Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
313 Team tells Canonical: pay up or the packets keep coming
Ubuntu is a Linux distribution whose security advisories, vulnerabilities, and package ecosystem affect systems running its desktop, server, and cloud editions.
Search across headline titles and summaries.
Background for this topic.
Ubuntu is a Debian-based Linux distribution used on desktops, servers, cloud systems, and as a base for container images. Its security relevance comes from the large set of kernel, system, and application packages distributed through its repositories, as well as Ubuntu-specific advisories and fixes. Vulnerabilities in those components can affect many deployments, while the release and support model determines whether patches remain available.
Security work commonly includes tracking Ubuntu Security Notices, keeping the operating system and installed packages within their supported release window, and rebuilding systems or container images when vulnerable packages are fixed. The default package repositories use signed metadata, but software from third-party repositories or manual installations requires separate trust and update controls. Ubuntu also supports controls such as AppArmor, firewall configuration, disk encryption, and least-privilege service accounts; their effectiveness depends on deployment and configuration. Long Term Support releases provide a longer, defined maintenance period, making lifecycle planning important for vulnerability management and incident response.
Weekly headline count for the current query.
313 Team tells Canonical: pay up or the packets keep coming
313 Team tells Canonical: pay up or the packets keep coming Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant.…
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level
The goal of 'oxidizing' the Linux distro hits another bump Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.…
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU)
Race-Condition Bugs in Ubuntu and Red Hat Tools Could Leak Sensitive Memory DataHackers could exploit a tool that stores crashed system data in older Linux operating systems to obtain passwords and encryption keys, warn researchers. The flaw lies in the way certain Linux distributions, including Ubuntu, Red Hat, and Fedora, handle application crashes.
Ubuntu 25.10 fitted with Rust-written admin tool by default for memory safety's sake Canonical's Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default – part of a push to cut memory-related security bugs and lock down core system components.…
Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. [...]
Update now: Qualys says vulnerabilities give root and are 'easily exploitable' Researchers at Qualys refuse to release exploit code for five bugs in Ubuntu Server's needrestart utility that allow unprivileged attackers to gain root access without any user interaction.…
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...]
Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction
Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. [...]
In happier news, Ubuntu Pro extended support now goes up to 12 years After multiple waves of cryptocurrency credential-stealing apps were uploaded to the Snap store, Canonical is changing its policies.…
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. [...]
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. [...]
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system
Ubuntu, the most popular Linux distribution, has pulled its Desktop release 23.10 after its Ukrainian translations were discovered to contain hate speech. According to the Ubuntu project, a malicious contributor is behind anti-Semitic, homophobic, and xenophobic slurs that were injected into the distro via a "third party tool." [...]