New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems
A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by republishing trusted packages. Discover how the attack works, what data is at risk, and the steps you can take to protect your organization. The post Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign appeared first on Microsoft Security Blog.
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. [...]
28,000 Customers, Including Banks and US Government Agencies, Appear to Be AffectedCommercial Linux distribution producer Red Hat has issued a security alert warning that attackers stole customer data from its consulting arm's GitLab instance. The hacking group, Crimson Collective, claims to have stolen one terabyte of data pertaining to 28,000 customers.
A threat actor claimed 28,000 private repositories had been compromised, and the Linux software maker said it had "initiated necessary remediation steps."
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU)
Race-Condition Bugs in Ubuntu and Red Hat Tools Could Leak Sensitive Memory DataHackers could exploit a tool that stores crashed system data in older Linux operating systems to obtain passwords and encryption keys, warn researchers. The flaw lies in the way certain Linux distributions, including Ubuntu, Red Hat, and Fedora, handle application crashes.
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. [...]
On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox. [...]
Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. [...]
Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES Red Hat on Friday warned that a malicious backdoor found in the widely used data compression library called xz may be present in Fedora Linux 40, 41, and in the Fedora Rawhide developer distribution.…
Today, Red Hat warned users to immediately stop using systems running Fedora development versions because of a backdoor found in the latest XZ data compression tools and libraries. [...]
How Red Hat turns an open source entity into overt enterprise security Webinar Linux has come a long way from the early days of 1991 when the Linux kernel grew out of a student project.…
Keeping on top of Linux enterprise security requirements Webinar If there was a tablet of stone inscribed with ten commandments for the fundamental requirements of an operating environment, the first would almost certainly be 'thou shalt have security and stability.'…
The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.