A weekly security roundup covering several notable vulnerabilities and incidents. Qualys discovered critical AppArmor flaws present since 2017 affecting all Linux kernels since 4.11, enabling local privilege escalation to root. A malware campaign called ForceMemo is compromising Python GitHub repositories via stolen credentials from the Glassworm VSCode extension stealer, using Git force-push tricks to hide its tracks. Ubuntu's Snapd service has a privilege escalation flaw, with fixes for older Ubuntu versions requiring a paid Pro subscription. UniFi Network Application has high-risk path traversal and NoSQL injection vulnerabilities. Finally, a multinational law enforcement operation shut down the Kimwolf, Aisuru, Jackskid, and Mossad botnets responsible for record-breaking DDoS attacks.
Table of contents
Python Projects CompromisedUbuntu Snapd flawsUniFi Network ApplicationGov Collab Shuts Down BotnetsSort: