New Python backdoor DEEP#DOOR uses a legitimate tunneling service to steal browser and cloud credentials, evading traditional defenses.
Breaking: Fake cell towers spread SMS scams, critical OpenEMR flaws expose patient data, and 600K Roblox accounts hacked. Experts urge immediate action.
Two major Python packages, PyTorch Lightning and Intercom-client, were hit in a supply chain attack that published malicious versions to steal credentials. Security firms urge immediate action.
Attackers use poisoned Ruby gems and Go modules to steal credentials via CI pipelines, attributed to BufferZoneCorp GitHub account.
Two cybersecurity professionals sentenced to 4 years for deploying BlackCat ransomware in 2023 attacks.
MSPs lose revenue due to five sales challenges despite cybersecurity market doubling to $69B by 2030. Experts urge strategy shift.
China-linked SHADOW-EARTH-053 campaign targets Asian governments, a NATO state, and journalists. Trend Micro reports sophisticated espionage with custom malware.
Two cybercrime groups, Cordial Spider and Snarky Spider, are using vishing and SSO abuse for rapid SaaS extortion attacks, leaving minimal traces.
A Vietnamese-linked group stole over 30k Facebook accounts via Google AppSheet phishing, selling them on an illicit storefront.
Trellix confirms unauthorized access to its source code repository. Forensic experts and law enforcement involved. Implications for customers and security industry.
Python's Packaging Council, approved via PEP 772, brings formal governance to packaging standards and tools. Five elected members will oversee decisions, with first election in June 2026.
Xint discovered a Linux kernel bug (since 2017) enabling arbitrary 4-byte writes to page cache via AEAD sockets and splice. Fixed in mainline.
Explore the latest LWN.net Weekly Edition covering Famfs filesystem, Python Packaging Council, Zig concurrency, Linux pages/folios, Strawberry music manager, 7.1 kernel merge window, and briefs.
Thursday's security updates from AlmaLinux, Debian, Fedora, Red Hat, SUSE, and Ubuntu address vulnerabilities in numerous packages including browsers, containers, and system tools.
Greg Kroah-Hartman released seven new stable kernels. Two specialize in Xen fixes; five address the critical AEAD socket vulnerability. All users of affected series must upgrade.
GCC 16.1 is released with C++20 as default, experimental C++26 features (reflection, contracts, expansion statements, std::simd), a new experimental Algol68 frontend, and HTML diagnostic output.
Linux kernel's restartable sequences optimization in 6.19 breaks Google's TCMalloc due to undocumented dependencies, illustrating Hyrum's Law. The no-regressions rule forces a compromise, highlighting API design lessons.
Explore how Prolly trees, a variant of B-trees, enable efficient version control in databases, focusing on Dolt's implementation for branching, merging, and historical queries.
The UK's NHS plans to close most open source repositories due to AI security scanning tools, but critics argue it's unnecessary and contradicts open government principles.
Ubuntu 26.10 Stonking Stingray releases Oct 15, 2026. Key dates: feature freeze Aug 10, beta Oct 3, RC Oct 10. Plan your upgrade with this 10-point guide.