Geek-Guy.com

Tag: Linux

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2022-0492 (CVSS score of 7.0) Linux Kernel Improper Authentication…

Read more →

Global Security News, Government & Policy

RSA extends passwordless authentication to Linux environments

RSA has expanded its passwordless authentication capabilities to Linux environments, advancing its goal of delivering secure, password-free access for every user in every environment. Linux is ubiquitous in enterprise infrastructure, powering servers, developer workstations, and critical operational environments across industries from financial services to government. Despite its reach, Linux users have historically been underserved by…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years

CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES. CIFSwitch stands apart from typical privilege escalation vulnerabilities because of how it was discovered. Asim Manizada, a security engineer at SpaceX, didn’t find it by auditing source code the old-fashioned way. He built an AI-powered…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. “Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a…

Read more →

AI, Cybersecurity, Global Security News

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several…

Read more →

AI, Exploits, Global Security News, Risk Management

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…

Read more →

AI, Exploits, Global Security News, Network Security

DirtyDecrypt: PoC Released for yet another Linux flaw

DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, this time with a working proof-of-concept already out in the open. The flaw was discovered and…

Read more →

AI, Exploits, Global Security News

Rocky Linux launches opt-in security repository for urgent fixes

Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are unavailable. “The repository is disabled by default. That’s intentional. The default Rocky Linux experience stays exactly what it has always been: predictable, stable, and fully…

Read more →

AI, Exploits, Global Security News, Network Security

Meet Fragnesia, the third Linux kernel vulnerability in a month

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs, head of incident response firm DigitalDefence, told CSO. “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Linux Kernel bug Fragnesia allows local root access attacks

Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access…

Read more →

AI, Global Security News

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like Dirty Frag, it affects the same Linux module (xfrm-ESP). In fact, according to Dirty Frag discoverer Hyunwoo Kim, Fragnesia…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched

Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged operators has been suggested by…

Read more →

AI, Apps, Exploits, Global Security News, malware, Network Security, Risk Management

CVE-2026-43500 and CVE-2026-43284: Dirty Frag Linux Privilege Escalation Flaw Raises Post-Compromise Risk

Linux local privilege escalation bugs remain especially dangerous when they turn a limited foothold into full root access. The CVE-2026-43500 vulnerability is the RxRPC half of the Dirty Frag exploit chain, which Microsoft says is already linked to limited in-the-wild post-compromise abuse, while Qualys describes it as a page-cache write issue that can let an…

Read more →

AI, Global Security News

Red Hat extends open source technology into space

Red Hat and Voyager Technologies announced the successful deployment of Red Hat Enterprise Linux 10.1 and Red Hat Universal Base Image (UBI) to Voyager’s LEOcloud Space Edge IaaS Micro Datacenter aboard the International Space Station (ISS). This collaboration extends a container-optimized, enterprise Linux platform into orbit, providing a more consistent and hardened operating foundation for…

Read more →

AI, Global Security News, Risk Management

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the public disclosure of two privilege escalation vulnerabilities affecting the Linux kernel. What prompted the proposal…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

New ‘Dirty Frag’ exploit targets Linux kernel for root access

A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fragment handling components, are already seeing active exploitation in the wild. The exploitation attempts look indistinguishable from the…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files between May 6 and May 7, 2026. JDownloader is a free, open-source download management application designed…

Read more →

AI, Global Security News, malware, Network Security, Risk Management

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels…

Read more →

AI, Exploits, Global Security News

Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild

Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain full root access on most major Linux distributions, including Ubuntu, RHEL, Fedora,…

Read more →

AI, Global Security News, Network Security

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX targets developers and DevOps credentials across the software supply chain,”

Read more →

AI, Cybersecurity, Exploits, Global Security News, Russia

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.” The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Recently, Xint Code researchers warned of a serious Linux…

Read more →

AI, Global Security News, malware

Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities

TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy access, persistence, and potential supply-chain attacks.

Read more →

AI, Cybersecurity, Global Security News

New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. “An unprivileged local user can write four controlled bytes into the page cache of…

Read more →

AI, Global Security News

Fedora Linux 44 ships with GNOME 50 and KDE Plasma 6.6

The Fedora Project released Fedora Linux 44, delivering updated desktop environments, revised installer behavior, and several lower-level system changes across its editions and spins. The release covers the project’s flagship editions, including Workstation, KDE Plasma Desktop, Cloud, Server, CoreOS, and IoT, alongside the Atomic Desktops lineup of Silverblue, Kinoite, Cosmic, Budgie, and Sway. Alternate spins…

Read more →

AI, Exploits, Global Security News, Risk Management

12-year-old Pack2TheRoot bug lets Linux users gain root privileges

‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users install or remove system packages without authorization, potentially gaining full root access. The vulnerability is rated high severity, CVSS score of 8.8, and has existed for nearly 12…

Read more →

AI, Global Security News

Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers

Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, codenamed Resolute Raccoon, pulls most of those threads together into a single release that will receive standard security support until April 2031. Rust moves into the system layer One of the more…

Read more →

AI, Global Security News, malware, Network Security

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the…

Read more →

AI, Global Security News, Network Security, privacy

Little Snitch for Linux shows what your apps are connecting to

Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were designed for server security rather than desktop privacy. Objective Development, the Austrian company behind the macOS firewall utility Little Snitch, released a Linux version of the tool.…

Read more →

Apps, Global Security News

Flatpak 1.16.4 fixes sandbox escape and three other security flaws

Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as CVE-2026-34078. File system exposure Two additional fixes address file system exposure on the host. CVE-2026-34079 prevents…

Read more →

Global Security News

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. “Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,

Read more →

AI, Global Security News

New Red Hat subscription simplifies long-term enterprise Linux support

Red Hat has announced Red Hat Enterprise Linux Extended Life Cycle Premium, a new subscription that provides a predictable 14-year life cycle for major Red Hat Enterprise Linux releases. This stand-alone subscription consolidates extended support, simplifying the management of multiple support streams. It helps organizations maintain their most sensitive, change-averse workloads on a single, hardened…

Read more →

AI, Global Security News

SystemRescue 13 updates its kernel to Linux 6.18 LTS, adds new recovery tools

Bootable Linux recovery environments occupy a specific niche in the systems administration and incident response toolkit. SystemRescue, an Arch-based live distribution built for repairing unbootable systems and recovering data from damaged drives, has shipped version 13.00 with a new long-term supported kernel, updated storage tools, and several additions to its command-line toolset. Kernel and storage…

Read more →

Global Security News, Network Security

Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18

Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, eight tools added to the network repositories, a kernel bump to 6.18, and several Kali NetHunter changes. 2026 theme refresh Each year’s first Kali release brings a visual overhaul, and…

Read more →

AI, Funding, Global Security News

Major tech companies invest $12.5 million in open source security

The Linux Foundation announced $12.5 million in grant funding backed by Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen open source security. The funding will be directed through the foundation’s Alpha-Omega Project and the Open Source Security Foundation (OpenSSF). The initiative aims to address long-standing gaps in how open source software is…

Read more →

AI, Funding, Global Security News

Linux Foundation secures $12.5 million to strengthen open source security and support maintainers

The Linux Foundation has announced a total of $12.5 million in grants from Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen the security of the open source software ecosystem. The funding will be managed by Alpha-Omega and the Open Source Security Foundation (OpenSSF), trusted security initiatives within the Linux Foundation, to support…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk

Security researchers at Qualys have disclosed nine vulnerabilities in AppArmor, the Linux Security Module that ships enabled by default across Ubuntu, Debian, and SUSE distributions. An unprivileged local attacker can exploit the flaws to gain full root access, break out of container isolation, and crash systems, all without requiring administrative credentials, the researchers said in…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

Unprivileged users could exploit AppArmor bugs to gain root access

Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have existed since 2017 and could allow unprivileged users to bypass protections, escalate privileges to root,…

Read more →

AI, Cybersecurity, Exploits, Global Security News

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel’s AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees. The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The

Read more →

AI, Global Security News

mquire: Open-source Linux memory forensics tool

Linux memory forensics has long depended on debug symbols tied to specific kernel versions. These symbols are not installed on production systems by default, and sourcing them from external repositories creates a recurring problem: repositories go stale, kernel builds diverge, and analysts working incident response often find no published symbols for the exact kernel they…

Read more →

AI, Global Security News, malware

REMnux v8 brings AI integration to the Linux malware analysis toolkit

REMnux, a specialized Linux distribution for malware analysis, has released version 8 with a rebuilt platform based on Ubuntu 24.04 and a new capability aimed at connecting AI agents directly to its toolset. REMnux is designed for analyzing malicious software, phishing artifacts, suspicious documents, and related forensic data. The project includes more than 200 preconfigured…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication. Researchers at Canada-based Flare Systems, who discovered the botnet, got into its staging server and believe at least 7,000 servers had been compromised by the end of January, half of them in the US. The botnet’s weapons include exploits…

Read more →

AI, Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware, Network Security

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

A new Linux botnet, SSHStalker, has infected about 7,000 systems using old 2009-era exploits, IRC bots, and mass-scanning malware. Flare researchers uncovered a previously undocumented Linux botnet dubbed SSHStalker, observed via SSH honeypots over two months. Researchers ran an SSH honeypot with weak credentials starting in early 2026 and spotted a set of intrusions unlike…

Read more →

AI, Global Security News, linux, News, open source

Linux kernel 6.19 reaches stable release, kernel 7.0 work is already underway

Development activity on the Linux kernel continues into early 2026 with the stable release of version 6.19. Kernel maintainers have completed the pre-release cycle and merged the final set of changes into the mainline tree. The release follows the ongoing weekly rhythm of code submission and testing that supports Linux’s widespread use across servers, desktops,…

Read more →

AI, Global Security News, linux, News, open source

Linux kernel 6.19 reaches stable release, kernel 7.0 work is already underway

Development activity on the Linux kernel continues into early 2026 with the stable release of version 6.19. Kernel maintainers have completed the pre-release cycle and merged the final set of changes into the mainline tree. The release follows the ongoing weekly rhythm of code submission and testing that supports Linux’s widespread use across servers, desktops,…

Read more →

AI, Apps, Breaking News, china, Endpoint, Exploits, Global Security News, hacking, malware, Mobile, Network Security, Security

DKnife toolkit abuses routers to spy and deliver malware since 2019

DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…

Read more →