serisec

Category: Linux

  • Microsoft’s Coreutils project brings Linux commands to Windows

    Microsoft’s Coreutils project brings Linux commands to Windows Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. […] Lawrence Abrams Go to bleepingcomputer

  • New CIFSwitch Linux flaw gives root on multiple distributions

    New CIFSwitch Linux flaw gives root on multiple distributions A newly discovered local privilege escalation vulnerability dubbed ‘CIFSwitch’ in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel’s key request mechanism, and gain root privileges. […] Bill Toulas Go to bleepingcomputer

  • Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys

    Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, exposes a serious local privilege escalation flaw that has remained undetected for nearly nine years. Security researchers at the Qualys Threat Research Unit (TRU) revealed that the issue allows attackers to exfiltrate sensitive data, including SSH…

  • Exploit available for new DirtyDecrypt Linux root escalation flaw

    Exploit available for new DirtyDecrypt Linux root escalation flaw A recently patched local privilege escalation vulnerability in the Linux kernel’s rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. […] Sergiu Gatlan Go to bleepingcomputer

  • Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2

    Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2 Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems. Security researchers demonstrated real-world attack scenarios…

  • JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers

    JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers A widely used download manager trusted by millions has briefly turned into a malware delivery platform after attackers compromised the official JDownloader website, replacing legitimate installers with malicious versions targeting both Windows and Linux users. The incident, confirmed by developers and security researchers, occurred between…

  • Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

    Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own ​During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. […] Sergiu Gatlan Go to bleepingcomputer

  • Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords

    Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, including SSH private keys and password hashes, on affected systems. Tracked as CVE-2026-46333, the flaw has been nicknamed “ssh-keysign-pwn” and impacts a wide range…

  • Copy.Fail Linux Vulnerability

    Copy.Fail Linux Vulnerability This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight…

  • New Linux ‘Dirty Frag’ zero-day gives root on all major distros

    New Linux ‘Dirty Frag’ zero-day gives root on all major distros A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. […] Sergiu Gatlan Go to bleepingcomputer

  • Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

    Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them. Meanwhile, the IT press…

  • New stealthy Quasar Linux malware targets software developers

    New stealthy Quasar Linux malware targets software developers A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers’ systems with a mix of rootkit, backdoor, and credential-stealing capabilities. […] Bill Toulas Go to bleepingcomputer

  • Linux ELF Malware Generator Evades ML Detection With Semantic-Preserving Changes

    Linux ELF Malware Generator Evades ML Detection With Semantic-Preserving Changes Researchers from the Czech Technical University in Prague have developed a new adversarial malware generator targeting Linux ELF binaries. It achieves a 67.74% evasion rate against ML-based malware detectors while keeping the payload fully functional. Published on arXiv on April 24, 2026, the study by…

  • New GoGra malware for Linux uses Microsoft Graph API for comms

    New GoGra malware for Linux uses Microsoft Graph API for comms A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. […] Bill Toulas Go to bleepingcomputer

  • DKnife Linux toolkit hijacks router traffic to spy, deliver malware

    DKnife Linux toolkit hijacks router traffic to spy, deliver malware A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. […] Bill Toulas Go to bleepingcomputer

  • New VoidLink malware framework targets Linux cloud servers

    New VoidLink malware framework targets Linux cloud servers A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. […] Bill Toulas Go to bleepingcomputer

  • Linux Battery Utility Flaw Lets Hackers Bypass Authentication and Tamper System Settings

    Linux Battery Utility Flaw Lets Hackers Bypass Authentication and Tamper System Settings A critical security vulnerability has been discovered in TLP, a widely used Linux laptop battery optimization utility, allowing local attackers to bypass authentication controls and manipulate system power settings without authorization. Security researchers from openSUSE identified a severe authentication bypass flaw in the…

  • Top 10 Best Open Source Firewall in 2026

    Top 10 Best Open Source Firewall in 2026 An open-source firewall provides network security by monitoring and controlling traffic based on predefined rules, offering transparency, flexibility, and cost savings through accessible source code that users can modify to suit specific needs. These firewalls function through essential mechanisms like traffic monitoring to analyze incoming and outgoing…

  • Kali Linux 2025.4 released with 3 new tools, desktop updates

    Kali Linux 2025.4 released with 3 new tools, desktop updates Kali Linux has released version 2025.4, its final update of the year, introducing three new hacking tools, desktop environment improvements, the preview of Wifipumpkin3 in NetHunter, and enhanced Wayland support. […] Lawrence Abrams Go to bleepingcomputer

  • Rust-Based Luca Stealer Spreads Across Linux and Windows Systems

    Rust-Based Luca Stealer Spreads Across Linux and Windows Systems Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious code for both Linux and Windows with minimal modifications. Among the emerging threats in this landscape…

  • CISA warns of critical CentOS Web Panel bug exploited in attacks

    CISA warns of critical CentOS Web Panel bug exploited in attacks The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). […] Bill Toulas Go to bleepingcomputer

  • Linux Kernel ksmbd Filesystem Vulnerability Exploited – PoC Released

    Linux Kernel ksmbd Filesystem Vulnerability Exploited – PoC Released Security researchers have released a full proof-of-concept (PoC) exploit for a high-severity vulnerability in the Linux kernel’s ksmbd module, demonstrating a reliable path to local privilege escalation. The vulnerability, tracked as CVE-2025-37947, is an out-of-bounds write that can be leveraged by an authenticated local attacker to…

  • New Technique Uncovered To Exploit Linux Kernel Use-After-Free Vulnerability

    New Technique Uncovered To Exploit Linux Kernel Use-After-Free Vulnerability A new technique to exploit a complex use-after-free (UAF) vulnerability in the Linux kernel successfully bypasses modern security mitigations to gain root privileges. The method targets CVE-2024-50264, a difficult-to-exploit race condition bug in the AF_VSOCK subsystem that was recognized with a Pwnie Award for its complexity. The vulnerability,…

  • New ‘Sindoor Dropper’ Malware Targets Linux Systems with Weaponized .desktop Files

    New ‘Sindoor Dropper’ Malware Targets Linux Systems with Weaponized .desktop Files A new malware campaign, dubbed “Sindoor Dropper,” is targeting Linux systems using sophisticated spear-phishing techniques and a multi-stage infection chain. The campaign leverages lures themed around the recent India-Pakistan conflict, known as Operation Sindoor, to entice victims into executing malicious files. This activity’s standout…

  • Docker Hub still hosts dozens of Linux images with the XZ backdoor

    Docker Hub still hosts dozens of Linux images with the XZ backdoor The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. […] Bill Toulas Go to bleepingcomputer

  • New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature

    New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature A critical vulnerability in the Linux kernel, identified as CVE-2025-38236, has exposed a flaw that could allow attackers to escalate privileges from within the Chrome renderer sandbox on Linux systems.  Google Project Zero researcher Jann Horn discovered the bug affects…

  • New Koske Linux malware hides in cute panda images

    New Koske Linux malware hides in cute panda images A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. […] Bill Toulas Go to bleepingcomputer

  • Intel announces end of Clear Linux OS project, archives GitHub repos

    Intel announces end of Clear Linux OS project, archives GitHub repos The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. […] Bill Toulas Go to bleepingcomputer

  • Arch Linux pulls AUR packages that installed Chaos RAT malware

    Arch Linux pulls AUR packages that installed Chaos RAT malware Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. […] Lawrence Abrams Go to bleepingcomputer

  • New Linux udisks flaw lets attackers get root on major Linux distros

    New Linux udisks flaw lets attackers get root on major Linux distros Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. […] Sergiu Gatlan Go to bleepingcomputer

  • CISA Warns of Linux Kernel Improper Ownership Management Vulnerability Exploited in Attacks

    CISA Warns of Linux Kernel Improper Ownership Management Vulnerability Exploited in Attacks CISA has added a critical Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that CVE-2023-0386 is being actively exploited in real-world attacks.  This improper ownership management flaw in the Linux kernel’s OverlayFS subsystem allows local attackers to escalate privileges through…

  • New Linux Vulnerabilities

    New Linux Vulnerabilities They’re interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. […] “This means that if a local attacker manages…

  • glibc Vulnerability Exposes Millions of Linux Systems to Code Execution Attacks

    glibc Vulnerability Exposes Millions of Linux Systems to Code Execution Attacks A critical vulnerability in the GNU C Library (glibc), potentially exposing millions of Linux systems to local privilege escalation attacks.  Tracked as CVE-2025-4802 and publicly disclosed on May 16, 2025, this vulnerability could allow attackers to execute arbitrary code by manipulating the LD_LIBRARY_PATH environment…

  • Hackers now testing ClickFix attacks against Linux targets

    Hackers now testing ClickFix attacks against Linux targets A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. […] Bill Toulas Go to bleepingcomputer

  • PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability

    PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability A critical Proof-of-Concept (PoC) exploit has been released for a significant vulnerability in the Linux kernel’s nftables subsystem, tracked as CVE-2024-26809.  This flaw, rooted in the kernel’s netfilter infrastructure, exposes affected systems to local privilege escalation through a sophisticated double-free attack.  Security researchers, including the user…

  • Kali Linux warns of update failures after losing repo signing key

    Kali Linux warns of update failures after losing repo signing key ​Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. […] Sergiu Gatlan Go to bleepingcomputer

  • New Linux Rootkit

    New Linux Rootkit Interesting: The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls,…

  • Phishers abuse Google OAuth to spoof Google in DKIM replay attack

    Phishers abuse Google OAuth to spoof Google in DKIM replay attack In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins. […] Ionut Ilascu Go to bleepingcomputer

  • Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

    Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. […] Bill Toulas Go to bleepingcomputer

  • New Ubuntu Linux security bypasses require manual mitigations

    New Ubuntu Linux security bypasses require manual mitigations Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. […] Bill Toulas Go to bleepingcomputer

  • Kali Linux 2025.1a released with 1 new tool, annual theme refresh

    Kali Linux 2025.1a released with 1 new tool, annual theme refresh Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh. […] Lawrence Abrams Go to bleepingcomputer

  • Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware

    Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware A cybersecurity researcher has successfully broken the encryption used by the Linux/ESXI variant of the Akira ransomware, enabling data recovery without paying the ransom demand.  The breakthrough exploits a critical weakness in the ransomware’s encryption methodology. According to the researcher, the malware uses the current time in…

  • Parrot 6.3 Released With Improved Security & New Hacking Tools

    Parrot 6.3 Released With Improved Security & New Hacking Tools ParrotOS, the cybersecurity-focused Linux distribution, has recently released its latest update, Parrot 6.3, which includes a number of new features, performance improvements, and updated tools to enhance the user experience. This release is designed to make ParrotOS faster, more stable, and even more secure for…

  • Akira’s New Linux Ransomware Attacking VMware ESXi Servers

    Akira’s New Linux Ransomware Attacking VMware ESXi Servers The Akira ransomware group, a prominent player in the Ransomware-as-a-Service (RaaS) domain since March 2023, has intensified its operations with a new Linux variant targeting VMware ESXi servers. Initially focused on Windows systems, Akira expanded its scope in April 2023 by deploying a Linux-based encryptor specifically designed…

  • Kali Linux 2024.4 released with 14 new tools, deprecates some features

    Kali Linux 2024.4 released with 14 new tools, deprecates some features Kali Linux has released version 2024.4, the fourth and final version of 2024, and it is now available with fourteen new tools, numerous improvements, and deprecates some features. […] Lawrence Abrams Go to bleepingcomputer

  • New stealthy Pumakit Linux rootkit malware spotted in the wild

    New stealthy Pumakit Linux rootkit malware spotted in the wild A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. […] Bill Toulas Go to bleepingcomputer