LinuxSecurity.com

Most security teams are locked into a perimeter-first mindset. They obsess over north-south traffic—the data hitting the edge—while ignoring the reality of the modern data center. Once an attacker gets a foothold, they don't stay at the edge. They pivot. They move laterally. That's the east-west traffic problem: the internal chatter between servers, microservices, and databases that we treat as "trusted" simply because it’s inside the fence.

When a production server spikes at 99% CPU or the disk starts grinding, the knee-jerk reaction is usually to blame a bad code push or a runaway backup job. But if you’ve spent enough time in security incident response, you know that "performance issues" are often the first sign that you’re dealing with Linux malware.

A newly disclosed FFmpeg vulnerability, known as PixelSmash (CVE-2026-8461), affects the MagicYUV decoder and can be triggered by specially crafted video files. 

Today, organizations rely heavily on technology for their operations, to secure important information and provide services in a digital world. Digital transformation opens up new opportunities, but also poses an increasing challenge for businesses and institutions in the field of cybersecurity. Data breaches, financial losses, reputational damage, and compliance issues are ongoing challenges for organizations in all industries due to security weaknesses and regulatory shortcomings.

More than 4,300 internet-facing devices have been pulled into a newly documented router malware campaign called AryStinger. The infected systems are mostly not enterprise servers. They are older routers, NAS appliances, and embedded Linux devices that stayed online long after anyone was likely checking them.

Some of the software the world depends on most is maintained by people most users will never know by name. The project might be sitting inside Linux distributions, enterprise software, cloud platforms, and government systems without most users ever realizing it is there.

The recent Keystone advisory is unusual because the vulnerabilities are scattered across several features but keep affecting the same class of security controls. Application credentials, trusts, RBAC enforcement, project ownership validation, token expiration. Different code paths. Similar failures.

Fortinet has confirmed active exploitation of three FortiSandbox vulnerabilities. One allows attackers to bypass login controls, while the other two enable command execution directly on the appliance. Combined, they create a path from unauthenticated access to direct interaction with a system many organizations trust to analyze suspicious content.