#linux

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.1.0.

Artificial intelligence (AI) workloads are revolutionizing the industry, impacting healthcare, finance services, national security and autonomous systems. As part of this revolution, organizations are increasingly moving their AI workloads to the cloud, taking advantage of its scalability, flexibility and cost-effectiveness. Of course this transition to the cloud brings new challenges around data privacy, intellectual property and regulation compliance. Existing virtual machines (VMs) provide isolation between workloads, but they cannot protect workloads from privileged users and software com

### Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication. ### Patches The vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater. To determine if you are vulnerable run on your server: ```bash opkssh --version ``` If the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run: ```bash wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash ``` ### References [CVE-2025-4658](https://www.cve.org/CVERecord?id=CVE-2025-4658) The upst...

Varonis reveals attackers are using SEO poisoning to trick IT admins into downloading malware, alongside a critical root…

Security leaders must address both internal and external risks, ranging from sophisticated cyberattacks to insider threats. At the same time, they must also adhere to an ever-growing list of regulations, including the General Data Protection Regulation (GDPR), the EU Cyber Resilience Acts (CRA) and industry-specific mandates like Payment Card Industry Data Security Standard (PCI DSS) and the Digital Operational Resilience Act (DORA). Balancing these concerns requires a strategic approach that integrates security and compliance without compromising operational efficiency.External threatsCybercr

The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.

Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy "Despite appearing legitimate,

Passwords are becoming things of the past. Passkeys are more secure, easier to manage, and speed up the log in process

April Linux Patch Wednesday. Total vulnerabilities: 251. 👌 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits. For 2 vulnerabilities, exploit code with detailed explanation is available on GitHub. Both were first patched in RedOS packages: 🔸 SQL […]