LinuxSecurity.com

Microsoft announced this week that it disrupted a malware-signing operation that helped cybercriminals distribute ransomware disguised as legitimate software. According to the company, a threat actor called Fox Tempest abused Microsoft Artifact Signing to generate short-lived code-signing certificates for malicious payloads.

Linux server hardening is mostly about reducing unnecessary exposure while keeping systems stable enough to manage in production. That sounds straightforward until servers start accumulating changes over time. New services get deployed, firewall rules expand, SSH access grows, monitoring tools are added, and temporary operational fixes slowly become permanent parts of the environment.

Your Linux server may be carrying kernel code for hardware, filesystems, cryptographic interfaces, and network features it will never use.

A Linux process that keeps coming back after a reboot is worth slowing down for. It may not crash anything. The name may look like normal maintenance, the server may keep serving traffic, and nothing on the box may feel urgent enough to pull an incident handler away from other work.

Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house.

A Linux system can be changed without immediately looking broken. A service still starts. Users still log in. The application still responds. Then an administrator finds that an SSH setting was changed, a firewall rule file has different permissions, or a systemd unit appeared in a directory where nothing new was expected.

New flaw leads to denial-of-service on affected NGINX configurations. If ASLR is disabled, it may become a remote code execution. 

Self-hosted GitHub Actions runners give organizations far more flexibility than standard cloud-hosted runners. Teams can integrate internal infrastructure directly into CI/CD workflows, automate Kubernetes deployments, run custom tooling, and manage Linux-based build environments without relying entirely on external infrastructure.

An attacker compromises a Linux container, launches a cryptominer, sets up a way to stay in the system through a background task, and disappears before the investigation even begins. By the time analysts start looking at the logs, the workload has shut down, and the container no longer exists.

An attacker compromises a Linux container, launches a cryptominer, sets up a way to stay in the system through a background task, and disappears before the investigation even begins. By the time analysts start looking at the logs, the workload has shut down, and the container no longer exists.

Linux administrators are once again dealing with a familiar problem: a local Linux foothold that can potentially become full root access.

Linux administrators are once again dealing with a familiar problem: a local Linux foothold that can potentially become full root access.

RubyGems temporarily suspended new account registrations this week after threat actors pushed hundreds of malicious packages into the Ruby package ecosystem. At first glance, that may sound like a Ruby-specific problem. It is not.

RubyGems temporarily suspended new account registrations this week after threat actors pushed hundreds of malicious packages into the Ruby package ecosystem. At first glance, that may sound like a Ruby-specific problem. It is not.

For years, software security discussions centered on vulnerable code. A bug inside an application could expose a workstation, production server, or cloud workload, so most supply chain conversations focused on malicious packages, outdated dependencies, and exploitable libraries buried somewhere inside the stack. That is no longer the main problem.

For years, software security discussions centered on vulnerable code. A bug inside an application could expose a workstation, production server, or cloud workload, so most supply chain conversations focused on malicious packages, outdated dependencies, and exploitable libraries buried somewhere inside the stack. That is no longer the main problem.

Red Hat released an Important krb5 security update for Red Hat Enterprise Linux 8 this week, addressing two vulnerabilities tracked as CVE-2026-40355 and CVE-2026-40356. On paper, it looks like another Linux package advisory.

Red Hat released an Important krb5 security update for Red Hat Enterprise Linux 8 this week, addressing two vulnerabilities tracked as CVE-2026-40355 and CVE-2026-40356. On paper, it looks like another Linux package advisory.

Linux runs the internet. More than 96% of the world’s top one million web servers operate on Linux-based systems. That makes every linux server a target by default. Attackers do not go where defenses are strongest; they go where the infrastructure is exposed.

The problem is not necessarily a lack of security tools. Modern Linux infrastructure changes so quickly that maintaining consistent visibility has become one of the hardest operational problems in cloud security.