Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Dec 10, 2025

Linus Torvalds Indoctrinated by LF Sponsors ("AI" Scheme) and Microsoft Boosters
GNU/Linux Leftovers

LWN ☛ Security updates for Tuesday

↺ Security updates for Tuesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (abrt and mingw-libpng), Mageia (apache and libpng), Oracle (abrt, go-toolset:rhel8, kernel, sssd, and webkit2gtk3), Red Hat (kernel and kernel-rt), SUSE (gimp, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, and postgresql13), and Ubuntu (gnupg2, python-apt, radare2, and webkit2gtk).

Security Week ☛ Adobe Patches Nearly 140 Vulnerabilities

↺ Adobe Patches Nearly 140 Vulnerabilities
The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs.

Security Week ☛ New ‘Broadside’ Botnet Poses Risk to Shipping Companies

↺ New ‘Broadside’ Botnet Poses Risk to Shipping Companies
The botnet attempts to steal credentials from infected TBK DVR devices, in addition to abusing them to launch DDoS attacks.

Security Week ☛ React2Shell Attacks Linked to North Korean [Cr]ackers

↺ React2Shell Attacks Linked to North Korean [Cr]ackers
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT.

Windows TCO / Windows Bot Nets

Tom's Hardware ☛ This Microsoft's proprietary prison GitHub script claims to wipe all of backdoored Windows 11's Hey Hi (AI) features in seconds — "RemoveWindowsAI" can disable every single Hey Hi (AI) feature in the OS, from Copilot to Recall and more

↺ This Microsoft's proprietary prison GitHub script claims to wipe all of backdoored Windows 11's Hey Hi (AI) features in seconds — "RemoveWindowsAI" can disable every single Hey Hi (AI) feature in the OS, from Copilot to Recall and more
If you've been unhappy with the direction Abusive Monopolist Microsoft has taken Windows, offering no meaningful improvements beyond Hey Hi (AI) and aesthetics, then, well, not much can be done about that. But, at least you can disable all the Hey Hi (AI) features that seem to have populated every corner of the OS, with a simple script from Microsoft's proprietary prison GitHub .

Scoop News Group ☛ Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day [Ed: Some new back doors ready to install then]

↺ Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day
new back doors ready to install then
Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.

SANS ☛ Microsoft Patch Tuesday December 2025, (Tue, Dec 9th)

↺ Microsoft Patch Tuesday December 2025, (Tue, Dec 9th)
This release addresses 57 vulnerabilities. 3 of these vulnerabilities are rated critical. One vulnerability was already exploited, and two were publicly disclosed before the patch was released.

Security Week ☛ Microsoft Patches 57 Vulnerabilities, Three Zero-Days

↺ Microsoft Patches 57 Vulnerabilities, Three Zero-Days
Microsoft has addressed a backdoored Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges.
gemini.tuxmachines.org