APT36 hackers abuse Linux .desktop files to install malware
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. [...]
Linux is an open-source operating system used across servers and devices, so kernel, distribution, and software vulnerabilities can affect deployed systems.
Search across headline titles and summaries.
Background for this topic.
Linux is an open-source operating-system kernel: privileged software that manages hardware, memory, processes, filesystems, and networking. Most deployments use it through a distribution that adds user-space tools, package managers, libraries, and an update policy. This distinction matters in security reporting: a kernel flaw, a distribution-package flaw, and a flaw in an application running on Linux may have different affected versions and fixes.
Material attack surfaces include kernel code, loadable modules and device drivers, network services, local privilege boundaries, and third-party packages. Vulnerabilities can enable denial of service, information disclosure, or escalation from an unprivileged account to root, depending on configuration and exploitability. Administrators should track upstream and distribution advisories, apply security updates, and reboot when a running kernel remains vulnerable. Mandatory access-control systems such as SELinux or AppArmor can restrict compromised processes; signed repositories, audit logs, and tested configuration baselines support package integrity and investigation. Open source does not itself guarantee security: exposure depends on code, configuration, maintenance, and the surrounding software stack.
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. [...]
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell
Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.…
The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.
Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper
Red Canary observed the novel tactic in a cluster of activity targeting a legacy vulnerability to access cloud-based Linux systems
An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.