https://linuxsecurity.com/ The central voice for Linux and Open Source security news. en-us 1999-2026 Guardian Digital, Inc. All rights reserved dave@linuxsecurity.com (Dave Wreski) Tue, 09 Jun 2026 05:11:29 +0000 Tue, 09 Jun 2026 05:11:29 +0000 generate_indexes_v33_primary_archive.php http://blogs.law.harvard.edu/tech/rss 20 https://linuxsecurity.com/features/cron-jobs-linux-persistence https://linuxsecurity.com/features/cron-jobs-linux-persistence A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. Mon, 08 Jun 2026 14:41:55 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/security-vulnerabilities/ironworm-linux-credentials-supply-chain-attack https://linuxsecurity.com/news/security-vulnerabilities/ironworm-linux-credentials-supply-chain-attack IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk.  Mon, 08 Jun 2026 14:14:57 +0000 LinuxSecurity Editors news security-vulnerabilities LinuxSecurity.com https://linuxsecurity.com/features/linux-security-ai https://linuxsecurity.com/features/linux-security-ai It’s hard to think of a technology more impactful than Artificial Intelligence (AI). While it’s been around for a while, it’s only recently broken into the mainstream. Now that it has, it’s rewriting the playbook for much of the tech industry, especially open-source software (OSS). Mon, 10 Feb 2025 18:38:16 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-server-security-a-getting-started-guide https://linuxsecurity.com/features/linux-server-security-a-getting-started-guide Are your Linux servers secure? No machine connected to the internet is 100% secure, of course. In the words of security guru Bruce Schneier: “Security is a process, not a product.” However, this doesn't mean that you are helpless. Although cyber attacks, hacks and breaches are sometimes unavoidable, all system administrators and users can take definitive measures to mitigate their risk online.  Mon, 31 Aug 2020 15:00:44 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/howtos/secure-my-network/harden-ssh-on-linux https://linuxsecurity.com/howtos/secure-my-network/harden-ssh-on-linux Most SSH hardening advice ends at the same recommendation: Disable password authentication and use SSH keys. Fri, 05 Jun 2026 16:20:01 +0000 LinuxSecurity Editors howtos secure-my-network LinuxSecurity.com https://linuxsecurity.com/features/linux-rootkits-cloud-vmware https://linuxsecurity.com/features/linux-rootkits-cloud-vmware Linux rootkits are old, but they never really disappeared. They just stopped attracting the same attention. Mon, 01 Jun 2026 22:47:48 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/server-security/nlp-phishing-detection https://linuxsecurity.com/news/server-security/nlp-phishing-detection Cybercriminals these days use various tactics to lure you and steal your sensitive information. Phishing emails are one of them. Hackers inject malicious code into emails to gather crucial data, including passwords, bank account details, and credit card numbers. In fact, they target not only individuals but also Fortune 500 companies.  Fri, 08 Aug 2025 12:51:43 +0000 LinuxSecurity Editors news server-security LinuxSecurity.com https://linuxsecurity.com/news/government/mar-a-lagos-security-problems-go-way-beyond-a-thumb-drive https://linuxsecurity.com/news/government/mar-a-lagos-security-problems-go-way-beyond-a-thumb-drive A Chinese woman was arrested for sneaking into Trump's "Winter White House," a reminder of how exposed the president's private club is to physical and cybersecurity risks. Sat, 06 Apr 2019 01:10:56 +0000 LinuxSecurity Editors news government LinuxSecurity.com https://linuxsecurity.com/features/siem-architecture-best-practices https://linuxsecurity.com/features/siem-architecture-best-practices Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. Thu, 04 Jun 2026 14:53:23 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/http2-bomb-linux-server-risk https://linuxsecurity.com/features/http2-bomb-linux-server-risk A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. Thu, 04 Jun 2026 14:49:21 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/server-security/zero-trust-email-security-linux https://linuxsecurity.com/news/server-security/zero-trust-email-security-linux Email threats have long outgrown spamming and obvious phishing. Attackers now exploit trust itself. They impersonate internal users, hijack legitimate threads, and abuse misconfigured configurations. Defenses like perimeter filtering or static rules are not adequate any longer. A Zero Trust model redefines the issue by eliminating implicit trust at all phases of email processing. This shift is especially important in modern Linux mail environments where services are often modular, network-exp... Fri, 17 Apr 2026 13:01:32 +0000 LinuxSecurity Editors news server-security LinuxSecurity.com https://linuxsecurity.com/features/linux-web-app-security-compliance https://linuxsecurity.com/features/linux-web-app-security-compliance Security is vital for your Linux web apps, but keeping up with the latest exploits and meeting compliance standards can quickly become overwhelming. Sat, 18 May 2024 15:00:38 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/howtos/secure-my-network/unauthorized-ssh-keys-lateral-movement https://linuxsecurity.com/howtos/secure-my-network/unauthorized-ssh-keys-lateral-movement Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. Wed, 03 Jun 2026 17:17:35 +0000 LinuxSecurity Editors howtos secure-my-network LinuxSecurity.com https://linuxsecurity.com/features/nx-console-supply-chain-attack https://linuxsecurity.com/features/nx-console-supply-chain-attack The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. Wed, 03 Jun 2026 17:02:35 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/howtos/secure-my-network/understand-failed-authentication-patterns-linux-logs https://linuxsecurity.com/howtos/secure-my-network/understand-failed-authentication-patterns-linux-logs Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. Thu, 28 May 2026 21:35:37 +0000 LinuxSecurity Editors howtos secure-my-network LinuxSecurity.com https://linuxsecurity.com/features/red-hat-npm-package-compromise https://linuxsecurity.com/features/red-hat-npm-package-compromise Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. Tue, 02 Jun 2026 16:00:18 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-persistence-hunting-techniques https://linuxsecurity.com/features/linux-persistence-hunting-techniques You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. Tue, 02 Jun 2026 16:00:53 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/server-security/proxmox-vm-backup-linux https://linuxsecurity.com/news/server-security/proxmox-vm-backup-linux It is necessary to back up Proxmox virtual machines (VM) to avoid data loss in any scenario, including hardware failure, software issues, or human error. When disaster strikes, you can quickly restore the needed data and ensure business continuity. Read this post to learn how to back up Proxmox VMs on Linux. Mon, 26 May 2025 21:11:52 +0000 LinuxSecurity Editors news server-security LinuxSecurity.com https://linuxsecurity.com/howtos/secure-my-network/linux-ids-vs-ips https://linuxsecurity.com/howtos/secure-my-network/linux-ids-vs-ips The wrong IPS rule can look like a security fix right up until it becomes an outage. Mon, 01 Jun 2026 17:00:43 +0000 LinuxSecurity Editors howtos secure-my-network LinuxSecurity.com https://linuxsecurity.com/howtos/secure-my-network/respond-compromised-linux-server https://linuxsecurity.com/howtos/secure-my-network/respond-compromised-linux-server The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before mak... Thu, 28 May 2026 16:15:33 +0000 LinuxSecurity Editors howtos secure-my-network LinuxSecurity.com https://linuxsecurity.com/features/linuxsecurity-reimagined https://linuxsecurity.com/features/linuxsecurity-reimagined LinuxSecurity.com has been part of the Linux and open-source security community since the late 1990s. Over the years, the platform has evolved alongside the Linux threat landscape itself — from the early days of mailing lists and isolated vulnerability disclosures to today’s nonstop cycle of advisories, exploit research, malware reporting, supply chain attacks, and infrastructure-focused threat intelligence. Mon, 25 May 2026 17:00:30 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/network-security/ztna-linux-security https://linuxsecurity.com/news/network-security/ztna-linux-security In 2025, the CISO’s job isn’t just about stopping breaches—it’s about enabling business without compromising security. Whether it’s remote access to Linux servers, meeting new compliance mandates, or defending against constant phishing attempts, ZTNA provides the control and flexibility needed to adapt. Wed, 13 Aug 2025 20:23:34 +0000 LinuxSecurity Editors news network-security LinuxSecurity.com https://linuxsecurity.com/features/ssh-key-sprawl-linux-forgotten-keys-backdoors https://linuxsecurity.com/features/ssh-key-sprawl-linux-forgotten-keys-backdoors A production Linux server gets rebuilt from an old image. A contractor leaves. A CI/CD job is retired. Months later, the same SSH public keys are still sitting in authorized_keys, silently trusted by root or a service account nobody owns anymore. Wed, 27 May 2026 23:00:34 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/howtos/secure-my-network/diagnose-suspicious-outbound-connections-linux https://linuxsecurity.com/howtos/secure-my-network/diagnose-suspicious-outbound-connections-linux When a Linux server initiates an unauthorized outbound connection to an unknown IP address, it rarely triggers an immediate system failure. Instead, the server continues running normally, and the connection is usually only discovered during a routine firewall log review, a DNS audit, or a post-incident investigation. Because there are no obvious system crashes or performance drops, these quiet outbound sessions can easily be overlooked. Wed, 27 May 2026 17:50:59 +0000 LinuxSecurity Editors howtos secure-my-network LinuxSecurity.com https://linuxsecurity.com/features/github-actions-supply-chain-threat https://linuxsecurity.com/features/github-actions-supply-chain-threat For years, most software supply chain attacks focused on malicious dependencies and vulnerable open-source packages. Recent GitHub Actions compromises exposed a different problem entirely. Attackers increasingly target the automation systems responsible for building, testing, and deploying software because those systems often hold broader operational access than the applications themselves. Tue, 26 May 2026 22:25:13 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/network-security/secure-linux-networking-for-digital-nomads https://linuxsecurity.com/news/network-security/secure-linux-networking-for-digital-nomads The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. Tue, 26 May 2026 22:12:32 +0000 LinuxSecurity Editors news network-security LinuxSecurity.com https://linuxsecurity.com/news/server-security/cron-job-persistence-linux-systems https://linuxsecurity.com/news/server-security/cron-job-persistence-linux-systems Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. Mon, 25 May 2026 19:26:37 +0000 LinuxSecurity Editors news server-security LinuxSecurity.com https://linuxsecurity.com/features/linux-infrastructure-security https://linuxsecurity.com/features/linux-infrastructure-security The recent FamousSparrow attacks reportedly relied on exposed web applications, ProxyLogon exploitation, and other well-known server-side vulnerabilities.  Fri, 22 May 2026 17:43:48 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-privilege-escalation-patterns https://linuxsecurity.com/features/linux-privilege-escalation-patterns Linux privilege escalation starts once an attacker gets a foothold on a machine. Maybe it is a regular user account. Maybe it is an exposed application that nobody patched, or a reused password from another breach. Root access is usually the next objective. Attackers typically keep digging once inside, looking for a way to gain root privileges and remove the restrictions around them. Fri, 22 May 2026 23:20:52 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/server-security/secure-remote-access-linux-servers https://linuxsecurity.com/news/server-security/secure-remote-access-linux-servers Linux runs the internet. More than 96% of the world’s top one million web servers operate on Linux-based systems. That makes every linux server a target by default. Attackers do not go where defenses are strongest; they go where the infrastructure is exposed. Wed, 13 May 2026 13:11:26 +0000 LinuxSecurity Editors news server-security LinuxSecurity.com https://linuxsecurity.com/features/container-escape-techniques-security https://linuxsecurity.com/features/container-escape-techniques-security Containers were sold on the promise of container isolation. Think of them like clean, separate rooms in a house where nothing leaks from one room to another. Most teams still operate on this assumption, believing that what happens inside a container stays there. Wed, 22 Apr 2026 16:00:50 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/iot-security/edge-security-best-practices-iot https://linuxsecurity.com/news/iot-security/edge-security-best-practices-iot With the average number of weekly cyberattacks per company rising by 75% in Q3 of last year, the pursuit of effective cybersecurity is relentless in the ever-evolving threat landscape. And while the Internet of Things (IoT) may have introduced us to smart, hyperconnected devices, it’s also introduced a unique set of cybersecurity risks. Sat, 12 Jul 2025 15:44:59 +0000 LinuxSecurity Editors news iot-security LinuxSecurity.com https://linuxsecurity.com/news/server-security/linux-server-disaster-recovery https://linuxsecurity.com/news/server-security/linux-server-disaster-recovery What happens when your Linux server goes down? Is your organization prepared to recover quickly and securely, or will critical data and operations be left vulnerable?  Tue, 04 Mar 2025 00:07:47 +0000 LinuxSecurity Editors news server-security LinuxSecurity.com https://linuxsecurity.com/news/security-projects/getting-started-open-source-security-scanners https://linuxsecurity.com/news/security-projects/getting-started-open-source-security-scanners Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical security, workflow, wireless security, and human security testing. Developers should effectively manage risks that may cause vulnerabilities. Automation testing on Linux allows repeatability, compliance, and application interaction. Fri, 31 Jan 2025 17:41:21 +0000 LinuxSecurity Editors news security-projects LinuxSecurity.com https://linuxsecurity.com/news/security-trends/why-itdr-is-crucial-for-securing-linux-systems https://linuxsecurity.com/news/security-trends/why-itdr-is-crucial-for-securing-linux-systems Identity-based attacks like login attempts from unusual geographic locations or at unexpected times, as well as enforcing MFA and maintaining detailed logs of all identity-related activities, are becoming more important as attacks against these systems become more prevalent. Fri, 29 Nov 2024 22:56:55 +0000 LinuxSecurity Editors news security-trends LinuxSecurity.com https://linuxsecurity.com/news/cryptography/passkey-solutions-open-source-security https://linuxsecurity.com/news/cryptography/passkey-solutions-open-source-security Security in open-source projects has always been a challenge. The very nature of open-source software encourages collaboration, transparency, and improvement, all of which make the system potentially more exposed to risks. Thu, 28 Nov 2024 21:20:46 +0000 LinuxSecurity Editors news cryptography LinuxSecurity.com https://linuxsecurity.com/news/vendors-products/github-breach-supply-chain-risks https://linuxsecurity.com/news/vendors-products/github-breach-supply-chain-risks A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. Thu, 21 May 2026 20:28:06 +0000 LinuxSecurity Editors news vendors-products LinuxSecurity.com https://linuxsecurity.com/news/security-trends/cloud-risks-linux-workloads https://linuxsecurity.com/news/security-trends/cloud-risks-linux-workloads Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is.  Thu, 21 May 2026 20:20:58 +0000 LinuxSecurity Editors news security-trends LinuxSecurity.com https://linuxsecurity.com/features/linux-proxy-servers https://linuxsecurity.com/features/linux-proxy-servers A linux proxy server has been around for years, but in 2026, it’s become baseline infrastructure. Privacy demands are higher, compliance rules are stricter, and the hybrid cloud has blurred the edge of the network. Thu, 27 Nov 2025 19:14:03 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/trusted-software-pipelines-linux-security https://linuxsecurity.com/features/trusted-software-pipelines-linux-security Microsoft announced this week that it disrupted a malware-signing operation that helped cybercriminals distribute ransomware disguised as legitimate software. According to the company, a threat actor called Fox Tempest abused Microsoft Artifact Signing to generate short-lived code-signing certificates for malicious payloads. Wed, 20 May 2026 23:03:22 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-server-practical-hardening-guide https://linuxsecurity.com/features/linux-server-practical-hardening-guide Linux server hardening is mostly about reducing unnecessary exposure while keeping systems stable enough to manage in production. That sounds straightforward until servers start accumulating changes over time. New services get deployed, firewall rules expand, SSH access grows, monitoring tools are added, and temporary operational fixes slowly become permanent parts of the environment. Wed, 20 May 2026 17:45:01 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/linux-kernel-module-hardening-modulejail https://linuxsecurity.com/features/linux-kernel-module-hardening-modulejail Your Linux server may be carrying kernel code for hardware, filesystems, cryptographic interfaces, and network features it will never use. Tue, 19 May 2026 22:31:10 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/features/systemd-abuse-linux-server-detection https://linuxsecurity.com/features/systemd-abuse-linux-server-detection A Linux process that keeps coming back after a reboot is worth slowing down for. It may not crash anything. The name may look like normal maintenance, the server may keep serving traffic, and nothing on the box may feel urgent enough to pull an incident handler away from other work. Tue, 19 May 2026 20:57:01 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/news/vendors-products/how-to-choose-mxdr-provider https://linuxsecurity.com/news/vendors-products/how-to-choose-mxdr-provider Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. Tue, 19 May 2026 12:22:31 +0000 LinuxSecurity Editors news vendors-products LinuxSecurity.com https://linuxsecurity.com/features/critical-nginx-vulnerability https://linuxsecurity.com/features/critical-nginx-vulnerability New flaw leads to denial-of-service on affected NGINX configurations. If ASLR is disabled, it may become a remote code execution.  Mon, 18 May 2026 20:35:39 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/howtos/harden-my-filesystem/detect-unauthorized-file-changes-linux https://linuxsecurity.com/howtos/harden-my-filesystem/detect-unauthorized-file-changes-linux A Linux system can be changed without immediately looking broken. A service still starts. Users still log in. The application still responds. Then an administrator finds that an SSH setting was changed, a firewall rule file has different permissions, or a systemd unit appeared in a directory where nothing new was expected. Mon, 18 May 2026 21:30:59 +0000 LinuxSecurity Editors howtos harden-my-filesystem LinuxSecurity.com https://linuxsecurity.com/features/linux-log-analysis https://linuxsecurity.com/features/linux-log-analysis Fri, 24 Apr 2026 15:00:32 +0000 LinuxSecurity Editors features features LinuxSecurity.com https://linuxsecurity.com/howtos/learn-tips-and-tricks/how-to-encrypt-a-hard-disk-with-linux https://linuxsecurity.com/howtos/learn-tips-and-tricks/how-to-encrypt-a-hard-disk-with-linux Dear nixCraft, I carry my Linux powered laptop just about everywhere. How do I protect my private data stored on partition or removable storage media against bare-metal attacks where anyone can get their hands on my laptop or usb pen drive while traveling? Tue, 19 Jul 2022 15:26:32 +0000 LinuxSecurity Editors howtos learn-tips-and-tricks LinuxSecurity.com https://linuxsecurity.com/howtos/learn-tips-and-tricks/github-actions-runner-security-linux https://linuxsecurity.com/howtos/learn-tips-and-tricks/github-actions-runner-security-linux Self-hosted GitHub Actions runners give organizations far more flexibility than standard cloud-hosted runners. Teams can integrate internal infrastructure directly into CI/CD workflows, automate Kubernetes deployments, run custom tooling, and manage Linux-based build environments without relying entirely on external infrastructure. Fri, 15 May 2026 21:59:21 +0000 LinuxSecurity Editors howtos learn-tips-and-tricks LinuxSecurity.com https://linuxsecurity.com/features/rubygems-attack-linux-supply-chain-risk https://linuxsecurity.com/features/rubygems-attack-linux-supply-chain-risk RubyGems temporarily suspended new account registrations this week after threat actors pushed hundreds of malicious packages into the Ruby package ecosystem. At first glance, that may sound like a Ruby-specific problem. It is not. Thu, 14 May 2026 12:02:46 +0000 LinuxSecurity Editors features features LinuxSecurity.com