#linux

### Impact This vulnerability affects all Emby Server versions - beta and stable up to the specified versions. It allows an attacker to gain full administrative access to an Emby Server (for Emby Server administration, **not at the OS level**,). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. ### Patches #### Quick Fix A quick fix will be rolled out via an update to one of the default-included Emby Server plugins. This way is chosen because many users are updating their servers manually while plugin updates are typically configured to be applied automatically. This allows to get a patch deployed to a large amount of servers within a single day. #### Server Patches Patched versions for both, Emby Server stable and Emby Server beta are available now. **All Emby Server owners are strongly encouraged to apply those updates as soon as possible.** ### Workarounds > [!NOTE] > These workarounds are OBSOLETE now. Please update E...

It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers

CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks.

## Summary Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation. Attestable AMIs are based on the systemd Unified Kernel Image (UKI) concept which uses systemd-boot to create a single measured UEFI binary from a Linux kernel, its initramfs, and kernel command line. The embedded kernel command line contains a dm-verity hash value that establishes trust in the root file system. When UEFI Secure Boot is disabled, systemd-boot appends any command line it receives to the kernel command line. Account operators with the ability to modify UefiData can install a boot variable with a command line that deactivates root file system integrity validation, while preserving the original PCR4 value. Systemd-boot provides separate measurement of command line modifications in PCR12. ## Impact In line with the TPM 2.0 specification and systemd-stub logic, KMS policies that do not inc...

Google has pushed out a Chrome update with 13 security fixes, including a high-severity flaw in Digital Credentials.

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical yETH Exploit Used to Steal $9M

Twenty-eight percent of businesses surveyed in the recent SP Global Market Intelligence 451 Research report, “The value of a unified automation platform,” responded that their company uses 50-100+ tools that don’t seamlessly integrate. This widespread adoption of disparate solutions, often driven by a "do it yourself" mentality, can lead to overwhelming tool sprawl. The resulting lack of interoperability directly hinders innovation, fragments data insights, and ultimately undermines the effective delivery of AI solutions.As automation and AI become increasingly interdependent, systems mu

IT teams are stuck between wanting to implement AI solutions across their organizations and dealing with the messy reality of increasingly complex infrastructure. Many are attempting to build their own automation solutions, cobbling together a patchwork of tools that, while well-intentioned, can actually make things worse. Red Hat dug into this with SP Global Market Intelligence 451 Research, and their findings point to a simpler alternative: use a unified platform instead of patchworking tools together.The DIY dilemma: More tools, more problemsMost teams are drowning in tools, often ending up

The Center for Internet Security® (CIS®) has officially published guidance for hardening Red Hat OpenShift Virtualization.The official publication of the new CIS Benchmark® for Red Hat OpenShift Virtualization is an important development for organizations running traditional virtual machines (VMs) alongside modern containers. OpenShift Virtualization is a feature of Red Hat OpenShift that allows existing VM-based workloads to run directly on the platform. This globally recognized, consensus-driven benchmark provides recommendations for creating a security-focused configuration for those env

## Summary Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized ## Details By default Workspace Agent logs are redirected to [stderr](https://linux.die.net/man/3/stderr) https://github.com/coder/coder/blob/a8862be546f347c59201e2219d917e28121c0edb/cli/agent.go#L432-L439 [Workspace Agent Manifests](https://coder.com/docs/reference/agent-api/schemas#agentsdkmanifest) containing sensitive environment variables were logged insecurely https://github.com/coder/coder/blob/7beb95fd56d2f790502e236b64906f8eefb969bd/agent/agent.go#L1090 An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system ([SIEM](https://csrc.nist.gov/glossary/term/security_information_and_event_management_tool), logging stack) could access those logs This behavior opened room for unauthorized access and privilege escalation ## Impact Impact varies depending on the environment variables set in a given workspace ## Patches [Fix](https://g...