You are here

LinuxSecurity.com

Subscribe to Feed LinuxSecurity.com
The central voice for Linux and Open Source security news.
Përditësimi: 6 orë 24 min më parë

Hardening Linux KVM Against VM Escape Attacks

Mar, 07/07/2026 - 5:04md
A 16-year-old KVM vulnerability recently hit the news, and honestly? It’s a healthy dose of reality. We like to think of our hypervisors as these impenetrable walls, but this is a reminder that VM isolation isn't a permanent guarantee.  Even in the most mature Linux virtualization stacks, you’ve got code paths that haven't been touched in over a decade, just waiting for the right researcher to pull on the wrong thread. For those of us running KVM hosts, this isn't just about grabbing the late...

Detection-as-Code for Linux: Building Security Rules That Last

Mar, 07/07/2026 - 4:10md
One of the easiest mistakes to make in detection engineering is assuming a rule keeps working simply because nobody has touched it. Most of the time, nobody removes the rule. Nobody disables it. It just gets forgotten.

The Hidden Cost of Enterprise SSH Authentication

Hën, 06/07/2026 - 7:00md
We often view OpenSSH security updates through the lens of standard patch management. When a new CVE hits, we scramble to update, check our versions, and return to business as usual. But recent vulnerabilities tied to distribution-added OpenSSH GSSAPI patches are a reminder that the danger doesn't always lie in the core code; it often resides in the "convenience" features we layer on top.

How to Check Docker Container Isolation in Linux

Hën, 06/07/2026 - 4:16md
Docker makes containers feel like separate, lightweight virtual machines. They have their own hostnames, processes, and networking—but are they actually isolated? Many administrators assume they are without ever verifying the boundaries. If you’ve ever wondered what truly separates your application from the host, this guide is for you. We’ll use simple Docker commands to verify container isolation firsthand and uncover exactly what remains shared with the host.

How Linux Security Teams Can Prioritize Real-World Attack Paths and Reduce Alert Fatigue

Hën, 06/07/2026 - 2:23md
Linux security teams are drowning. Patches, kernel updates, new CVEs every week. SSH exposed here, an old web service there, and a forgotten cron job running as root. On top of that, SIEM dashboards blink all day with alerts that all claim to be “high priority.”

Linux Security Roundup: Prioritizing This Week's Critical Updates

Pre, 03/07/2026 - 5:11md
Before you close out the week, check what still needs to be patched.

How to Investigate Linux Persistence During Incident Response

Pre, 03/07/2026 - 3:22md
You’re staring at a service or a cron job that’s giving you a bad feeling. Stop. The most dangerous thing you can do right now is act on that gut feeling alone. Linux systems are inherently noisy—package managers, configuration management, and the occasional "quick fix" from a colleague can all leave weird artifacts behind.

Linux Kernel Module Rootkits: How Attackers Hide After Compromising Cloud Workloads

Enj, 02/07/2026 - 7:10md
If you think you know what’s running on your Linux host, you’re probably wrong. Not because you’re bad at your job—but because the kernel is lying to you.

Trojanized GitHub PoC Repositories Deliver ChocoPoC Malware to Security Researchers

Enj, 02/07/2026 - 5:47md
GitHub has become the latest delivery mechanism for malware aimed at security researchers. 

Azure CLI Password Spraying: Why Cloud Identity Is Now Linux Security

Mër, 01/07/2026 - 3:54md
Over the span of just 14 days, threat actors unleashed more than 81 million login attempts against Microsoft’s Azure command-line interface (CLI). The campaign, which security researchers at Huntress identified as an ongoing, automated password-spraying effort, successfully compromised at least 78 Microsoft accounts across 64 organizations between June 12 and June 26, 2026.

How to Build Behavioral Detections with eBPF on Linux

Mër, 01/07/2026 - 3:04md
Building effective behavioral detections starts with understanding how processes behave at runtime, rather than simply collecting more logs. eBPF gives Linux security teams the visibility needed to correlate those behaviors into meaningful detections, moving away from static signatures and toward real-time analysis.