linux
CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs
US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks. An updated joint advisory from CISA, the FBI, the Department of Defense Cyber Crime Center (DC3), the Department of Health and Human Services (HHS), and several international partners alerts that Akira ransomware has expanded its […]
CISA warns of critical CentOS Web Panel bug exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). The agency has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and is giving federal entities subject to the BOD 22-01 guidance until November 25 to apply available security updates and […]
CISA: High-severity Linux flaw now exploited by ransomware gangs
CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks. While the vulnerability (tracked as CVE-2024-1086) was disclosed on January 31, 2024, as a use-after-free weakness in the netfilter: nf_tables kernel component and was fixed via a commit submitted in January 2024, it was first introduced […]
Qilin ransomware abuses WSL to run Linux encryptors in Windows
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. The ransomware first launched as “Agenda” in August 2022, rebranding to Qilin by September and continuing to operate under that name to this day. Qilin has become one of the most […]
CISA warns of critical Linux Sudo flaw exploited in attacks
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, describing it as “an inclusion of functionality from untrusted control sphere.” CISA has given federal […]
Kali Linux 2025.3 released with 10 new tools, Wi-Fi enhancements
Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. Kali Linux is a distribution created for cybersecurity professionals and ethical hackers to conduct red team exercises, penetration testing, security audits, and research against networks. New tool added to Kali Linux 2025.3 As with every release, Kali […]
APT36 hackers abuse Linux .desktop files to install malware in new attacks
The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. The activity, documented in reports by CYFIRMA and CloudSEK, aims at data exfiltration and persistent espionage access. APT 36 has previously used .desktop files to load malware in targeted espionage operations in South Asia. The attacks were first […]
Docker Hub still hosts dozens of Linux images with the XZ backdoor
The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. Docker Hub is the official public container image registry operated by Docker, allowing developers and organizations to upload or download prebuilt images and share them with the […]
New Plague Linux malware stealthily maintains SSH access
A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. Nextron Systems security researchers, who identified the malware and dubbed it “Plague,” describe it as a malicious Pluggable Authentication Module (PAM) that uses layered obfuscation techniques and environment tampering to […]
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. Cybersecurity firm Darktrace discovered the attack during an incident response in April 2025, where an investigation revealed that the Auto-Color malware had evolved to include additional advanced evasion tactics. Darktrace reports […]