Read Time:12 Second
The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Daily Archives: April 4, 2025
USN-7402-3: Linux kernel (NVIDIA) vulnerabilities
Read Time:21 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– GPU drivers;
– HID subsystem;
– Media drivers;
– JFS file system;
– Network namespace;
– Networking core;
– Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
webkitgtk-2.48.1-2.fc41
Read Time:13 Second
FEDORA-2025-059585d039
Packages in this update:
webkitgtk-2.48.1-2.fc41
Update description:
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
webkitgtk-2.48.1-2.fc40
Read Time:13 Second
FEDORA-2025-256a86d7c8
Packages in this update:
webkitgtk-2.48.1-2.fc40
Update description:
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
webkitgtk-2.48.1-2.fc42
Read Time:13 Second
FEDORA-2025-5427adc3f4
Packages in this update:
webkitgtk-2.48.1-2.fc42
Update description:
Limit the data stored in session state.
Remove the empty area below the title bar in Web Inspector when not docked.
Fix various crashes and rendering issues
Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses
Read Time:7 Second
A joint cybersecurity advisory warns organizations globally about the defense gap in detecting and blocking fast flux techniques, which are exploited for malicious activities
Troy Hunt Gets Phished
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise
Read Time:6 Second
The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo Alto Networks
Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw
Read Time:6 Second
Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution
chromium-135.0.7049.52-2.el10_1
Read Time:31 Second
FEDORA-EPEL-2025-c6f4db8d49
Packages in this update:
chromium-135.0.7049.52-2.el10_1
Update description:
Update to 135.0.7049.52
High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads