SprySOCKS Backdoor Expands From Linux to Windows
China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands
Linux is an open-source operating system used across servers and devices, so kernel, distribution, and software vulnerabilities can affect deployed systems.
Search across headline titles and summaries.
Background for this topic.
Linux is an open-source operating-system kernel: privileged software that manages hardware, memory, processes, filesystems, and networking. Most deployments use it through a distribution that adds user-space tools, package managers, libraries, and an update policy. This distinction matters in security reporting: a kernel flaw, a distribution-package flaw, and a flaw in an application running on Linux may have different affected versions and fixes.
Material attack surfaces include kernel code, loadable modules and device drivers, network services, local privilege boundaries, and third-party packages. Vulnerabilities can enable denial of service, information disclosure, or escalation from an unprivileged account to root, depending on configuration and exploitability. Administrators should track upstream and distribution advisories, apply security updates, and reboot when a running kernel remains vulnerable. Mandatory access-control systems such as SELinux or AppArmor can restrict compromised processes; signed repositories, audit logs, and tested configuration baselines support package integrity and investigation. Open source does not itself guarantee security: exposure depends on code, configuration, maintenance, and the surrounding software stack.
Weekly headline count for the current query.
China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally
New Fragnesia kernel flaw lets unprivileged local users escalate to root on Linux systems
Two new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributions
A researcher from offensive security firm Theori has found a nine-year-old flaw in the Linux kernel with the help of AI
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds
Sophisticated malware previously thought to be the work of a well-resourced cyber-crime group was built by one person - with the aid of AI tools
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet
Detected by Check Point researchers, VoidLink is a sophisticated malware framework that can be used to implant malware in the most common cloud environments
The GoBruteforcer botnet has been observed targeting exposed Linux servers on services like FTP and MySQL
Trend Micro have reported a campaign exploiting a flaw in Cisco SNMP to install Linux rootkits on devices
Red Canary observed the novel tactic in a cluster of activity targeting a legacy vulnerability to access cloud-based Linux systems
Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324
Two elevation of privilege vulnerabilities have been discovered on the popular Sudo utility, affecting 30-50 million endpoints in the US alone
Two critical Linux flaws allow unprivileged users to gain root access, affecting major distributions
Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers
A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft
Researchers discovered over 3000 Linux vulnerabilities in 2024, the most of any category