Homebrew 6.0 released with new security mechanism, Linux sandbox and more
Homebrew was "less vulnerable 10 years ago than npm is today," project lead tells us
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Homebrew was "less vulnerable 10 years ago than npm is today," project lead tells us
Patches land for authencesn flaw enabling local privilege escalation Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw.…
One way to deal with bug hunting LLMs: ditch the old drivers One tactic to deal with LLM-powered vulnerability detection is simple – just speed up the removal of old code. If it's gone, it no longer matters if it's buggy.…
The goal of 'oxidizing' the Linux distro hits another bump Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.…
Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.…
Update now: Qualys says vulnerabilities give root and are 'easily exploitable' Researchers at Qualys refuse to release exploit code for five bugs in Ubuntu Server's needrestart utility that allow unprivileged attackers to gain root access without any user interaction.…
No patches yet, can be mitigated, requires user interaction Final update After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.…
Issue has been around since at least 2012 A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe.…
One-click exploit could potentially affect most major distros Researchers discovered a high-severity remote code execution (RCE) vulnerability in an inherent component of GNOME-based Linux distros, potentially impacting a huge number of users.…
Kernel 6.2 ditched a useful defense against ghostly chip design flaw The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.…
Also, script kiddies are coming for your gift cards, and Meta's Cambridge Analytica pathetic payout Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. …
Sysrv-K malware infects unpatched tin, Microsoft warns The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft.…
On a plus side, their code's not very good A new Linux botnet is using the infamous Log4j vulnerability to install rootkits and steal data.…