干货福利，第一时间送达！ 最近有小伙伴说没有收到当天的文章推送，这是因为微信更改了推送机制，导致没有星标公众号的小伙伴刷不到当天推送的文章，无法接收到一些比较实用的知识和资讯。所以建议大家加个星标⭐️，以后就能第一时间收到推送了。

ZDNET key takeaways Logging in as the root user should never be done on Linux.Using the root account could lead to ...

近期在 TyphoonPWN 2025 安全会议披露的 Ubuntu 内核漏洞，被认定为严重释放后重用（UAF）缺陷，CVSS 风险等级判定为高危。该漏洞存在于 af_unix 子系统中，源于内核补丁适配的不完整实现，导致本地攻击者可利用此漏洞完成权限提升，最终获取系统 Root 权限。目前确认受影响的版本为运行 6.8.0-60-generic 内核的 Ubuntu 24.04.2 系统，相关 ...

Qualys威胁研究部门（TRU）近日披露了两个相互关联的权限提升漏洞——CVE-2025-6018与CVE-2025-6019。攻击者通过组合利用PAM（可 ...

IT之家 11 月 1 日消息，科技媒体 bleepingcomputer 昨日（10 月 31 日）发布博文，报道称有证据表明，有勒索软件团伙利用潜伏长达十年的 Linux 内核高危权限提升漏洞， 获取最高 root 权限，进而完全接管设备、窃取数据。

近日，Qualys的研究人员发现了一种新的Linux漏洞名为“Looney Tunables”，追踪编号为CVE-2023-4911，利用该漏洞，研究人员已经成功获得了Fedora、Ubuntu和Debian等主流发行版系统的完全root权限，而其他发行版也可能会受到该漏洞的影响··· 近日，Qualys的研究人员发现 ...

The power to grab root privileges is the ultimate evil in Unix and Linux systems. Kevin Backhouse, a member of the GitHub Security Lab, found the polkit security hole in the course of his duties. He ...

Ubuntu Linux内核曝出高危漏洞，本地攻击者可利用该漏洞提升权限，最终在受影响系统上获取root访问权限。该漏洞在TyphoonPWN ...

Android, Debian and Ubuntu users are still at risk. A high-severity cache invalidation bug in the Linux kernel has been uncovered, which could allow an attacker to gain root privileges on the targeted ...

A vulnerability in the Linux sudo command has been discovered that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations ...

Security researcher Sebastian Krahmer has recently discovered that a previously known security flaw in the systemd project can be used for more than crashing a Linux distro but also to grant local ...