Linux, open source, and security news from across the web.
OpenZFS 2.4.3 is out today as the newest stable point release to this open-source ZFS file-system implementation as well as point releases for the OpenZFS 2.3 and 2.2 series too...
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, an…
An anonymous reader quotes a report from ZDNet: If digital sovereignty is important to you, and it certainly is in the European Union (EU), then you'll be pleased to know that EuroOffice, a new open-source browser-based office suite alternative to Microsoft 365 and Google Workspa…
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]
A researcher using the name Nightmare Eclipse has released a new Microsoft Defender zero-day exploit called "RoguePlanet," which reportedly works on fully patched Windows 10 and 11 systems and can spawn a command prompt with SYSTEM privileges through a Defender race condition. Th…
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSand…
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. [...]
Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution. The post Critical Vulnerabilities Patched in Fortinet, Ivanti Products appeared first on SecurityWeek.
Microsoft has patched 200 vulnerabilities including three zero-days
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory…
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. [...]
A separate zero-day also disclosed by Nightmare Eclipse appears to be patched as well.
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]
Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...]
A total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI. The post OpenSSL Patches High-Severity Vulnerability Found With AI appeared first on SecurityWeek.
The Asahi Linux project, which brings Linux support to Apple Arm-based Macs, has warned its users not to upgrade to the macOS 27 "Golden Gate" beta. Apple has changed how the boot picker and Startup Disk applications detect valid OS boot volumes. When using either from macOS 27, …
Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched ups…
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]
A new version of HandBrake, the open-source and cross-platform media conversion tool, is available to download. HandBrake 1.11.2 is a maintenance update in the current 1.11.x stable release, which was released in March 2026 and added DNxHR and ProRes encoder support, and an AMD V…
FreeBSD 15.1 was supposed to be out at the start of June but a second release candidate pushed it back by a week and now a third needed release candidate has pushed out the stable release by an additional week...
It's unfortunately another busy week in the Linux 7.1 kernel space with not everything slowing down so well, late in the cycle and leading to the upcoming 7.1 stable release. This week's DRM pull request of kernel graphics/accelerator drivers is again heavy on fixes and also ends…
CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has no…
The stable release of systemd 261 is quickly approaching for being found in H2'2026 Linux distributions...
The growing coalition is days away from shipping Euro-Office's first stable release.
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was…
As noted back in April, with Ubuntu 26.04 LTS it's now possible to simply "apt install rocm" on Ubuntu Linux for installing AMD's open-source GPU compute stack. But as prominently noted there, what's shipped right now in Ubuntu 26.04 LTS is already months out of date compared to …
Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek.
Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivi…
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]
A second release candidate of FreeBSD 15.1 was warranted and in turn released this weekend which now pushes the stable release back by one week...
The Linux 7.1-rc6 kernel is now available for closing out the month of May and approaching the Linux 7.1 stable release that should be out by mid-June...
"A security researcher published a series of unpatched bugs in Microsoft products," reports TechCrunch, "along with code to exploit them." Microsoft's response to the researcher? "Threatening to take legal action and call the cops on them." On Wednesday, Microsoft published a blo…
Canonical has released the first monthly snapshot of Ubuntu 26.10 ‘Stonking Stingray’. This is the first of 4 planned testing builds in the lead up to the final, stable release of Ubuntu 26.10 on 15 October, 2026. Utkarsh Gupta announced the release on the Ubuntu developer mailin…
May security update trips over hostnames of a very specific length
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across manag…
Eric Engestrom announced the release of Mesa 26.0.8 today as the latest stable point release of that Q1'2026 driver series and the last planned update for that stable series...
CERT-In says internet-facing or critical systems should be patched, mitigated, or cut off within half a day where feasible
wiredmikey shares a report from SecurityWeek: Anthropic says its Claude Mythos model discovered thousands of severe vulnerabilities across more than 1,000 open source software (OSS) projects. According to the AI giant, Mythos Preview has identified more than 23,000 potential vuln…
Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. [...]
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnera…
Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago…
I've been building this project for a while now (more than 2 and a half years), and v0.4.0 feels like a big milestone for me, where the project actually became useful and convenient enough for everyday use. The short version: it's a self-hosted app that utilizes your GPU to learn…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-908…
Released earlier this month was the OpenCL 3.1 specification with a focus on enhancing AI and HPC workloads for this long-time Khronos specification. Out today is OpenCL 3.1.1 as a point release with an emphasis on addressing a possible performance regression of OpenCL 3.1...
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Aleksey Samoilov has announced the release of TileOS 2.0, a major update of the project's Debian-based Linux distribution featuring several popular Wayland tiling compositors, including Sway and River, as well as th…
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 securi…
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codena…
Microsoft has patched 120 vulnerabilities in this month’s security update round
Microsoft has patched two zero-day flaws and over 160 others
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole