Collecting Cyber-News from over 60 sources

Tag: linux

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware

Jul 29, 2025 6:27 PM

Tags: cve, cyberattack, exploit, hacker, linux, malware, sap, vulnerability

Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-sap-netweaver-bug-to-deploy-linux-auto-color-malware/
SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm

Jul 29, 2025 4:28 PM

Tags: ai, attack, backdoor, exploit, linux, malware, rat, remote-code-execution, sap, vulnerability

Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks. First seen on hackread.com Jump to article: hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/
Auto-Color Backdoor Malware Exploits SAP Vulnerability

Jul 29, 2025 4:28 PM

Tags: backdoor, cve, exploit, flaw, linux, malware, sap, vulnerability

Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/auto-color-backdoor-exploits-sap/
Apple Introduces Containerization Feature for Seamless Kali Linux Integration on macOS

Jul 29, 2025 2:28 PM

Tags: apple, cyber, kali, linux, macOS, technology

Apple has unveiled a groundbreaking containerization feature that enables seamless integration of Kali Linux on macOS systems, marking a significant advancement in cross-platform development capabilities. Announced during WWDC 2025, this innovative technology brings Linux containerization directly to Apple’s ecosystem, offering developers and security professionals unprecedented flexibility in their workflows. The new containerization feature represents Apple’s…
Linux 6.16 Released with Performance and Networking Enhancements

Jul 29, 2025 11:28 AM

Tags: cyber, Hardware, linux

Linux creator Linus Torvalds announced the release of Linux kernel version 6.16 on July 27, 2025, marking the end of what he described as a >>nice and calm
AI-Generated Linux Miner ‘Koske’ Beats Human Malware

Jul 25, 2025 9:27 PM

Tags: ai, linux, malware

AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/ai-generated-linux-miner-koske
Beware of Fake Error Pages Deploying Platform-Specific Malware on Linux and Windows Systems

Jul 25, 2025 6:27 PM

Tags: cloud, crypto, cyber, data-breach, exploit, infrastructure, linux, malware, remote-code-execution, scam, service, windows

Wiz Research has uncovered an active cryptomining campaign, dubbed Soco404, that exploits misconfigurations in PostgreSQL databases and other cloud services to deploy platform-specific malware on both Linux and Windows systems. This operation, part of a broader crypto-scam infrastructure, leverages opportunistic scanning for exposed services, abusing features like PostgreSQL’s COPY FROM PROGRAM for remote code execution…
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks

Jul 25, 2025 2:27 PM

Tags: attack, cloud, crypto, linux, malware, service, threat, vulnerability, windows

Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners.The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively.Soco404 “targets both Linux and Windows systems, deploying platform-specific malware,” Wiz First seen on thehackernews.com Jump to article:…
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks

Jul 25, 2025 1:27 PM

Tags: attack, cloud, crypto, linux, malware, service, threat, vulnerability, windows

Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners.The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively.Soco404 “targets both Linux and Windows systems, deploying platform-specific malware,” Wiz First seen on thehackernews.com Jump to article:…
Koske, a new AI-Generated Linux malware appears in the threat landscape

Jul 25, 2025 1:27 PM

Tags: ai, backdoor, exploit, linux, malicious, malware, threat

Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors…
Mit KI entwickelt: Neue Linux-Malware versteckt sich in süßen Panda-Bildchen

Jul 25, 2025 10:27 AM

Tags: ai, linux, malware

JPEG-Dateien können nicht nur schöne Bilder enthalten, sondern manchmal auch gefährlichen Schadcode. Eine neue Linux-Malware macht davon Gebrauch. First seen on golem.de Jump to article: www.golem.de/news/mit-ki-entwickelt-neue-linux-malware-versteckt-sich-in-suessen-panda-bildchen-2507-198500.html
Supply chain attack compromises npm packages to spread backdoor malware

Jul 25, 2025 5:27 AM

Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windows

is npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
New Koske Linux malware hides in cute panda images

Jul 24, 2025 11:27 PM

Tags: ai, intelligence, linux, malware

A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-koske-linux-malware-hides-in-cute-panda-images/
Arch Linux users told to purge Firefox forks after AUR malware scare

Jul 23, 2025 9:12 PM

Tags: browser, linux, malware

The distro’s greatest asset is arguably also its greatest weakness First seen on theregister.com Jump to article: www.theregister.com/2025/07/22/arch_aur_browsers_compromised/
Intel announces end of Clear Linux OS project, archives GitHub repos

Jul 21, 2025 11:40 PM

Tags: github, linux, open-source

The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/intel-announces-end-of-clear-linux-os-project-archives-github-repos/
Arch Linux pulls AUR packages that installed Chaos RAT malware

Jul 18, 2025 11:41 PM

Tags: access, linux, malicious, malware, rat

Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/
Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware

Jul 18, 2025 1:40 PM

Tags: linux, malware

Cryptominer campaign runs for years using legit sites to spread malware, targeting Linux systems through known bugs and avoiding detection. First seen on hackread.com Jump to article: hackread.com/linux-cryptominer-using-legit-sites-to-spread-malware/
H2Miner Targets Linux, Windows, and Containers to Illicitly Mine Monero

Jul 17, 2025 5:40 PM

Tags: attack, botnet, container, crypto, cyber, finance, infrastructure, linux, threat, windows

FortiGuard Labs researchers have uncovered a sophisticated cryptomining campaign where the H2Miner botnet, active since late 2019, has expanded its operations to target Linux, Windows, and containerized environments simultaneously. The campaign represents a significant evolution in cross-platform cryptocurrency mining attacks, with threat actors leveraging updated scripts and infrastructure to maximize financial gains from compromised systems.…
Oracle-Lücke birgt Gefahr für RCE-Attacken

Jul 17, 2025 2:40 PM

Tags: access, bug, cloud, cve, cyberattack, data, exploit, infrastructure, linux, oracle, rce, remote-code-execution, tool, vulnerability

Oracle hat das Sicherheitsproblem im Code Editor bereits gefixt.Forscher von Tenable Research haben eine Sicherheitslücke im Code-Editor von Oracle Cloud Infrastructure (OCI) entdeckt, die Unternehmen für Remote-Code-Execution-Angriffe (RCE) anfällig macht. Die webbasierte integrierte Entwicklungsumgebung (IDI) dient zur Verwaltung von Ressourcen wie Functions, Resource Manager und Data Science und sorgt für nahtlose Entwickler-Workflows.Die enge Integration mit…
One click to compromise: Oracle Cloud Code Editor flaw exposed users to RCE

Jul 16, 2025 3:40 PM

Tags: access, attack, cloud, credentials, data, data-breach, detection, exploit, flaw, identity, linux, oracle, radius, rce, remote-code-execution, tool

Attacks could have a wider blast radius: Because Code Editor operates on the same underlying file system as the Cloud Shell, essentially a Linux home directory in the cloud, attackers could tamper with files used by other integrated services. This turns the flaw in the seemingly contained developer tool into an exposure for lateral movement…
Falco: Open-source cloud-native runtime security tool for Linux

Jul 16, 2025 7:40 AM

Tags: cloud, linux, open-source, tool

Falco is an open-source runtime security tool for Linux systems, built for cloud-native environments. It monitors the system in real time to spot unusual activity and possible … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/16/falco-open-source-cloud-native-runtime-linux-security-tool/
Ransomware Threat Grows as Attackers Move Into VMware and Linux

Jul 15, 2025 1:40 PM

Tags: business, cyber, infrastructure, linux, ransomware, threat, vmware, windows

Linux has been the reliable backbone of business infrastructure for many years; it powers 96% of the top million web servers worldwide and more than 80% of workloads in public clouds. Its reputation for reliability and inherent security has long shielded it from the intense scrutiny faced by Windows environments. However, this era of relative…
PoC Released for High-Severity Git CLI Vulnerability Allowing Arbitrary File Writes

Jul 15, 2025 10:40 AM

Tags: cve, cvss, cyber, exploit, linux, macOS, remote-code-execution, vulnerability

A critical vulnerability in Git’s command-line interface has been disclosed with public proof-of-concept exploits available, allowing arbitrary file writes and remote code execution on Linux and macOS systems. CVE-2025-48384 affects Git installations usinggit clone recursiveon weaponized repositories, exploiting improper handling of carriage return characters in.gitmodulesfiles to bypass security controls. Field Details CVE ID CVE-2025-48384 CVSS…
BERT Ransomware Can Force Shutdown of ESXi Virtual Machines to Hinder Recovery

Jul 8, 2025 10:41 PM

Tags: cyber, group, healthcare, linux, ransomware, service, technology, threat, windows

A newly identified ransomware group, BERT, tracked by Trend Micro as Water Pombero, has emerged as a significant threat to organizations across Asia, Europe, and the US. First observed in April, BERT targets critical sectors such as healthcare, technology, and event services, employing a dual-platform approach to infect both Windows and Linux systems. Threat Targeting…
New Bert Ransomware Evolves With Multiple Variants

Jul 8, 2025 6:34 PM

Tags: cybercrime, group, linux, malware, ransomware, russia, windows

An emerging ransomware group that calls itself Bert is quickly evolving after hitting the cybercrime scene in April, targeting both Windows and Linux systems used by organizations in the health care, tech, and other industries in the United States, Europe, and Asia. It may be a Russian group whose malware evolved from REvil code. First…
ClickFix-Attacken bedrohen Unternehmenssicherheit

Jul 8, 2025 4:34 PM

Tags: access, apple, awareness, cyberattack, detection, endpoint, exploit, intelligence, Internet, linux, mail, malware, microsoft, open-source, phishing, powershell, ransomware, social-engineering, spam, threat, tool, windows

Cyberkriminelle greifen immer häufiger auf ClickFix-Angriffe zurück.Weniger bekannt als Phishing ist die Social-Engineering-Methode ClickFix. Ziel solcher Attacken ist es, die Opfer dazu zu bewegen, bösartige Befehle in Tools wie PowerShell oder die Windows-Eingabeaufforderung einzufügen. Die Angriffe beginnen in der Regel, nachdem ein Benutzer eine kompromittierte oder bösartige Website besucht oder einen betrügerischen Anhang oder Link…
How a 12-year-old bug in Sudo is still haunting Linux users

Jul 8, 2025 3:34 PM

Tags: cve, cvss, cyber, exploit, flaw, group, linux, update, vulnerability

Sudo is trusting the wrong host: CVE-2025-32462, which remained unnoticed for over 12 years, requires a specific, but common configuration of restricting Sudo rules to certain hostnames or hostname patterns.According to the researchers, the sudoers file uses flexible syntax to suit any organization size, allowing a single configuration to work across Linux and UNIX systems…
Pakistan’s Transparent Tribe Hits Indian Defence with Linux Malware

Jul 8, 2025 11:34 AM

Tags: india, linux, malware, phishing

Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma. First seen on hackread.com Jump to article: hackread.com/pakistan-transparent-tribe-indian-defence-linux-malware/
Bert Blitzes Linux & Windows Systems

Jul 8, 2025 12:34 AM

Tags: linux, ransomware, threat, windows

The new ransomware strain’s aggressive multithreading and cross-platform capabilities make it a potent threat to enterprise environments. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/bert-blitzes-linux-windows-systems
Inside the ZIP Trap: How APT36 Targets BOSS Linux to Exfiltrate Critical Data

Jul 7, 2025 4:34 PM

Tags: cyber, data, defense, espionage, government, india, linux, tactics, threat

CYFIRMA has uncovered a highly sophisticated cyber-espionage campaign orchestrated by APT36, also known as Transparent Tribe, a Pakistan-based threat actor with a notorious history of targeting Indian defense and government sectors. This latest operation marks a significant shift in tactics, as APT36 adapts its arsenal to infiltrate Linux-based environments, specifically focusing on BOSS Linux, a…