Arch Linux Blocks New AUR Registrations Amid Malware Cleanup
Arch Linux’s AUR is still operational, while new account registration appears blocked during ongoing cleanup work.
security
Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages
Arch contributors are cleaning up a malware incident in the AUR after suspicious updates appeared across several user-maintained packages.
New HTTP/2 Bomb DoS Attack Hits Nginx, Apache, IIS, Envoy, and Pingora
A new HTTP/2 Bomb DoS attack can exhaust memory on major web servers, causing denial-of-service in seconds.
Red Hat npm Packages Compromised in Supply Chain Attack
Red Hat cloud services npm packages were compromised in a supply chain attack that used a preinstall script to steal developer and CI secrets.
CIFSwitch Vulnerability Exposes Some Linux Distros to Local Root Access
The flaw affects the boundary between the Linux CIFS client and cifs-utils, allowing local root access on some systems.
ModuleJail Blocks Unused Linux Kernel Modules to Limit Attack Surface
ModuleJail is a new project that blacklists unused Linux kernel modules, helping reduce the attack surface exposed by recent local privilege escalation flaws.
WireGuard Easy 15.3 Adds Server-Side Allowed IP Enforcement
WireGuard Easy 15.3 adds server-side Allowed IP enforcement, improving client access control for self-hosted WireGuard VPN setups.
Rocky Linux Adds Security Repo for Urgent Fixes
Rocky Linux introduces an opt-in Security Repository for urgent fixes when critical vulnerabilities need patches before upstream updates arrive.
Parrot OS 7.2 Ships with Linux Kernel 6.19 and Copy Fail Fix
Parrot OS 7.2 is now available with Linux kernel 6.19, updated security tools, Debian package sync, and Copy Fail mitigation.
IPFire 2.29 Core Update 201 Launches with DNS Firewall
IPFire 2.29 Core Update 201 introduces DNS Firewall, replacing the old URL Filter with DNS-level domain blocking.