Stay updated on Linux security: Get the latest tips, vulnerabilities, patches, and best practices in the Linux cybersecurity landscape.
Search across headline titles and summaries.
Background for this topic.
Linux is a popular open-source operating system kernel that is at the core of various Linux distributions, such as Ubuntu, Debian, Fedora, and Red Hat. It's known for its robustness, stability, and flexibility, making it a preferred platform for servers, desktops, and embedded systems alike.
In the context of information security, Linux is highly regarded due to its strong security model and active community support. The kernel's design separates privileges, ensuring that only authorized users can access sensitive operations or files. This, combined with a wide array of customizable security features, such as AppArmor, SELinux, and extensive logging capabilities, allows for thorough monitoring and control over system activities.
Security patches and updates are regularly released by the community and distribution maintainers, addressing vulnerabilities swiftly. Moreover, Linux's source code transparency allows security researchers and developers to inspect and verify the integrity of the system, contributing to its overall security strength. Many tools essential to cybersecurity professionals, such as packet sniffers, network analyzers, and intrusion detection systems, are readily available and often originated within the Linux ecosystem.
Weekly headline count for the current query.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw added to the catalog, tracked […]
A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by republishing trusted packages. Discover how the attack works, what data is at risk, and the steps you can take to protect your organization. The post Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign appeared first on Microsoft Security Blog.
Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. [...]
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm
Monday hit like a cron job with anger issues
CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES. CIFSwitch stands apart from typical privilege escalation vulnerabilities because of how it was discovered. Asim Manizada, a security engineer at SpaceX, didn’t find it by auditing source code the old-fashioned way. He built an AI-powered […]
A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]
Monday recap. Same mess, new week
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL
Dirty Frag, Copy Fail, and Fragesia show the new reality
Or is it just life today, with AI constantly digging through code repositories in search of security holes?
Researchers Trace Linux and Windows Toolsets to Suspected PRC Espionage ActivityNewly discovered malware tied to China-linked actors breached telecom providers across Asia and the Middle East, highlighting growing efforts to gain persistent access into interconnected communications infrastructure.
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor attempted Kerberos relay and lateral movement, and how Microsoft Defender detected, blocked, and unraveled the attack. The post From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence appeared first on Microsoft Security Blog.
Also, YellowKey Gets CVE, 7-Eleven Breach, Linux Maintainers Warn on AI Bug SpamThis week, more incidents than we can list here. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge to stop loading passwords in plaintext. Tycoon 2FA offers a way around Microsoft multifactor. Convenience, taquitos and data breach: The 7-Eleven story. A MENA crackdown.
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. [...]
"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally