Tux Machines

Security Leftovers and Windows TCO

Posted by Roy Schestowitz on Dec 12, 2025

Security Week ☛ Wide Range of Malware Delivered in React2Shell Attacks

Security firms have seen cryptocurrency miners, GNU/Linux backdoors, botnet malware, and various post-exploitation implants in React2Shell attacks.

OpenSSF (Linux Foundation) ☛ OpenSSF 2025 Annual Report Is Live: A Year of Global Growth, Security Wins, and Community Momentum

As the year comes to a close, we’re excited to share the OpenSSF’s 2025 Annual Report, a look at the milestones, momentum, and community-driven achievements that made this year remarkable. We invite you to celebrate the progress, creativity, and collaboration that continue to shape a safer and more resilient open source community!

The Strategist ☛ China’s Hey Hi (AI) use for cyber espionage shifts cyber focus from detection to trust

The question facing security and technology leaders is no longer whether adversaries will deploy Hey Hi (AI) agents against their environment.

Security Week ☛ Unpatched Gogs Zero-Day Exploited for Months

The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution.

Security Week ☛ Pierce County Library Data Breach Impacts 340,000

In April 2025, hackers stole personal information belonging to patrons and employees and their family members.

Security Week ☛ Former Accenture Employee Charged Over Cybersecurity Fraud

Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements.

LWN ☛ Security updates for Thursday

Security updates have been issued by Debian (ffmpeg, firefox-esr, libsndfile, and rear), Fedora (httpd, perl-CGI-Simple, and tinyproxy), Oracle (firefox, kernel, libsoup, mysql8.4, tigervnc, tomcat, tomcat9, and uek-kernel), SUSE (alloy, curl, dovecot24, fontforge, glib2, himmelblau, java-17-openjdk, java-21-openjdk, kernel, krb5, lasso, libvirt, mozjs128, mysql-connector-java, nvidia-open-driver-G07-signed-check, openssh, poppler, postgresql17, postgresql18, python-cbor2, python-Django, python310, python311-Django, runc, strongswan, tomcat11, and xwayland), and Ubuntu (binutils, libpng1.6, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4,

linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-gcp, linux-hwe-6.14, linux-raspi, linux, linux-aws, linux-gcp, linux-realtime, and qtbase-opensource-src).

Bruce Schneier ☛ AIs Exploiting Smart Contracts

I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature.

Security Week ☛ Google Patches Mysterious Chrome Zero-Day Exploited in the Wild

The Chrome zero-day does not have a CVE and it's unclear who reported it and which browser component it affects.

Windows TCO / Windows Bot Nets

Silicon Angle ☛ ‘PyStoreRAT’ malware uses fake developer tools on Microsoft's proprietary prison GitHub to infect backdoored Windows systems

A new report out today from endpoint security firm Morphisec Inc. details a previously undocumented malware family dubbed “PyStoreRAT” that abuses trusted open-source platforms and backdoored Windows scripting features to establish remote access on infected systems. A JavaScript-based remote access trojan, PyStoreRAT is delivered through lightweight Python and JavaScript loader stubs hidden inside Microsoft's proprietary prison GitHub -hosted repositories that appear to be legitimate [...]