All CosmicBytez Labs articles tagged #Linux, across news, security advisories, how-to guides, and projects.
Deploy Fail2ban to automatically ban IPs hammering your SSH and web services. Covers installation, jail configuration, custom filters, and monitoring...
A use-after-free bug in the Linux kernel's epoll subsystem — CVE-2026-46242 — lets any local user escalate to root on Linux 6.4+ with ~99% reliability. A...
Researchers have uncovered a novel malware artifact generated using DeepSeek that weaponizes the Chromium File System Access API to encrypt files entirely...
Hackers are actively exploiting CVE-2026-48558 in SimpleHelp remote support software to deploy Djinn Stealer, a previously undocumented cross-platform...
Attackers poisoned at least 18 npm and Go packages with a novel technique: hiding malware in .vscode/tasks.json auto-run tasks, bypassing npm v12's...
Deploy and tune the Linux Audit Framework (auditd) to capture privileged operations, file access, and authentication events — building a tamper-resistant...
The Linux Foundation has launched Akrites, a new open source security initiative designed to give the community standardized tools and channels to report,...
A practical, step-by-step guide to hardening Docker deployments — from non-root users and read-only filesystems to capability drops, resource limits, and...
A high-severity symlink vulnerability in the LiteSpeed cPanel plugin (CVSS 8.5) allows users with FTP or web shell access to escape CloudLinux/CageFS...
Sygnia researchers uncovered Velvet Ant, a China-nexus APT that spent close to a decade hidden inside Linux authentication infrastructure by backdooring...
A CVSS 9.8 authentication bypass in Nefteprodukttekhnika's BUK TS-G Gas Station Automation System allows any unauthenticated attacker to gain full...
A Linux kernel vulnerability in the cgroups v1 release_agent feature allows local attackers to escalate privileges and escape containers. Added to CISA KEV…
Microsoft announced Coreutils for Windows at Build 2026, bringing widely used Linux command-line utilities — ls, grep, cat, awk, and more — to Windows as…
Use SQL to query your endpoints like a database. Deploy osquery across Linux and Windows hosts to surface process trees, network connections, user activity…
A CVSS 9.0 OS command injection flaw in Samba allows remote attackers to execute arbitrary commands on file servers and domain controllers using the %u...
This week's security roundup covers Linux privilege escalation zero-days, actively exploited Windows Defender vulnerabilities, router botnets hijacking DNS.
A coordinated supply chain attack campaign has infected eight Packagist Composer packages with malicious code that downloads and executes a Linux binary...
This week's threat intelligence bulletin covers Linux rootkit campaigns, an actively exploited router zero-day, AI-assisted intrusions, new scam kit...
On day two of Pwn2Own Berlin 2026, competitors demonstrated 15 unique zero-day vulnerabilities and collected $385,750 in awards, successfully exploiting...
A critical vulnerability in certain configurations of the Exim open-source mail transfer agent allows unauthenticated remote attackers to execute...
Install and configure CrowdSec on Linux to detect and block attacks using crowdsourced threat intelligence, custom scenarios, and iptables/nftables bouncers.
A newly discovered Linux implant called Quasar Linux RAT (QLNX) is silently targeting software developers to harvest credentials, log keystrokes, and...
The official website for JDownloader, one of the most widely-used open-source download managers, was compromised to distribute malicious Windows and Linux...
A new unpatched Linux zero-day exploit dubbed 'Dirty Frag' allows local attackers to gain root privileges on virtually all major Linux distributions with...
A critical command injection flaw in electerm's Linux installer allows remote attackers to execute arbitrary shell commands by injecting into unsanitized...
The U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-31431, a Linux kernel privilege escalation flaw enabling root access, to its...
The emerging Vect 2.0 ransomware — deployed against TeamPCP supply chain attack victims — permanently destroys files larger than 131KB due to a critical...
Threat hunters warn that VECT 2.0 ransomware contains a critical flaw in its encryption implementation that acts more like a wiper for files over 131KB...
A newly disclosed vulnerability in the PackageKit daemon, dubbed Pack2TheRoot, allows local Linux users to escalate privileges to root by abusing the...
A bypass of the CVE-2024-27297 patch in the Nix package manager allows attackers to follow symlinks during fixed-output derivation builds, enabling...
Microsoft Defender researchers have documented a stealthy PHP web shell technique that uses HTTP cookies as a covert command-and-control channel on Linux...
Build a self-hosted WireGuard VPN server on Ubuntu for secure remote access — with NAT masquerading, DNS leak protection, QR-code client provisioning, and...
Deploy Suricata as a full-featured Network Intrusion Detection and Prevention System on Ubuntu. Covers installation, interface capture, Emerging Threats...
Deploy CrowdSec on a Linux server to get community-powered intrusion prevention — block brute-force attacks, credential stuffing, and vulnerability...
Researchers have disclosed a critical unauthenticated remote code execution vulnerability in the GNU InetUtils telnet daemon (telnetd). CVE-2026-32746...
Security researchers discover a new Linux botnet named SSHStalker that leverages the legacy IRC protocol for C2 operations, marking a return to old-school...
Comprehensive checklist for hardening Linux and Windows servers before production deployment. Covers OS configuration, network security, access controls,...
Researchers uncover VoidLink, an 88,000-line Zig-based malware framework built with AI assistance that targets AWS, Azure, GCP, and Kubernetes environments.
Secure your SSH servers with essential hardening techniques including key-based authentication, fail2ban configuration, and advanced security measures.
Deploy a hardened WireGuard VPN server on Linux — key generation, server and client config, firewall rules, and security best practices for production use.
Comprehensive guide to hardening Linux servers covering user management, service configuration, kernel security, and ongoing maintenance for production systems.