Critical Linux flaws and GitHub malware expose major security risks worldwide
Serious security flaws have been uncovered in widely used Linux systems and open-source tools. Researchers at Qualys identified vulnerabilities in AppArmor, a security module enabled by default in SUSE, Debian, and Ubuntu. Meanwhile, a new malware campaign is targeting Python projects on GitHub, stealing sensitive data through clever Git tricks.
At the same time, authorities have dismantled multiple botnets behind some of the largest denial-of-service attacks on record. Separately, flaws in Ubuntu's Snapd system and UniFi's network software have also raised alarms about privilege escalation risks.
Qualys researchers found critical vulnerabilities in AppArmor, a security framework built into Linux kernels since version 4.11. The flaws allow unprivileged local users to escalate privileges, gain root access, or trigger denial-of-service attacks. Only SUSE, Debian, and Ubuntu use AppArmor as their default security mechanism, leaving users of these distributions exposed unless patches are applied. Affected users can check vendor advisories, such as Ubuntu's page at ubuntu.com/security/vulnerabilities/crackarmor or Debian's security announcements, for updates.
In a separate development, a new malware called 'ForceMemo' is spreading through GitHub by infecting Python projects. The malware hides its activity using Git tricks and indiscriminately targets repositories to steal cryptocurrency and login credentials. Researchers warn that the campaign is highly automated and difficult to detect without careful code review.
Authorities have also taken down four major botnets—Kimwolf, Aisuru, Jackskid, and Mossad—responsible for record-breaking distributed denial-of-service (DDoS) attacks. The operation involved multiple countries and disrupted infrastructure used to flood targets with malicious traffic.
Additionally, Qualys uncovered privilege escalation flaws in Ubuntu's Snapd system, which manages software packages. While fixes are available, users of Ubuntu 20.04 and earlier must have an active 'Ubuntu Pro' subscription to receive them. Meanwhile, UniFi reported high-risk vulnerabilities in its Network Application and NoSQL database implementation, urging administrators to apply updates immediately.
The discoveries highlight ongoing risks in both Linux security frameworks and open-source ecosystems. Users of SUSE, Debian, and Ubuntu should prioritise patching AppArmor vulnerabilities to prevent privilege escalation. GitHub developers must also scrutinise Python projects for signs of the ForceMemo malware. For those relying on Ubuntu's Snapd or UniFi's network tools, vendor advisories provide critical updates—though some fixes may require a paid subscription. The takedown of the four botnets reduces a major DDoS threat, but vigilance remains essential as attackers adapt their methods.
