Tag: linux
94 articles

Microsoft-Signed Linux UEFI Shims Expose Secure Boot Bypass Risk
A newly discovered vulnerability in 11 Microsoft-signed Linux UEFI shims could allow hackers to bypass Secure Boot and deploy malicious code during system startup, putting your device at risk of infection with UEFI bootkits or other malware. This security flaw enables attackers to execute untrusted code during boot, making it a critical threat to your system's security.

Malware Delivered via Trojanized GitHub Exploits Targets Security Researchers
Security researchers have been targeted by a sneaky malware campaign that uses trojanized GitHub exploits to deliver a Python-based remote access trojan, hiding in plain sight within popular proof-of-concept code repositories. The malware, downloaded over 2,400 times mostly on Linux-based systems, was spread through malicious packages cleverly concealed in dependency lists on GitHub.

Arch Linux Cracks Down on Malicious Commits in User Repository
Malicious hackers have launched a massive assault on the Arch User Repository, compromising over 1,500 user-submitted packages and forcing the Arch Linux team to temporarily halt new account signups to contain the damage. The attack has been mitigated, but not before highlighting the vulnerability of community-run package repositories.

Arch Linux AUR Packages Targeted in Credential Stealer Campaign
Malicious actors have hijacked over 400 Arch Linux AUR packages, quietly altering their build scripts to deploy a sneaky Rust credential stealer in a campaign dubbed Atomic Arch. By targeting abandoned packages and preserving their original names and histories, the attackers cleverly evaded detection.

Linux Flaw Enables Rapid Local Root Access Escalation
A single-character logic error in Linux's nf_tables code, known as CVE-2026-23111, can quickly turn an unprivileged local account into a powerful root account, allowing for container escape - and publicly available exploit code makes it a pressing concern. This vulnerability has already been patched, but its public exposure puts Linux users at risk.

VerdantBamboo Targets Linux Systems with Customized Malware Arsenal
Meet VerdantBamboo, a stealthy threat actor that infiltrated Linux and BSD systems, hiding in plain sight for 18 months by cleverly evading detection and morphing its malware arsenal to blend in. Its sophisticated attacks went undetected until Volexity's incident response team uncovered the intrusion, revealing a complex trail that led from Egnyte appliances into Microsoft 365 environments.

Microsoft Brings Linux Commands to Windows with Coreutils Release
Microsoft just made life easier for developers who juggle Windows and Linux, releasing Coreutils for Windows, a package that brings commonly used Linux commands to Windows as native apps. This game-changing move eliminates frustrating workarounds and context switching, letting devs focus on what matters most - coding.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

Linux Kernel Faces New Exploit for DirtyDecrypt Vulnerability
A new exploit has been discovered for the DirtyDecrypt vulnerability in the Linux Kernel, allowing for a potentially devastating rxgk pagecache write due to a missing copy-on-write guard. This flaw, tracked as CVE-2026-31635, has a CVSS score of 7.5 and was recently patched after being reported by security researchers.

Linux Flaw Exposes Root Files to Unprivileged Users
A critical flaw in the Linux kernel has been discovered, allowing unprivileged users to access files that should be restricted to root accounts, putting system security at risk. This bug puts a spotlight on the importance of kernel access controls for system operators and users who rely on them.

DirtyDecrypt Flaw Exposes Linux Systems to Root Access Risk
A newly patched Linux kernel flaw, dubbed DirtyDecrypt, has been exposed through a public proof-of-concept exploit that can grant root access to vulnerable systems. This critical vulnerability was recently patched, but a public exploit is now available, putting Linux systems at risk.

AI-Powered Bug Hunters Overwhelm Linux Security List
If you're using AI tools to find bugs, make sure to go the extra mile by creating a patch and adding real value to your report, rather than just sending a superficial notice. Don't be a drive-by reporter - take the time to understand the issue and contribute meaningfully.

Linux Flaw Exposes Local Users to Root Access
A newly discovered Linux flaw, dubbed Fragnesia, allows unprivileged local users to gain root access by exploiting a weakness in the kernel's handling of shared page fragments, putting all Linux kernels released before May 13, 2026, at risk. This vulnerability can be triggered through a simple sequence of operations, making it a serious threat to Linux users.

Linux Flaw Exposes Systems to Root Privilege Attacks
A newly discovered Linux kernel vulnerability, dubbed Fragnasia, allows hackers to gain root privileges and take control of your system - and it's been hiding in plain sight in all Linux kernels released before May 13, 2026. This high-severity flaw lets unprivileged attackers write malicious code into read-only files, giving them unrestricted access to your system.

Linux Defenders Scramble to Outpace Exploit Cycle
Linux defenders are racing against the clock to outmaneuver exploiters, with one maintainer proposing a temporary "kill switch" to disable vulnerable kernel functions until a proper patch can be developed. This stopgap solution aims to buy crucial time between vulnerability discovery and patch release.

Linux Distributions Scramble to Patch Dirty Frag Kernel Vulnerabilities
A critical vulnerability known as Dirty Frag has been discovered in the Linux kernel, allowing attackers with local access to gain root privileges across major distributions. Linux distributions are now racing against the clock to patch this chained local privilege escalation flaw.

Linux Flaw Exposes Public Root Exploit With No Patches
A critical Linux vulnerability known as Dirty Frag has been exposed, leaving systems open to a public root exploit with no patches or fix available. This high-urgency flaw allows hackers to gain root access, making it essential for admins to take immediate action.

Linux 'Dirty Frag' Zero-Day Exposes Root Flaw in Major Distros
A newly discovered Linux zero-day, dubbed "Dirty Frag," allows hackers to instantly gain root access on major distributions by chaining two separate kernel vulnerabilities. This flaw enables attackers to alter protected system files in memory without authorization, putting countless systems at risk.

PCPJack Worm Targets Cloud Infrastructure, Steals Credentials
A fresh malware campaign, dubbed PCPJack, is targeting cloud infrastructure, stealing credentials and wreaking havoc on Linux-based systems with a sophisticated framework that installs hidden working directories and establishes persistence. This alarming attack bears striking similarities to earlier TeamPCP/PCPCat campaigns, raising concerns about its potential impact.

Linux Flaw Exposes Millions to Local Privilege Escalation
A critical Linux flaw, known as Copy Fail, has been discovered, exposing millions to potential local privilege escalation attacks - a vulnerability that highlights a deterministic logic error in the Linux kernel's cryptographic subsystem. This flaw, tracked as CVE-2026-31431, was publicly disclosed on April 29, 2026.

CISA Warns of Actively Exploited Linux Root Access Bug
A nine-year-old Linux kernel bug, known as Copy Fail, is being actively exploited in the wild, allowing unprivileged users to gain root access with a simple 732-byte Python-based exploit. The Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, warning of potential security risks.

cPanel flaw fuels mass Sorry ransomware attacks
A critical flaw in cPanel, tracked as CVE-2026-41940, has been exploited in a massive ransomware campaign, compromising at least 44,000 IP addresses. This alarming attack has already been used in the wild as a zero-day, with threat actors accessing control panels and wreaking havoc on web hosting systems.

AI Uncovers Nine-Year-Old Linux Kernel Zero-Day Flaw
A shocking nine-year-old flaw in the Linux kernel, dubbed "Copy Fail," allows unprivileged users to secretly alter readable files and potentially gain root access to affected systems. This vulnerability, tracked as CVE-2026-31431, has been lurking in Linux kernels since 2017, putting countless machines at risk.

VECT 2.0 Ransomware Exposes Flaw, Irreparably Destroys Large Files
Meet VECT 2.0, a malicious ransomware that doesn't just hold your files hostage - it destroys them, leaving you with no way to recover even if you pay up. This cunning malware wreaks havoc on large files across Windows, Linux, and ESXi hosts, causing irreversible damage.