…
-
UEFI Secure Boot for Linux Arm64 where do we stand?
Tags: linuxStill exotic for now, but moves are afoot First seen on theregister.com Jump to article: www.theregister.com/2025/09/17/uefi_secure_boot_for_linux/
-
Linux Kernel KSMBD Flaw Lets Remote Attackers Drain Server Resources
A critical vulnerability in the Linux kernel’s KSMBD implementation has been discovered that allows remote attackers to completely exhaust server connection resources through a simple denial-of-service attack. The flaw, tracked as CVE-2025-38501 and dubbed >>KSMBDrain,
-
0-Click Linux Kernel KSMBD Vulnerability Enables Remote Code Execution via N-Day Exploit
A recent vulnerability in the Linux Kernel’s KSMBD module allows an attacker to execute arbitrary code on a target system without any user interaction. KSMBD is a kernel-space SMB3 server that handles network file sharing. Researchers demonstrated a stable exploit against KSMBD in Linux 6.1.45, achieving remote code execution (RCE) with a success rate above…
-
Why Security-Minded Teams Are Turning to Hardened Linux Distributions
In conversations about operating system security, >>compliance
-
9 unverzichtbare Open-Source-Security-Tools
Tags: attack, authentication, backdoor, blueteam, breach, ciso, cyersecurity, data-breach, encryption, incident response, intelligence, linux, mail, malware, monitoring, open-source, powershell, privacy, risk, software, sql, threat, tool, vulnerability, windowsDiese Open-Source-Tools adressieren spezifische Security-Probleme mit minimalem Footprint.Cybersicherheitsexperten verlassen sich in diversen Bereichen auf Open-Source-Lösungen nicht zuletzt weil diese im Regelfall von einer lebendigen und nutzwertigen Community gestützt werden. Aber auch weil es inzwischen Hunderte qualitativ hochwertiger, quelloffener Optionen gibt, um Breaches und Datenlecks auf allen Ebenen des Unternehmens-Stacks zu verhindern.Falls Sie nun gedanklich bereits…
-
Linux CUPS Flaw Allows Remote Denial of Service and Authentication Bypass
Two critical security vulnerabilities have been discovered in the Common Unix Printing System (CUPS), a widely used printing subsystem for Unix-like operating systems. The flaws, designated as CVE-2025-58364 and CVE-2025-58060, expose Linux systems to remote denial-of-service attacks and authentication bypass, potentially affecting millions of Linux machines worldwide. CVE Severity CVSS Score Impact Affected Versions CVE-2025-58364…
-
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Security Attacks
Security researchers at Straiker’s AI Research (STAR) team have uncovered Villager, an AI-native penetration testing framework developed by Chinese-based group Cyberspike that has already accumulated over 10,000 downloads within two months of its release on the official Python Package Index (PyPI). The tool combines Kali Linux toolsets with DeepSeek AI models to fully automate penetration…
-
VirtualBox 7.2.2 Update Released with Fix for Guest GUI Crashes
Oracle has released VirtualBox 7.2.2, a critical maintenance update that addresses multiple GUI crashes and stability issues affecting users across Windows, Linux, and macOS platforms. Released on September 10, 2025, this update represents a significant improvement in the virtualization software’s reliability and user experience. Critical GUI Crash Fixes Implemented The most significant improvements in VirtualBox…
-
Docker malware breaks in through exposed APIs, then changes the locks
The variant has creative twists: Setting the variant apart is its move to deny others access to the same Docker API, effectively monopolizing the attack surface. It tries to modify firewall settings (iptables, nft, firewall-cmd, etc.) via a cron job to drop or reject incoming connections to port 2375. A cron job is a scheduled…
-
ZynorRAT Exploits Windows and Linux Systems to Gain Remote Access
During a recent threat hunting exercise, the Sysdig Threat Research Team (TRT) identified a new sample dubbed ZynorRAT. This Go-based Remote Access Trojan (RAT) delivers a comprehensive suite of custom command-and-control (C2) capabilities for both Linux and Windows systems. First uploaded to VirusTotal on July 8, 2025, ZynorRAT exhibits no significant overlap with known malware…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
New Exploitation Method Discovered for Linux Kernel UseFree Vulnerability
A new exploitation method has been discovered for the Linux kernel use-after-free (UAF) vulnerability tracked as CVE-2024-50264. The vulnerability was awarded the Pwnie Award 2025 for Best Privilege Escalation due to its complexity and impact on major Linux distributions. Researchers developed innovative techniques to bypass kernel slab allocator and race condition protections, making exploitation much more feasible than…
-
New Exploitation Method Discovered for Linux Kernel UseFree Vulnerability
A new exploitation method has been discovered for the Linux kernel use-after-free (UAF) vulnerability tracked as CVE-2024-50264. The vulnerability was awarded the Pwnie Award 2025 for Best Privilege Escalation due to its complexity and impact on major Linux distributions. Researchers developed innovative techniques to bypass kernel slab allocator and race condition protections, making exploitation much more feasible than…
-
New Exploitation Method Discovered for Linux Kernel UseFree Vulnerability
A new exploitation method has been discovered for the Linux kernel use-after-free (UAF) vulnerability tracked as CVE-2024-50264. The vulnerability was awarded the Pwnie Award 2025 for Best Privilege Escalation due to its complexity and impact on major Linux distributions. Researchers developed innovative techniques to bypass kernel slab allocator and race condition protections, making exploitation much more feasible than…
-
Exploit-Analyse von Kaspersky – Die beliebtesten Windows- und Linux-Schwachstellen
First seen on security-insider.de Jump to article: www.security-insider.de/steigende-cyberangriffe-windows-linux-schwachstellen-kaspersky-warnung-a-4ffbb12393a1344c6e1b989d1a7fea68/
-
Exploit-Analyse von Kaspersky – Die beliebtesten Windows- und Linux-Schwachstellen
First seen on security-insider.de Jump to article: www.security-insider.de/steigende-cyberangriffe-windows-linux-schwachstellen-kaspersky-warnung-a-4ffbb12393a1344c6e1b989d1a7fea68/
-
Kimsuky Hackers’ Playbook Uncovered in Exposed ‘Kim’ Data Dump
A rare breach attributed to a North Koreanaffiliated actor named “Kim” by the leakers has unveiled unprecedented insight into Kimsuky (APT43) operations. Dubbed the “Kim” dump, the 9 GB dataset includes active bash histories, phishing domains, OCR workflows, custom stagers, and Linux rootkit evidence”, revealed a hybrid campaign that leverages Chinese-language tooling and infrastructure to…
-
Linux Kernel Runtime Guard hits 1.0.0 with major updates and broader support
The Linux Kernel Runtime Guard (LKRG) is a kernel module that checks the Linux kernel while it’s running. It looks for signs of tampering and tries to catch attempts to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/08/linux-kernel-runtime-guard-lkrg-1-0-0-released/
-
Linux Mint 22.2 polishes the desktop, but kernel updates are the real deal
Point release brings Cinnamon tweaks, shiny apps, and Ubuntu’s Hardware Enablement stack First seen on theregister.com Jump to article: www.theregister.com/2025/09/05/linux_mint_222/
-
U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog
Tags: android, cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, linux, update, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Sitecore, Android, and Linux to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Google released security updates to address 120 Android…
-
Komplett vorkonfigurierte Software-basierte Appliance von Veeam
Veeam Software hat die Verfügbarkeit seiner ersten vollständig konfigurierten, vorgehärteten Software-Appliance angekündigt. Die neue Veeam-Software-Appliance wurde entwickelt, um IT-Teams sofortigen Schutz ohne komplexe Implementierung zu bieten. Sie macht Schluss mit manueller Einrichtung, Betriebssystem-Patching und Windows-Lizenzierung und wird als bootfähiges ISO oder virtuelle Appliance geliefert. Obendrein läuft sie auf einem gehärteten, von Veeam verwalteten Linux-Betriebssystem, das…
-
Google Patches 111 Android Vulnerabilities, Confirms Active Exploitation of Two Zero-Days
In its latest Android Security Bulletin, Google has confirmed the patching of 111 unique security vulnerabilities, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The most concerning of these involve CVE-2025-48543, a flaw in Android Runtime, and CVE-2025-38352, a bug in the Linux kernel. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-48543-and-cve-2025-38352/
-
Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers
A newly disclosed security flaw in the Linux UDisks daemon has been reported. Tracked as CVE-2025-8067, the out-of-bounds read vulnerability allows local, unprivileged users to access files and data owned by privileged accounts, a serious breach with potentially far-reaching implications. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/linux-daemon-vulnerability-cve-2025-8067/
-
Google patches two Android zero-days, 120 defects total in September security update
The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime. First seen on cyberscoop.com Jump to article: cyberscoop.com/android-security-update-september-2025/