-
Docker Hub still hosts dozens of Linux images with the XZ backdoor
The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk.
- August 12, 2025
- 02:43 PM
0
-
Red Hat warns of backdoor in XZ tools used by most Linux distros
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
- March 29, 2024
- 01:50 PM
2
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
New Linux glibc flaw lets attackers get root on major distros
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
- January 30, 2024
- 06:06 PM
- 4
-
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
- October 05, 2023
- 03:44 PM
- 0
-
New 'Looney Tunables' Linux bug gives root on major distros
A new Linux vulnerability, known as 'Looney Tunables' and tracked as CVE-2023-4911, enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader.
- October 03, 2023
- 04:36 PM
- 0
-
New malware uses Windows Subsystem for Linux for stealthy attacks
Security researchers have discovered malicious Linux binaries created for the Windows Subsystem for Linux (WSL), indicating that hackers are trying out new methods to compromise Windows machines.
- September 16, 2021
- 01:33 PM
- 0
-
Microsoft Linux repos suffer day-long outage, still recovering
This week, Microsoft's Linux package repositories have been suffering hours-to-day long outages or performance issues.
- June 18, 2021
- 04:41 AM
- 0
-
New Linux SUDO flaw lets local users gain root privileges
A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication.
- January 26, 2021
- 02:39 PM
- 4
-
Microsoft Edge for Linux released, how to install
Microsoft's Chromium-based Edge was first released in January to Windows consumers and enterprises, and it was later released to macOS users. Edge is already available on Android and iOS, and now Linux users can finally get a taste of Microsoft's new browser.
- October 20, 2020
- 05:08 PM
- 4
-
New Linux Vulnerability Lets Attackers Hijack VPN Connections
Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.
- December 05, 2019
- 02:47 PM
- 5
-
Remote Code Execution Bug Patched in APT Linux Package Manager
A remote code execution bug was discovered by security contractor Max Justicz in the APT high level package manager used by Debian, Ubuntu, and other related Linux distributions. The bug has been fixed today in the latest versions of APT.
- January 22, 2019
- 11:48 AM
- 1
-
Linux systemd Affected by Memory Corruption Vulnerabilities, No Patches Yet
Security researchers have disclosed three vulnerabilities that affect a system service part of 'systemd,' a core component in Linux that manages system processes after the boot process.
- January 10, 2019
- 12:08 PM
- 1
-
Microsoft Fixes Faulty Debian Package That Messed With Users' Settings
Microsoft fixed yesterday a faulty Debian package that was messing with users' OS settings during its installation routine. The faulty package that was causing all the problems was Open R v3.5. Open R is an enhanced version of the R programming language maintained by Microsoft.
- June 14, 2018
- 12:30 AM
- 0
-
Linux: Beep Command Can Be Used to Probe for the Presence of Sensitive Files
A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccesible.
- April 09, 2018
- 06:46 PM
- 2
-
Debian GNU/Linux Now Available for WSL In The Windows Store
Lately Microsoft has been pushing out new Linux distributions for the Windows Subsystem For Linux (WSL) lately. First, Kali Linux was released earlier this week and now Microsoft adds Debian GNU/Linux to the Windows Store.
- March 07, 2018
- 11:56 AM
- 2
-
Achilles, Aeris, and SeaPea Are 3 CIA Tools for Hacking Mac and POSIX Systems
Today, Wikileaks published more documents part of its Vault 7 CIA exposé series, revealing new manuals for three tools named Achilles, Aeris, and SeaPea, part of a larger CIA project named Imperial.
- July 27, 2017
- 06:45 PM
- 0
-
Epic Fail: Linux Encryption App Cryptkeeper Has Universal Password: 'p'
A data encryption app for Linux users named Cryptkeeper has a bug that allows anyone to decrypt locked content using the password "p".
- January 31, 2017
- 02:15 PM
- 1
