DevXo

CVE-2026-41940 is a serious security vulnerability affecting cPanel/WHM servers. It allows attackers to secretly create special access keys (called API tokens) that give them full control over the server — even without needing a password afterward. What makes this issue particularly dangerous is that once these tokens are created, attackers can continue accessing the system quietly and persistently. #BreakingSecurity #CyberThreat #Hackers #SecurityNews #CriticalVulnerability

Exploring miniblue — a lightweight open-source Azure emulator for local development. It runs entirely on your machine as a single binary (or Docker container), letting you develop and test Azure-based applications without an Azure account, network access, or cloud costs. Instead of juggling multiple tools (Azurite, Cosmos DB Emulator, Functions Core Tools, etc.), miniblue consolidates everything into one local environment, emulating 25+ Azure services behind a single endpoint. (miniblue.io) Works seamlessly with Terraform, SDKs, and CLI workflows — making it a solid option for local dev, CI pipelines, and rapid prototyping. #azure #devops #cloud #terraform #localdev #testing #opensource #platformengineering

In today’s digital economy, security shouldn’t be an afterthought - it’s part of the foundation of how organizations grow and adapt. A recent national article highlights the hidden risks that many small and medium-sized businesses face online, and why IT resilience matters more than ever. We encourage every business leader to think strategically about their infrastructure - and how responsible planning can help mitigate risks before they become crises. 👉 Check out the article: https://lnkd.in/dGJeVVr8 #Devxo #BusinessTechnology #CyberSecurity #Automation #CloudComputing #OperationalResilience

Специализираните IT партньори играят ключова роля, като помагат на бизнеса да изгради стабилна и защитена технологична среда. Компании като #DevXo подпомагат организациите в управлението на системите им, така че голяма част от процесите да протичат автоматизирано и с по-малък риск от човешки грешки.

Linux just hit a milestone: the first CVE tied to Rust code in the mainline kernel was officially assigned. It’s CVE-2025-68260, and it affects the Rust rewrite of the Android Binder driver. The flaw stems from a race condition in some unsafe Rust blocks, which can corrupt linked list pointers and cause a kernel crash on systems running Linux 6.18+. It’s not about remote exploitation, but it is a real bug in recently merged Rust kernel code. This matters for a few reasons: • Rust isn’t hypothetical in the kernel anymore. It’s been merged and is growing; this CVE is the first time Rust code in Linux has been flagged with an official vulnerability. • The flaw shows that “safe by default” doesn’t fully eliminate risk — unsafe blocks in Rust are still risky, especially in low-level systems code. • There’s a wider context: Rust’s inclusion aims to improve memory safety over C. The fact this is the first CVE since Rust began landing years ago suggests the overall impact has been modest so far. • For kernel maintainers and security folks, this underscores you still need good code review and testing, even with Rust. In short: Rust in Linux is a success story, but this first CVE is a reminder that unsafe code and concurrency bugs still bite — even in “safer” languages. https://lnkd.in/e8tpE8p3 #linux #rustlang #kernel #security #cve #memorysafety #systemsengineering #devops #opensource #cybersecurity

Docker just released Hardened Images, and this is a meaningful step forward for anyone who actually ships software, not just builds containers. What do you gain as a user? First, a smaller attack surface. Hardened Images are intentionally minimal. No unnecessary packages, shells, or leftover tooling that often sneaks into production images out of habit. Less code means fewer vulnerabilities to exploit. Second, less CVE noise. These images are maintained, scanned, and regularly updated by Docker. That directly reduces false positives in security scans and cuts down the time wasted on vulnerability triage. Third, stronger supply chain security. Hardened Images come with clear provenance and image signing. This matters if you care about SLSA levels, SBOMs, and being able to prove where your artifacts actually come from. Fourth, faster security and compliance approvals. When your base image is hardened and backed by a trusted vendor, conversations with AppSec, GRC, and compliance teams become shorter and more pragmatic. Finally, no disruption to the developer workflow. You still write a normal Dockerfile. You just start from a more secure, production-ready foundation. This is not a silver bullet. But it is a strong baseline, especially for production workloads and regulated environments. #docker #containers #devsecops #cloudsecurity #supplychainsecurity #platformengineering #kubernetes #securitybydesign https://lnkd.in/eFpJwq7g

Proxmox Backup Server 4.1 is out, and this release brings solid improvements for anyone relying on a fast and reliable backup stack. It ships with Debian 13.2, Linux kernel 6.17.2-1, and ZFS 2.3.4 — better hardware support, tighter performance, and more predictable storage behavior by default. Key updates worth calling out: • User-based traffic control for more precise bandwidth management during backup and restore. • Configurable verify job parallelism to cut runtimes and balance I/O and CPU. • S3 rate limiting (tech preview) to keep shared S3 networks from getting saturated. • A long list of performance, stability, and usability enhancements across the entire stack. https://lnkd.in/dwFczG_U #Proxmox #PBS #Backup #DevOps #Linux #Debian #ZFS #SysAdmin #Virtualization #Infrastructure #ITOps #Homelab

GitLab identifies a large-scale npm supply-chain attack GitLab published an analysis of an active attack in the npm ecosystem, based on a new variant of Shai-Hulud. Malicious packages use a preinstall script that downloads a payload and starts stealing tokens, keys, and configuration files from the local machine. The data is then sent to attacker-controlled GitHub accounts, and compromised npm accounts are used to infect additional packages. The critical part: the malware includes a dead-man’s switch that can wipe files if its exfiltration or propagation channels are disrupted. What you should do now: Avoid automatic npm install/update from unverified packages. Review all dependencies, especially newly added or frequently updated ones. Rotate all secrets (GitHub, npm, CI/CD, cloud). Restrict preinstall/postinstall scripts in CI where possible. Use locked dependency versions and require manual approval for new additions. Supply-chain attacks are becoming more aggressive and automated. Teams relying on npm should act immediately and tighten control over dependencies and secrets. #GitLab #npm #SupplyChainAttack #CyberSecurity #InfoSec #DevSecOps #MalwareAnalysis #OpenSourceSecurity #NodeJS #SoftwareSupplyChain #SecurityAlert https://lnkd.in/gR49nKyT

Sounds like a dream of security officers. Now available: Red Hat is introducing Project Hummingbird, a new strategy designed to give organizations a Zero-CVE baseline for containerized workloads and a far more predictable path to secure cloud-native delivery. Instead of starting from images already burdened with dozens of known issues, Hummingbird offers a curated set of hardened, minimal container images that remove unnecessary components and dramatically reduce the attack surface. This shifts the operational model from reactive patching to proactive stability. The catalog covers widely used stacks: Go, Java, .NET, Node.js, and multiple infrastructure components such as MariaDB, PostgreSQL, Nginx, and Caddy. Every image includes a full SBOM, giving teams precise insight into what they are running and eliminating guesswork during audits, vulnerability reviews, or compliance checks. Red Hat positions these images as production-ready for subscribers once general availability is reached, while unsupported variants will remain accessible for broader community experimentation. For DevOps teams, the value is straightforward: when your base image starts clean, you spend less energy chasing dependencies and more time building the actual service. It also simplifies CI pipelines, reduces friction during security scanning, and cuts down on emergency patch cycles. Project Hummingbird aims to remove the classic trade-off between speed and security, delivering a foundation that helps teams ship faster without absorbing additional risk. https://lnkd.in/dfaqgyjA #RedHat #ProjectHummingbird #ZeroCVE #ContainerSecurity #SupplyChainSecurity #DevSecOps #CloudNative #Kubernetes #Linux #OpenSource #SBOM #EnterpriseSecurity #DevOps #Containers