Tag: linux
-
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update.Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder.Here is a quick look at the signals worth paying attention…
-
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries
Tags: access, api, apt, china, cloud, communications, cyber, cyberespionage, data, defense, endpoint, espionage, google, government, group, hacker, infrastructure, intelligence, linux, mandiant, monitoring, network, phone, radius, service, spy, theft, threat, vpnHow Mandiant found it: The campaign came to light during a Mandiant Threat Defense investigation, when analysts flagged unusual activity on a CentOS server. A binary named xapt, designed to masquerade as the apt package manager on Debian-based Linux systems, had already escalated to root and was running shell commands to confirm its access level,…
-
Kali Linux Introduces Claude AI for Automated Penetration Testing Using Model Context Protocol
Offensive security operations are evolving with a new method for running Kali Linux. By combining Kali with Anthropic’s Claude AI via the Model Context Protocol (MCP), security analysts can now execute penetration testing tools using simple natural language. This moves operations beyond traditional terminal commands into an AI-assisted graphical interface. While command-line execution remains standard,…
-
mquire: Linux memory forensics without external dependencies
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production systems and must be sourced from external repositories, which quickly become outdated when systems receive updates. If you’ve ever tried to analyze a memory dump only…
-
LUKS Encryption Compromised on Linux ICS Devices via TPM Bus Sniffing Exploit
Security researchers Per Idenfeldt Okuyama and Sam Eizad have uncovered a critical physical attack vulnerability in the Moxa UC-1222A Secure Edition industrial computer, demonstrating that its LUKS full-disk encryption can be fully defeated by passively sniffing the SPI bus between the processor and the discrete TPM 2.0 chip during system boot. The flaw, tracked as…
-
Google Releases Emergency Chrome Patch Addressing Three Major Security Flaws
Google has rolled out an emergency security update for its Chrome browser, addressing three high-severity vulnerabilities. This update targets users on Windows, Mac, and Linux platforms, aiming to patch critical flaws that could compromise system security and user data. The rapid deployment of these fixes highlights the ongoing challenges in securing widely used web browsers…
-
NDSS 2025 Generating API Specifications For Bug Detection Via Specification Propagation Analysis
Session 13B: API Security Authors, Creators & Presenters: Miaoqian Lin (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi…
-
Linus Torvalds: Someone ‘more competent who isn’t afraid of numbers past the teens’ will take over Linux one day
Tags: linuxEmperor Penguin releases kernel 7.0 rc1 with some numerological musings First seen on theregister.com Jump to article: www.theregister.com/2026/02/23/linux_7_0_rc1/
-
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
Pivot techniques: In addition to the payloads themselves, the investigation also revealed new techniques. For example, the legitimate shell script convert_hosts.sh that exists on these appliances has been modified to include the path of the backdoors to achieve persistence.The SLAYSTYLE web shell, which is designed to receive commands over HTTP and execute them on the…
-
New SysUpdate Variant Malware Discovered, Decryption Tool for Linux C2 Traffic Released
A new Linux malware sample that strongly aligns with the SysUpdate malware family used by APT27/Iron Tiger. Initially detected on a client’s system, the binary behaved like a system service and executed the GNU/Linux id command when run without specific arguments, returning the output as part of its basic functionality. Closer inspection showed that the sample was…
-
REMnux v8 brings AI integration to the Linux malware analysis toolkit
REMnux, a specialized Linux distribution for malware analysis, has released version 8 with a rebuilt platform based on Ubuntu 24.04 and a new capability aimed at connecting AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/17/remnux-8-linux-malware-analysis-toolkit/
-
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi
The Acronis Threat Research Unit (TRU) has identified a new and significantly enhanced version of the LockBit ransomware, LockBit 5.0, currently being deployed in active … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/lockbit-5-0-ransomware-windows-linux-esxi/
-
LockBit 5.0 Emerges: Cross-Platform Ransomware Now Targeting Windows, Linux, and ESXi Systems
LockBit’s new 5.0 version is actively attacking Windows, Linux, and ESXi systems, using a unified yet highly optimized ransomware framework that significantly increases the risk to enterprise environments. Analysis by the Acronis Threat Research Unit (TRU) shows that while all variants share the same core encryption and extortion logic, the Windows build carries the most…
-
Chrome 0-Day Enables Remote Code Execution in Ongoing Campaign
Google has released an urgent security update for the Chrome desktop web browser to address a severe high-severity vulnerability that is currently being exploited in the wild. The search giant rolled out the fix on Friday, updating the Stable channel to version 145.0.7632.75/.76 for Windows and macOS users, and version 144.0.7559.75 for Linux users. This…
-
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized “Ninja Browser.” The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ctm360-lumma-stealer-and-ninja-browser-malware-campaign-abusing-google-groups/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT New Spyware Targeting Android and iOS Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet Reynolds: Defense Evasion Capability […]…
-
REMnux v8 Linux Toolkit Released With AI-Powered Malware Analysis Capabilities
The landscape of malware analysis has taken a significant leap forward with the official release of REMnux v8. This popular Linux toolkit, which has served the security community for fifteen years, has been updated to address modern threats and integrate emerging technologies. The headline feature of this major release is the introduction of AI-powered capabilities…
-
3 Updates seit Oktober 2025 – BSI stuft Linux-Schwachstelle als kritisch ein
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-linux-kernel-a-ca1282201c46cd265cbd9bce3527e607/
-
3 Updates seit Oktober 2025 – BSI stuft Linux-Schwachstelle als kritisch ein
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-linux-kernel-a-ca1282201c46cd265cbd9bce3527e607/
-
SSH Worm Exploit Detected by DShield Sensor Using Credential Stuffing and Multi-Stage Malware
A DShield honeypot sensor recently recorded a complete compromise sequence involving a self-replicating SSH worm that exploits weak passwords to spread across Linux systems. The incident highlights how poor SSH hygiene and the use of default credentials remain among the most persistent threats to Internet-connected devices. Even in 2026, attackers continue leveraging automated credential stuffing…
-
Chrome Security Update Released to Address Code Execution Vulnerabilities
Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux systems, addressing 11 security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, announced on February 10, 2026, will roll out gradually over the coming days and weeks. Critical Security Fixes The update patches several high-severity…
-
New Linux botnet SSHStalker uses old-school IRC for C2 comms
A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-linux-botnet-sshstalker-uses-old-school-irc-for-c2-comms/
-
APT36 Targets Linux Systems With New Tools Designed to Disrupt Services
Critical infrastructure worldwide faces mounting threats from sophisticated, state-sponsored >>espionage ecosystems.<< These well-funded organizations deploy various tools designed to disrupt essential services and gather intelligence. Some launch denial-of-service (DDoS) attacks against transport hubs and supply chains. In contrast, others seek geopolitical advantage by mining sensitive information and bypassing traditional security measures. For over a decade,…
-
VoidLink Linux C2 Uses LLM-Generated Malware with Kernel-Level Stealth
VoidLink represents a concerning evolution in malware development: a sophisticated Linux command-and-control framework that shows clear signs of being built with AI assistance. This Linux malware operates as a modular implant designed for long-term access to compromised systems. It doesn’t discriminate between cloud providers, actively harvesting credentials from AWS, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, and…
-
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/voidlink-malware-multi-cloud-ai/
-
Linux kernel 6.19 reaches stable release, kernel 7.0 work is already underway
Tags: linuxDevelopment activity on the Linux kernel continues into early 2026 with the stable release of version 6.19. Kernel maintainers have completed the pre-release cycle and merged … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/linux-kernel-6-19-released/
-
Linus Torvalds keeps his ‘fingers and toes’ rule by decreeing next Linux will be version 7.0
Tags: linuxBut first, kernel 6.19 is upon us, with many goodies First seen on theregister.com Jump to article: www.theregister.com/2026/02/09/linux_6_19_7_named/
-
>>JackMa<< ShadowGuard: TGR1030 Spies on 37 Nations via Linux Rootkit
Tags: linuxThe post >>JackMa<< ShadowGuard: TGR-STA-1030 Spies on 37 Nations via Linux Rootkit appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/jackma-shadowguard-tgr-sta-1030-spies-on-37-nations-via-linux-rootkit/
-
DKnife toolkit abuses routers to spy and deliver malware since 2019
DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…