https://linuxsecurity.com/ The central voice for Linux and Open Source security news. en-us 1999-2026 Guardian Digital, Inc. All rights reserved dave@linuxsecurity.com (Dave Wreski) Mon, 18 May 2026 16:58:06 +0000 Mon, 18 May 2026 16:58:06 +0000 generate_indexes_v30.php http://blogs.law.harvard.edu/tech/rss 20 https://linuxsecurity.com/features/linux-log-analysis https://linuxsecurity.com/features/linux-log-analysis Fri, 24 Apr 2026 11:00:46 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/rubygems-attack-linux-supply-chain-risk https://linuxsecurity.com/features/rubygems-attack-linux-supply-chain-risk RubyGems temporarily suspended new account registrations this week after threat actors pushed hundreds of malicious packages into the Ruby package ecosystem. At first glance, that may sound like a Ruby-specific problem. It is not. Thu, 14 May 2026 08:02:46 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-container-visibility-blind-spots https://linuxsecurity.com/features/linux-container-visibility-blind-spots An attacker compromises a Linux container, launches a cryptominer, sets up a way to stay in the system through a background task, and disappears before the investigation even begins. By the time analysts start looking at the logs, the workload has shut down, and the container no longer exists. Thu, 14 May 2026 11:51:29 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/fragnesia-linux-privilege-escalation https://linuxsecurity.com/features/fragnesia-linux-privilege-escalation Linux administrators are once again dealing with a familiar problem: a local Linux foothold that can potentially become full root access. Thu, 14 May 2026 11:32:27 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/supply-chain-attacks-ci-cd-security https://linuxsecurity.com/features/supply-chain-attacks-ci-cd-security For years, software security discussions centered on vulnerable code. A bug inside an application could expose a workstation, production server, or cloud workload, so most supply chain conversations focused on malicious packages, outdated dependencies, and exploitable libraries buried somewhere inside the stack. That is no longer the main problem. Thu, 14 May 2026 08:01:57 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/red-hat-krb5-security-update https://linuxsecurity.com/features/red-hat-krb5-security-update Red Hat released an Important krb5 security update for Red Hat Enterprise Linux 8 this week, addressing two vulnerabilities tracked as CVE-2026-40355 and CVE-2026-40356. On paper, it looks like another Linux package advisory. Thu, 14 May 2026 07:40:33 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/runtime-monitoring-ebpf-linux-security https://linuxsecurity.com/features/runtime-monitoring-ebpf-linux-security The problem is not necessarily a lack of security tools. Modern Linux infrastructure changes so quickly that maintaining consistent visibility has become one of the hardest operational problems in cloud security. Tue, 12 May 2026 14:18:36 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/debian-reproducible-builds https://linuxsecurity.com/features/debian-reproducible-builds Debian 14 “Forky” will begin blocking packages that fail reproducibility checks, marking a major shift in how Linux distributions verify software integrity. Tue, 12 May 2026 13:57:07 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/a-complete-guide-to-torrenting-safely-in-2022 https://linuxsecurity.com/features/a-complete-guide-to-torrenting-safely-in-2022 Peer-to-peer (P2P) torrenting users risk downloading malware, accessing unauthorized content, and having their computers infected with viruses, which could limit their online connection and lead to severe repercussions. Mon, 27 Nov 2023 12:00:57 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/why-linux-servers-get-hacked https://linuxsecurity.com/features/why-linux-servers-get-hacked Linux runs a massive part of the internet. Cloud platforms, databases, containers, web hosting, APIs, and internal business infrastructure all depend heavily on Linux systems. Most people interact with Linux-backed services every day without realizing it. That popularity also makes Linux server security a constant concern. Mon, 11 May 2026 14:07:42 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-runtime-killswitch https://linuxsecurity.com/features/linux-runtime-killswitch Linux administrators often face an ugly choice during major kernel vulnerabilities: reboot critical systems immediately or leave exploitable code running in production while waiting for a maintenance window. Mon, 11 May 2026 13:42:37 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/why-linux-detection-is-getting-harder https://linuxsecurity.com/features/why-linux-detection-is-getting-harder A lot of Linux attacks now look like normal admin activity. Attackers use SSH, cron, curl, systemd, cloud scripts, and other trusted tools that defenders already expect to see running across production systems. Fri, 08 May 2026 14:06:12 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/dirty-frag-linux-zero-day-root-access https://linuxsecurity.com/features/dirty-frag-linux-zero-day-root-access Just weeks after Linux defenders began responding to Copy Fail, researchers have disclosed another serious privilege escalation vulnerability that can deliver reliable root access on major distributions.  Fri, 08 May 2026 13:30:09 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/kubernetes-security-misconfigurations https://linuxsecurity.com/features/kubernetes-security-misconfigurations Container security has long carried a reputation for resilience, but attackers have increasingly shifted their focus toward something easier to exploit: the Kubernetes environments surrounding the containers themselves. Thu, 07 May 2026 17:16:45 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/crackarmor-apparmor-vulnerabilities-linux-containers https://linuxsecurity.com/features/crackarmor-apparmor-vulnerabilities-linux-containers Linux administrators rely on AppArmor to contain compromised applications. If a browser, container, or Snap package is exploited, the profile is supposed to limit what that process can touch on the host. This mechanism is the backbone of Linux container isolation. Thu, 07 May 2026 14:12:11 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/open-source-supply-chain-attacks-linux https://linuxsecurity.com/features/open-source-supply-chain-attacks-linux Linux has long carried a reputation for resilience, bolstered by open-source reviews, hardened kernels, and transparent development pipelines. While that trust is well-founded, attackers have shifted their focus to a more vulnerable target: the surrounding software supply chain. Wed, 06 May 2026 16:26:25 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/wireshark-4-6-5-vulnerabilities-rce-linux https://linuxsecurity.com/features/wireshark-4-6-5-vulnerabilities-rce-linux Wireshark is one of those tools Linux teams quietly depend on everywhere: SOC pipelines, packet capture nodes, incident response systems, and long-running forensic environments. That’s what makes the newly disclosed vulnerabilities in Wireshark 4.6.5 more serious than a routine software update. Wed, 06 May 2026 14:04:30 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/hidden-security-risks-of-open-source-ai https://linuxsecurity.com/features/hidden-security-risks-of-open-source-ai Alright, let’s talk about open-source AI models. If you’re a Linux admin or developer, and you’re already spinning up VMs, writing scripts, or monitoring logs like your life depends on it, you might assume AI isn’t wildly different. It’s software, right? Open-source is supposed to be transparent and reliable, and if something breaks, you dig through the code, patch it up, and call it a day. Tue, 03 Jun 2025 12:07:01 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-logging-detection-gaps https://linuxsecurity.com/features/linux-logging-detection-gaps When a Linux system is compromised, the logs should tell you what happened. In a lot of cases, they don’t. Tue, 05 May 2026 13:31:12 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/control-panel-authentication-failure-linux https://linuxsecurity.com/features/control-panel-authentication-failure-linux Linux security usually comes down to access controls and permissions, but those controls only work if the platform enforcing them holds up. What happens when the control layer most Linux environments depend on fails? Mon, 04 May 2026 17:18:38 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-access-control-security-gaps https://linuxsecurity.com/features/linux-access-control-security-gaps Most Linux hardening work stays focused on access. Flip on a control, lock things down, move on. Doesn’t mean you’re actually covered. Fri, 01 May 2026 13:44:17 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-kernel-copy-fail-container-escape https://linuxsecurity.com/features/linux-kernel-copy-fail-container-escape Most Linux hardening focuses on access. This vulnerability bypasses that entirely. Fri, 01 May 2026 13:26:50 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/memory-safety-software-security https://linuxsecurity.com/features/memory-safety-software-security Most information security best practices are built on a single, comfortable assumption: that we have control over what software is running on our hardware, and that the underlying system behaves exactly as we expect. We assume that the memory management happening under the hood is a solved problem—a silent utility that stays within its lines. Thu, 30 Apr 2026 13:05:47 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/rust-memory-safety-linux-kernel-security https://linuxsecurity.com/features/rust-memory-safety-linux-kernel-security Most information security best practices are built on a single, comfortable assumption: that if we find a bug, we can patch it, and once it’s patched, the system is "safe" again. Wed, 29 Apr 2026 18:10:36 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/kernel-hardening-linux-server-security-best-practices https://linuxsecurity.com/features/kernel-hardening-linux-server-security-best-practices Think about Linux security like the structural integrity of a building. Most information security best practices focus on the front door—locks, cameras, and ID badges. That’s the "policy" layer. It’s great for keeping people out, but it doesn't address what happens to the foundation if those locks fail. Tue, 28 Apr 2026 16:10:36 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/default-linux-package-management-root-access-risk https://linuxsecurity.com/features/default-linux-package-management-root-access-risk Most information security best practices are built on a single, comfortable assumption: that the "root" gate is locked and only the administrator holds the key. We assume that unless we explicitly hand over credentials, the core of the system is off-limits. Mon, 27 Apr 2026 13:37:18 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/what-is-the-impact-of-ai-on-cybersecurity-3-interesting-use-cases https://linuxsecurity.com/features/what-is-the-impact-of-ai-on-cybersecurity-3-interesting-use-cases With the increasing pace and complexity of digital attacks, analysts are turning to AI threat detection to stretch IT resources and keep out cyber threats. No matter the size of a company's operations, AI-driven data analytics tools can provide threat intelligence and enable cybersecurity professionals to select appropriate protection measures. Sat, 25 Apr 2026 11:00:40 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/nmap-basics-what-is-nmap-how-is-it-used https://linuxsecurity.com/features/nmap-basics-what-is-nmap-how-is-it-used Nmap, short for “Network Mapper,” is an open-source network security tool for discovery and auditing. It is one of the most widely used network mapping tools for system administrators to search for hosts and services within a network. Fri, 17 Apr 2026 11:00:23 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-pentesting https://linuxsecurity.com/features/linux-pentesting When setting up network security systems, it is critical to ensure they work correctly and do not have flaws waiting to be exploited. Sat, 25 Apr 2026 12:17:15 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-monitoring-detection-gaps https://linuxsecurity.com/features/linux-monitoring-detection-gaps  If you spend enough time looking at a monitoring dashboard, you start to see a comforting pattern. Green lights mean the servers are up, the logs are flowing, and everything feels under control. But if you look closer, you realize that linux logging is often more of a formal archive than a security tool. There is a quiet gap between seeing that a system is running and actually knowing what it is doing. Thu, 23 Apr 2026 15:43:47 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/container-escape-techniques-security https://linuxsecurity.com/features/container-escape-techniques-security Containers were sold on the promise of container isolation. Think of them like clean, separate rooms in a house where nothing leaks from one room to another. Most teams still operate on this assumption, believing that what happens inside a container stays there. Tue, 21 Apr 2026 13:24:20 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/lateral-movement-detection-linux https://linuxsecurity.com/features/lateral-movement-detection-linux Moving through a network is like using a master key. If you have the key, you do not need to break any windows. On Linux, attackers usually do not "hack" their way from one computer to another. They simply log in using stolen credentials. Wed, 22 Apr 2026 13:16:10 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/how-static-residential-proxies-support-ethical-web-scraping-practices https://linuxsecurity.com/features/how-static-residential-proxies-support-ethical-web-scraping-practices Web scraping is a technique organizations and researchers use to extract useful information from the web. However, this method poses various ethical and technical concerns. Many websites employ anti-scraping measures, making collecting data efficiently and responsibly challenging. Further, frequent similar requests from multiple locations can arouse a system's suspicion, resulting in access being denied. Fri, 20 Sep 2024 19:15:00 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/auditd-vs-ebpf-linux-security-monitoring https://linuxsecurity.com/features/auditd-vs-ebpf-linux-security-monitoring Most teams rely on logs to understand what’s happening on a Linux system. Think of a log like a digital paper trail; every action leaves a trace somewhere. The assumption is that if something goes wrong, you can go back and piece the story together using these records. Mon, 20 Apr 2026 12:30:20 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-runtime-security-ebpf https://linuxsecurity.com/features/linux-runtime-security-ebpf Runtime security has moved from “nice to have” to an operational baseline in Linux environments. Most teams learned the hard way that logs and post-event alerts don’t catch what actually runs on the system in real time. Attackers don’t wait for indexing pipelines or SIEM correlation.  Fri, 17 Apr 2026 15:44:18 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-security-patches https://linuxsecurity.com/features/linux-security-patches Think about Linux security like a product recall. A manufacturer starts fixing the issue before the public notice goes out. If you catch those early signals, you can act before it becomes a known problem. Thu, 16 Apr 2026 16:54:49 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/container-security-misconfigurations https://linuxsecurity.com/features/container-security-misconfigurations Container security failures rarely come from zero-days. They come from the configuration. Misconfigurations don’t trigger alerts. They don456’t crash systems. Most of the time, they sit quietly in production until something starts probing from the outside or moving laterally from the inside. Wed, 15 Apr 2026 16:00:09 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/top-6-vulnerability-scanning-tools https://linuxsecurity.com/features/top-6-vulnerability-scanning-tools Computer systems, software, applications, and Linux servers are all vulnerable to network security threats. Failure to identify these cybersecurity vulnerabilities, often through modern vulnerability scanning tools, can leave companies exposed Tue, 14 Apr 2026 10:00:20 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/shadow-it-developer-tools-linux-security-risk https://linuxsecurity.com/features/shadow-it-developer-tools-linux-security-risk Every company has a "Shadow IT" layer—a collection of developer-built dashboards, AI workflow runners, and data-science notebooks that weren't built by the central IT team. They are the convenient tools that let your teams push features faster, train models quicker, and visualize data on the fly. Mon, 13 Apr 2026 14:42:40 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/cicd-npm-git-unverified-code https://linuxsecurity.com/features/cicd-npm-git-unverified-code Time and time again, Linux systems execute attacker-controlled code during normal operation, and nothing in the system reports it as a failure. Security models still lean on the idea that something has to break first. An exploit fires, a misconfiguration opens a path, a control fails. But in these cases, there is no breakpoint to trace back to, because the commands being used are valid, expected, and fully trusted by the system. The pattern becomes easier to see in automated environments and ... Tue, 31 Mar 2026 16:52:30 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/npm-install-security-risk https://linuxsecurity.com/features/npm-install-security-risk Running npm install is a reflex at this point. You see a progress bar, a few hundred dependencies fly by, and the lockfile updates. You move on to the next task. But that command isn't just a file transfer. It is execution. And it runs with the same user permissions you use to check your email or push to production. The most dangerous code on a Linux system may execute before your application even starts. The recent npm supply chain attack on the Axios library showed how easily a postinstall ... Fri, 03 Apr 2026 13:37:48 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-port-scanning-tools-techniques https://linuxsecurity.com/features/linux-port-scanning-tools-techniques Most Linux admins assume they know which TCP/IP ports their servers expose, until a scan reveals something unexpected. A database port listening on all interfaces, a forgotten development service, or a management interface that was meant to stay internal can easily appear once you look from the network side. Fri, 20 Mar 2026 07:12:17 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/ebpf-security-tools-rootkit-evasion https://linuxsecurity.com/features/ebpf-security-tools-rootkit-evasion Linux runtime security increasingly depends on watching what the operating system is doing in real time. Security tools use eBPF (extended Berkeley Packet Filter) to attach probes within the Linux kernel, recording events such as new processes starting, files being opened, or network connections being created. Those events are then sent to detection engines such as Falco and other Linux runtime monitoring tools, which analyze the activity and alert when something suspicious is detected. This ... Mon, 16 Mar 2026 14:18:03 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/what-are-checksums-why-should-you-be-using-them https://linuxsecurity.com/features/what-are-checksums-why-should-you-be-using-them A checksum is a calculated value that represents the exact contents of a file or message. If the file changes — even by a single byte — the checksum changes as well. That’s why it’s often described as a digital fingerprint for data integrity. Fri, 27 Mar 2026 11:00:58 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/n8n-rce-ni8mare-auth-bypass https://linuxsecurity.com/features/n8n-rce-ni8mare-auth-bypass n8n (CVE-2025-68613) is an open-source automation tool used to connect APIs, databases, and SaaS apps into workflows. It is commonly used to move data between systems, trigger jobs, and tie services together, and in many environments, it also holds credentials and access to internal services. Wed, 18 Mar 2026 16:29:12 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/pam-backdoors-linux-authentication-chain https://linuxsecurity.com/features/pam-backdoors-linux-authentication-chain PAM sits at the center of Linux authentication. Every login, SSH session, and privilege escalation request runs through it. It checks credentials, enforces policy, and chains together modules that decide who can access the system. Most teams rely on it daily without ever tracing what actually happens inside. Mon, 27 Oct 2025 17:40:11 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/intrusion-detection-and-prevention-systems https://linuxsecurity.com/features/intrusion-detection-and-prevention-systems Intrusion detection and prevention systems are often treated as interchangeable. IPS is often described as IDS with blocking turned on. That sounds simple, but the moment traffic runs inline, mistakes start breaking real connections. IDS watches traffic and reports what looks suspicious, while IPS sits in the path and can block connections as they happen.  Let’s walk through that shift using simple Snort examples. The goal is to show what breaks once blocking is enabled and why that changes h... Thu, 12 Mar 2026 08:25:46 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/cncf-research-cloud-native-security https://linuxsecurity.com/features/cncf-research-cloud-native-security As Kubernetes and cloud-native technologies become increasingly integral to IT infrastructures, we Linux security admins must adapt to a rapidly changing environment where agility and security converge. A recent CNCF survey highlights a significant uptick in Kubernetes deployment, with most organizations using container technology as a backbone for their applications. Mon, 14 Apr 2025 11:56:09 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/intrusion-detection-systems-an-introduction https://linuxsecurity.com/features/intrusion-detection-systems-an-introduction Modern networks generate more traffic than most teams can realistically watch. Internal services talk constantly, cloud workloads spin up and down, and even well-configured defenses don’t stop every attack. Stolen credentials still get used. Misconfigured services sit exposed longer than anyone expects. Sooner or later, something slips through, and the first sign usually shows up in the logs. Intrusion detection systems help surface that activity, giving administrators and analysts visibility... Mon, 16 Feb 2026 13:32:29 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/what-is-fail2ban https://linuxsecurity.com/features/what-is-fail2ban Open any internet-facing Linux server and check /var/log/auth.log or run journalctl -u ssh. If it has been up for more than a few minutes, you will see it. Repeated failed logins from IPs you do not recognize, cycling usernames, sometimes hitting root, sometimes trying “admin,” sometimes just random strings. It does not stop. Wed, 25 Feb 2026 03:34:46 +0000 LinuxSecurity Editors features features LinuxSecurity.com