Feed aggregator

Experts warn this new Chinese Linux malware could be preparing something seriously worrying  TechRadar

5 popular Linux terminal-based file managers—ranked  How-To Geek

An anonymous reader quotes a report from Ars Technica: Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers' needs for each infected machine. These modules can provide additional stealth and specific tools for reconnaissance, privilege escalation, and lateral movement inside a compromised network. The components can be easily added or removed as objectives change over the course of a campaign. VoidLink can target machines within popular cloud services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent, and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases. To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor's API. Similar frameworks targeting Windows servers have flourished for years. They are less common on Linux machines. The feature set is unusually broad and is "far more advanced than typical Linux malware," said researchers from Checkpoint, the security firm that discovered VoidLink. Its creation may indicate that the attacker's focus is increasingly expanding to include Linux systems, cloud infrastructure, and application deployment environments, as organizations increasingly move workloads to these environments. "VoidLink is a comprehensive ecosystem designed to maintain long-term, stealthy access to compromised Linux systems, particularly those running on public cloud platforms and in containerized environments," the researchers said in a separate post. "Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers, raising the stakes for defenders who may never realize their infrastructure has been quietly taken over." The researchers note that VoidLink poses no immediate threat or required action since it's not actively targeting systems. However, defenders should remain vigilant.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers' needs for each infected machine. These modules can provide additional stealth and specific tools for reconnaissance, privilege escalation, and lateral movement inside a compromised network. The components can be easily added or removed as objectives change over the course of a campaign. VoidLink can target machines within popular cloud services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent, and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases. To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor's API. Similar frameworks targeting Windows servers have flourished for years. They are less common on Linux machines. The feature set is unusually broad and is "far more advanced than typical Linux malware," said researchers from Checkpoint, the security firm that discovered VoidLink. Its creation may indicate that the attacker's focus is increasingly expanding to include Linux systems, cloud infrastructure, and application deployment environments, as organizations increasingly move workloads to these environments. "VoidLink is a comprehensive ecosystem designed to maintain long-term, stealthy access to compromised Linux systems, particularly those running on public cloud platforms and in containerized environments," the researchers said in a separate post. "Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers, raising the stakes for defenders who may never realize their infrastructure has been quietly taken over." The researchers note that VoidLink poses no immediate threat or required action since it's not actively targeting systems. However, defenders should remain vigilant.

Read more of this story at Slashdot.

Niche Linux System Becomes a 'Phenomenal Hit' Forced by Microsoft: 2M Downloads in 3 Months, 1.5M Windows Users 'Defect'  36Kr

GOG leadership turns on Windows as Linux is considered  Windows Central

Netrunner Rolling 2019.04 Arch-based Linux distribution available for download  BetaNews

New "Thames" Linux Accelerator Driver Posted Along With Companion Gallium3D Driver  Phoronix

New Linux malware framework targets cloud and containers  Techzine Global

New Linux malware detected: admins “may never realize their infrastructure has been quietly taken over”  Cybernews

I'm a creator and my new favorite Linux distro is multimedia perfection - here's why  ZDNET

Over the past year, we’ve witnessed how creators globally have been using our AI models and tools to share their stories with the world. That’s why we launched the AI Fi…

NASA and the U.S. Department of Energy plan to deploy a nuclear fission reactor on the Moon by 2030 to provide continuous, long-duration power for lunar bases, science missions, and future Mars exploration. space & defense reports: NASA said fission surface power will provide a critical capability for long-duration missions by delivering continuous, reliable electrical power independent of sunlight, lunar night cycles or extreme temperature conditions. Unlike solar-based systems, a nuclear reactor could operate for years without refuelling, supporting habitats, science payloads, resource utilisation systems and surface mobility. NASA Administrator Jared Isaacman said achieving long-term human presence on the Moon and future missions to Mars will require new approaches to power generation. He said closer collaboration with the Department of Energy is essential to delivering the capabilities needed to support sustained exploration and infrastructure development beyond Earth orbit. The fission surface power system is expected to produce safe, efficient and scalable electrical power, forming a foundational element of NASA's Moon-to-Mars architecture. Continuous power availability is seen as a key enabler for permanent lunar bases, in-situ resource utilisation and expanded scientific operations in permanently shadowed regions. Further reading: You Can Now Reserve a Hotel Room On the Moon For $250,000

Read more of this story at Slashdot.

Linux Systems Face a New Predator: Inside VoidLink’s Sophisticated Attack Arsenal  Technology Org

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Linux Mint project has announced the release of Linux Mint 22.3. The Ubuntu-based distribution will receive support through to 2029 and introduces a new tool to help users troubleshoot problems. "The 'System Reports' tool received many new features and it was rebranded as 'System Information'. In addition....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: MenuetOS, SparkyLinux with CDE, iDeal OS 2025.12.07
News: Debian seeks new Data Protection Team and updates install media for "Trixie", Ubuntu 25.04 nears end of life, Google limits Android code releases, Fedora plans to replace SDDM with new login manager, Budgie migrates to....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Marco M. Mariani has announced the release of an updated build of MODICIA O.S., a Debian-based Linux distribution with focus on multimedia and creative work. The new version comes with a real-time Linux kernel 6.12.63, as well as improved graphics and video performance: "The new ISO image of....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Mageia team has announced an alpha development snapshot of the upcoming Mageia 10 release. The final release is expected in April 2026. "Alpha ISO images are the first public snapshots of the upcoming release. They are not ready for production use, but they are perfect for developers,....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. ArchBANG Linux has been through many changes in recent times, including the renaming of ArchBANG, to GreenBANG and back to ArchBANG again. The most recent update involves a new desktop user interface, moving from the Openbox window manager to the labwc Wayland compositor. Inspired by Openbox, labwc is....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. David Heinemeier Hansson has announced the release of Omarchy 3.3.0, an updated build of the project's Arch-based Linux distribution with Hyprland as the preferred window manager. It is intended for more advanced Linux users and developers. Besides a long list of additions and fixes, the new release also....