Linux, open source, and security news from across the web.
GitHub caught off guard by customers actually using the AI being evangelized
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, bind, expat, httpd:2.4, kernel, kernel-rt, mod_http2, openssl, poppler, redis, redis:7, samba, and unbound), Debian (ironic, kernel-wedge, libinput, linux-base, and neutron), Fedora (kernel, openssl, v…
Hey r/linux, A month ago I posted my little file organizer on Reddit and it got way more attention than I expected. Since then, the #1 request was always Linux support. https://www.reddit.com/r/software/comments/1tis5yj/mouzi_organize_downloads_folder_automatically/ Well, it's he…
No disclosure via official channels, no offer of identity theft monitoring, no problem
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, podman, poppler, and postgresql-jdbc), Debian (chromium, jackson-core, libdbi-perl, and libinput), Fedora (httpd, rust, and xmlstarlet), Mageia (openssh, postfix, and roundcubemail), Oracle (frr, kerne…
Hi everyone =) I've been working on a small open-source comic reader called PANEL. It's a desktop application written in Python for reading CBZ and CBR files locally, with no accounts, subscriptions or cloud services involved. The goal is to provide a simple and lightweight readi…
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSand…
submitted by /u/TheTwelveYearOld [link] [comments]
submitted by /u/socketzora [link] [comments]
Comments
So I have been building a predictive multicloud docker swarm node autoscaler just like Kubernetes ca with ML..... I want to make it a open source project , I have completed multiple part of it the core api is being tested and now I am converting them to docker images . So what sh…
submitted by /u/AnimalStrange [link] [comments]
Comments
Comments
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]
Shipped v0.14.0 of Informity AI. This release adds a full document translation workflow with OCR ingestion, tone selection, export to Markdown or plain text, and much more - all running locally. For those unfamiliar: it's a Mac app that indexes your documents and lets you ask que…
Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorp…
An anonymous reader quotes a report from 404 Media: Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement give…
Hey everyone, I just released Arche: a simple yet powerful open-source monitoring tool. - Extremely lightweight: runs under 100MB RAM on Linux/macOS - Multiple check types: HTTP/S, Ping, TCP, DNS, IMAP, SMTP and more - Clean public status pages - Instant alerts on Telegram & Disc…
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]
I’m not a professional software developer. Most of the things I build start with a simple thought: "I need this for myself." Over the last few weeks I ended up making two small terminal tools that solved problems I personally had, and I figured I'd share them here in case they ha…
Hi all, Curious how folks here are thinking about running AI workloads on Linux servers right now. Are you running anything in production or mostly experimenting? What does your setup look like (containers/Kubernetes, local GPU, pipelines, agents, etc.)? Any challenges you’re run…
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched ups…
At WWDC 2026, Apple announced a new "Siri AI," describing it as a more conversational, personalized, and systemwide assistant that can understand on-screen context and interact with apps while relying on on-device processing or Private Cloud Compute. The relaunch comes two years …
A gallery is definitely the most underrated and often overlooked application found on almost every device and for every OS, yet hardly a few of them work well or work at all. And Most of the time, they are just cloud based services packaged in Electron.js. So, after much annoyanc…
Security teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through managed infrastructure, automated scaling, and AI-driven security analysis. …
Miasma worm shapeshifts, but cloud secret-scouting remains the goal
So a little while ago, i learned that Microsoft made a linux distro called Azure Linux, turns out it was just the continuation of another project they used called CBL Mariner, i found that pretty cool and tried it in a VM, obviously as a surprise to nobody, it's a server distro n…
Hey folks, I’ve been working on Crate for the past few weeks. It’s a small daemonless container runtime written in Go for Linux. The goal was to understand how container runtimes work under the hood instead of treating Docker/Podman as magic. It launches containers directly, stor…
Hi there, in our company our VDI is hosted by AWS on Nutanix platform. What we're having issues with is Omnissa Horizon app on Linux-when trying to connect it kicks out few times from the cloud and then gets stable. My question: is there a way to create some kind od Blast protoco…
Comments
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and Micro…
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deploy…
Is it possible to install and run a DE or a WM on a container (Podman or Docker) and is it usable or is it just a waste of time? It feels something interesting to do, but I don't know if it is something that might work or if it is just a stupid idea and won't work anyway. Did any…
I have an interview for a Linux architect position, mainly designing automation of the ~200k Linux VMs we have in cloud + on prem. I’m currently senior network engineer, built some of our automation around route/switch, DDI, and VM network deployment. My question is, I use Linux …
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP …
Comments
A new npm supply-chain attack has infected 36 packages with Rust-based infostealer malware called IronWorm. According to BleepingComputer, the malware "targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm cred…
Comments
Recently disclosed AWS encryption bug submitted by /u/Sandwich_1337 [link] [comments]
Comments
I'm super happy to announce a new milestone! After almost 6 years of constant development effort, I finally passed the 1000 Stars on Github! Fredy keeps searching for new apartments, houses, and flats in Germany on platforms like ImmoScout24, Immowelt, Immonet, eBay Kleinanzeigen…
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec…
Message a random stranger and receive random messages from other strangers! You can only react, report, or block a message, not respond to it directly. Github links are on the login page. It uses firebase for authentication, GCP, and mongodb. It has an express microservice for au…
I needed to test something on ChromeOS, but didnt want to pull out any other hardware. I have used Dockur windows/mac containers for years, so I packaged Chromeos flex into a similar Dockur style container that does it all for you. It's built on the same qemus/qemu base as dockur…
Google has launched Gemma 4 12B, a 12-billion-parameter open AI model designed to run locally on your laptop without depending entirely on cloud infrastructure. WION reports: According to Google, the new model delivers performance close to much larger AI systems while requiring s…
Comments
Security updates have been issued by Debian (php-twig), Fedora (hplip, python-wsgidav, roundcubemail, and xorg-x11-server), Oracle (compat-openssl10, httpd:2.4, and kernel), Red Hat (osbuild-composer), SUSE (busybox, cloudflared, cockpit, cups, ffmpeg-4, gnutls, google-osconfig-a…
An anonymous reader quotes a report from GeekWire: A team inside Microsoft has been quietly building a platform for devices that run AI agents instead of apps, based on Android instead of Windows, with two working hardware designs so far, and an initial set of big-name companies …
Documenting four campaigns that hit npm over the last two weeks. Posting for community awareness — IOCs and behavioral patterns below. Sonatype-2026-003429 — 176-package dependency confusion (May 28, 2026) Tracked by Sonatype (full writeup). Sentinel versions: 99.99.99, 9.9.9, 9.…
We added a detection rule for --allow-dangerously-skip-permissions in Claude Desktop. Then we found an attack chain nobody was talking about. "No shell, no impact" is the wrong mental model for AI agents. An agent running with that flag, even with Bash blocked, can still: • Read …
Security updates have been issued by AlmaLinux (php:8.2 and php:8.3), Debian (gst-plugins-good1.0, symfony, and yelp), Fedora (dovecot, freeipa, hplip, libpng, perl-Catalyst-Plugin-Authentication, postfix, samba, unbound, and vim), Mageia (assimp, libcaca, sdl2_sound, and tar), S…
Attackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secrets
I’ve spent way too much time reinventing tools that already exist. To save myself the trouble, I builtpatentwhich is a CLI utility that searches 11 open-source ecosystems from your terminal to see if your idea is actually original. It’s designed to be a "prior-art" search for cod…
Comments
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]
If you've ever built specialized subagents and wanted to distribute them, you'd probably stash them on a GitHub repository and share the link. But Imho, this not the best way since you cannot observe how your users use the agents. How do you decide what to iterate on unless you k…
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same co…
Aikido Security says more than 30 official @redhat-cloud-services npm packages were compromised with a credential-stealing worm called "Miasma," a variant resembling the open-sourced Mini Shai-Hulud supply-chain malware. "The packages were published via GitHub Actions OIDC, indic…
Hey y'all, I'm Matt, I'm an open source dev and maintain Freestyle. Lately I've been obsessively using voice dictation, particularly Wispr Flow. Credit where it's due, it's a genuinely polished product. Low latency, the post-processing is great, the product feels premium. It’s ch…