Malware has been discovered in at least three Arch Linux packages available on AUR (Arch User Repository), the official Arch Linux repository of user-submitted packages. The malicious code has been removed thanks to the quick intervention of the AUR team.
Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails.
An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating system's distributions that would delete user files.
Canonical has kept a promise it made in February this year and has made public some of the telemetry it gathered from Ubuntu Desktop users in the past three months.
Microsoft fixed yesterday a faulty Debian package that was messing with users' OS settings during its installation routine. The faulty package that was causing all the problems was Open R v3.5. Open R is an enhanced version of the R programming language maintained by Microsoft.
Microsoft agreed to hold a vote for a new name for their GVFS project after over a year of complaints from developers and users that it was causing confusion with the long-standing Gnome GVfs package.
Simone Margaritelli, the VP of Research at Zimperium, has created a Linux port of Little Snitch, a popular macOS firewall application. Named OpenSnitch, the Linux port works on the same principles of the Mac version, being a host-based firewall that notifies users when apps attempt to initiate new outgoing network connections.
A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccesible.
Yesterday LinusÂ Torvalds officially releasedÂ Linux 4.16.Â Â In an announcement to the Linux Kernel Mailing List, Linus announced that this release of the Linux kernel was "small and calm", mostly related to networking,Â and that there was no need to continue testing it for another week.
A hacker group has made nearly $75,000 by installing a Monero miner on Linux servers after exploiting a five-year-old vulnerability in the Cacti "Network Weathermap" plugin.
Lately Microsoft has been pushing out new Linux distributions for the Windows Subsystem For Linux (WSL) lately. First, Kali Linux was released earlier this week and now Microsoft adds Debian GNU/Linux to the Windows Store.
Google is in the process of adding support to Chrome OS for running containerized Linux applications, according to a commit spotted in the operating system's source code last week by Reddit users.
Hackers are using SSH brute-force attacks to take over Linux systems secured with weak passwords and are deploying a backdoor named Chaos.
Linux users running KDE Plasma desktop environments need to apply patches to fix a bug that can lead to malicious code execution every time a user mounts a USB thumb drive on his computer.
Members of the open source community are working on a new security-focused project for the Linux kernel. Named Linux Kernel Runtime Guard (LKRG), this is a loadable kernel module that will perform runtime integrity checking of the Linux kernel.
Linus Torvalds wrote a scathing email to the Linux Kernel mailing list where he does not hold back regarding how he feels about the Spectre patches. Calling them "complete and utter garbage", Linus states that while Intel appears to be trying, or will be doing, the right thing regarding the Meltdown patches, he felt that Intel was pa