SecurityWeek

19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access

Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. A vulnerability that lurked in the ...

New CIFSwitch Linux flaw gives root on multiple distributions

A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request ...
Hackaday

Linux Fu: Fake Webcams Have Many Uses

Dealing with text streams is a fundamental skill for the Linux power user. You can sort, merge, and search text files easily ...

Another major Linux security flaw revealed — nine-year old issue could spell disaster for users

Qualys discloses CVE‑2026‑46333, a Linux flaw present since 2016 which lets unprivileged users briefly hijack privileged ...
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And More Linux Vulnerabilities

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

The Flipper One is the Linux cyberdeck I wish my Raspberry Pi could be

If you love your Flipper Zero, you're really going to dig the new Flipper On, which runs on Linux and can do so much more.
Tech Xplore

Crashes with consequences: Serial code-reuse attack SFOP breaks Intel CET in Linux

A code-reuse attack named "Segmentation Fault Oriented Programming (SFOP)" exploits weaknesses in signal handling and Intel ...
InfoQ

Kernel-Level Ground Truth: Why eBPF is Replacing User-Space Agents for Security Observability

BPF is emerging as a preferred method for security observability over traditional user-space agents. By attaching probes ...

'Almost entirely unmanageable': Linus Torvalds says AI bug hunters have ruined Linux security mailing list

The Linux security mailing list is now “almost entirely unmanageable”, since researchers started using Artificial ...
The Hacker News

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a ...
The Hacker News

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being ...