The article discusses how the author utilized the O3 tool to identify CVE-2025-37899, a remote zero-day vulnerability in the SMB implementation of the Linux kernel. It details the process of discovering the vulnerability and its implications for security practices in the Linux environment.

Patchman is a Django-based tool designed for monitoring patch statuses on Linux systems via a web interface. It allows users to track available package updates, categorize them as normal or security updates, and identify potential issues with installed packages. The system does not perform installations but provides detailed reporting and filtering options for hosts, packages, and repositories.

The author reflects on their initial disdain for systemd, which replaced traditional init systems and introduced a binary logging format, but ultimately concludes that systemd has been a successful evolution in process management for Linux. They highlight its backward compatibility, improved logging, scheduling, and enhanced security features, arguing that it has addressed many shortcomings of previous init systems and brought valuable new functionality.

The author shares their experience of upstreaming a patch to handle hotkeys on a 2005 Fujitsu Lifebook S2110 while exploring the Linux kernel. They detail the process of identifying the relevant driver for the hotkeys, troubleshooting issues with key events not firing in Player mode, and examining the kernel's ACPI interactions to resolve the problem.

A new debugger for Linux, inspired by RemedyBG, is designed to be fast and efficient, featuring a text-based user interface and built from scratch without relying on gdb or lldb. It supports native code on x86 64-bit systems, but has limitations such as no remote debugging or GUI integration. While it includes many standard debugging features, its development is currently not active, focusing only on bug fixes and minor enhancements.

The author discusses the challenge of creating a stable authenticated 0-click exploit for the Linux Kernel SMB3 Daemon (ksmbd), using real-world CVEs to demonstrate the process. They detail the selection of specific vulnerabilities, including a controlled SLUB overflow and an authenticated remote leak, to build an effective exploit chain. The article emphasizes the abundance of vulnerabilities in ksmbd and the importance of vulnerability research in developing exploits.

A new rootkit leveraging the io_uring interface has been discovered, capable of bypassing traditional Linux security measures. This malicious software operates at a low level, allowing it to evade detection and maintain persistence on infected systems, raising significant concerns for system administrators and security professionals.

The article discusses the importance of tuning Linux swap settings for optimizing Kubernetes performance, particularly in environments with limited memory resources. It provides detailed insights into how swap can affect application performance and offers practical recommendations for configuring swap to enhance Kubernetes workloads.

The article explores a DBMS interview question posed by Joran Dirk Greef regarding the behavior of Direct I/O operations in Linux when using the O_DIRECT flag. It examines the constraints of aligned reads and the implications of bypassing the page cache, ultimately discussing the expected return values from the read(2) system call under these conditions. The author shares insights into filesystem behavior and kernel source code relevant to the topic.

Talos is a Linux distribution designed specifically for Kubernetes, emphasizing a no-SSH approach to enhance security and simplify operations. It automates the deployment and management of Kubernetes clusters, allowing users to focus on their applications rather than the underlying infrastructure. Talos operates in a minimalistic environment, making it suitable for cloud-native applications and modern DevOps practices.

Microsoft has resolved a boot issue affecting Linux on dual-boot systems with Secure Boot enabled after the August 2024 Windows security updates. The problem stemmed from an incorrectly applied Secure Boot Advanced Targeting update, which has now been fixed in the May 2025 Patch Tuesday updates. Users are advised to update their devices to incorporate this resolution.

The article discusses the exploitation of CVE-2025-37947 in ksmbd, focusing on the challenges and methodologies used to achieve local privilege escalation. It details the vulnerability's root cause, the proof of concept implementation, and the kernel memory allocation intricacies that enable the exploit. The author emphasizes the importance of understanding memory management for effective exploitation.

Somo is a user-friendly alternative to netstat for monitoring sockets and ports on Linux and macOS, offering features like filtering, sorting, and JSON output. It provides interactive capabilities to kill processes and can be installed using various package managers or built from source. The tool supports shell completions and allows customization via config files for repeated commands.

Linux is experiencing growth on business desktops and laptops, increasing from 1.6% to 1.9% between January and June 2025, with a notable rise to 2.5% for new assets. The trend is attributed to heightened cybersecurity concerns and a shift towards DevOps practices, with Europe leading in adoption rates. Despite this gradual growth, challenges remain due to software compatibility and user familiarity with Linux compared to Windows and Mac systems.

A new Linux CLI program called term.everything allows users to run GUI windows directly in their terminal, utilizing a built-from-scratch Wayland compositor. Users can experiment with various applications, including games and web browsers, but may encounter issues with some apps failing to launch. The program, written in TypeScript and C++, provides a unique way to experience graphical applications through terminal emulation.

A new Linux malware called "Plague" has been discovered, allowing attackers persistent SSH access while evading traditional detection methods for over a year. It employs advanced obfuscation techniques and environment tampering to eliminate traces of malicious activity, making it particularly difficult to identify and analyze. Researchers emphasize its sophisticated nature and the ongoing threat it poses to Linux systems.

The author details their experience building a high-end Linux PC, emphasizing component choices like the Intel Core Ultra 9 285K CPU, a 4TB Samsung 990 Pro SSD, and an MSI GeForce RTX 3060 Ti GPU. They share insights on the selection process, performance considerations, and the importance of compatibility with Linux, particularly regarding network cards and power supplies.

FlipSwitch is a novel syscall hooking technique developed to bypass the changes introduced in Linux kernel 6.9 that neutralized traditional hooking methods. By directly patching the syscall dispatcher's machine code, FlipSwitch allows rootkits to redirect syscalls while remaining stealthy, posing ongoing challenges for kernel security. Detection methods, including YARA rules, have been devised to identify this rootkit in memory or on disk.

The author reflects on the benefits of self-hosting and tech independence, emphasizing the importance of owning a domain and the satisfaction derived from building and managing personal tech solutions. They share their journey into self-hosting various services and highlight the significance of open-source tools in fostering a collaborative tech community. The article advocates for starting small in self-hosting while appreciating the learning and rewards that come with it.

Unit 42 researchers have identified a surge in ELF-based malware targeting cloud infrastructure, predicting that threat actors will increasingly use complex tools to exploit Linux environments. The study highlights five specific malware families, their evolving techniques, and the urgent need for enhanced detection and prevention mechanisms in cloud security.

The article discusses the challenges of coordination within the open-source Linux ecosystem, particularly on the desktop, contrasting it with the more unified environments of Windows and MacOS. It highlights the importance of a standardized API and reflects on the history and impact of the Language Server Protocol (LSP) in software development, emphasizing that the governance structure of Linux allows it to exist despite coordination issues.

Kali Linux users will soon face issues with the `apt update` command due to a new signing key that must be manually downloaded and installed. Users can resolve the issue by using a provided command to download the new keyring file to their system. The article also addresses concerns about the key change and provides links for further verification and support.

The author describes their experience modernizing the outdated ftape kernel driver for QIC-80 tape drives using Claude Code, an AI coding assistant. After several iterations and manual adjustments, they successfully created a loadable kernel module that could communicate with modern Linux kernels, highlighting the collaborative potential of AI tools in software development.

A tech enthusiast successfully hosts a blog on a Nintendo Wii using the NetBSD operating system, highlighting the process of softmodding the console and installing necessary software. Despite the Wii's limited hardware capabilities, the author demonstrates that it can handle a static website, although performance issues arise when serving encrypted pages.

Linux Integration Services Automation (LISA) is a comprehensive system for validating Linux quality, featuring a test framework and customizable test suites. Originally designed for Microsoft Azure and Windows HyperV, LISA now supports various Linux platforms and enables automated environment management for testing. Contributions are welcome as LISA continues to evolve with new features.

SharpEye is a robust Linux intrusion detection and system security monitoring framework developed by innora.ai, utilizing machine learning and advanced analytics to detect and alert on various security threats in real-time. It features comprehensive modules for monitoring system resources, user accounts, network connections, and container security, offering real-time alerting and a web dashboard for efficient management. With all core modules fully implemented and tested, SharpEye is designed for effective protection against modern security challenges.

The article discusses the use of /dev/shm, a RAM-based filesystem in Unix/Linux systems, which allows users to store files directly in memory for enhanced performance. It highlights the advantages of using /dev/shm to handle files efficiently, particularly for tasks in linguistics, while noting that files in this temporary space are lost upon reboot. The author emphasizes the significant speed improvements when working with large files stored in RAM.

A Rust-based Linux kernel module for rootkit detection was developed during an internship at Thalium to enhance malware detection capabilities in various Linux environments. The article discusses the importance of detecting kernel rootkits and outlines the tools and techniques used for this purpose, including leveraging the Linux kernel's tracing APIs and the limitations of existing malware detection solutions.

The article discusses a Linux-based cryptominer that has been discovered, detailing its operation and potential impact on system performance and security. It also highlights the methods used by the malware to hide its presence and evade detection. Users are advised to take necessary precautions to protect their systems from such threats.

The XZ-Utils backdoor, discovered in March 2024, remains present in at least 35 Linux images on Docker Hub, posing risks to users and organizations. Despite being reported, Debian has chosen not to remove the compromised images, citing low risk, which has raised concerns among researchers about the potential for accidental use in automated builds. Users are advised to ensure they are using updated versions of the affected library to mitigate risks.

Ansible’s service module simplifies the management of services across Linux and Windows environments, allowing users to control services remotely without logging into each server. It provides a consistent interface for starting, stopping, and restarting services, which helps reduce downtime, automate operations, and manage risks in distributed IT infrastructures. The article includes practical examples and use cases to illustrate the module's functionality.

Linux has surpassed a 5% share of the U.S. desktop market, reflecting growing discontent with Windows and macOS, and a rise in user-friendly distributions. This milestone indicates a cultural shift towards open-source software, driven by privacy concerns and economic factors. While the achievement is celebrated, challenges such as software availability and user experience remain critical for further growth.

Two new vulnerabilities in Linux have been disclosed that can be exploited together to gain full root access. Additionally, CISA has warned of active exploitation of an older vulnerability affecting the Linux kernel, emphasizing the need for organizations to apply patches immediately.

The article provides an in-depth guide to understanding Linux control groups (cgroups), particularly focusing on cgroup v2 introduced in kernel 4.5. It discusses how to create cgroups to manage resource allocations for processes and demonstrates practical examples of applying memory and CPU limits using a NixOS virtual machine. The author emphasizes the Unix philosophy of treating everything as a file to interact with the Linux kernel effectively.

Google is developing a Linux Terminal app for Android that allows on-device app development and the potential to run graphical Linux applications and games. This initiative aims to transform Android into a competitive desktop platform, addressing previous limitations in app development directly on the OS. There are ongoing improvements in performance and functionality, with future possibilities including gaming support.

The Containerization package enables applications to utilize Linux containers on Apple silicon, leveraging Swift and the Virtualization.framework. It offers APIs for managing OCI images, creating optimized Linux kernels, and facilitating lightweight virtual machines with fast boot times, while allowing interaction with remote registries and containerized processes. Users can build the package from source and contribute to its ongoing development.

A new campaign utilizing ClickFix attacks is now targeting both Windows and Linux systems, with the threat group APT36 adapting social engineering tactics to trick users into executing malicious commands. The Linux variant involves redirecting victims to a CAPTCHA page that prompts them to run a benign command, potentially paving the way for future attacks. Users are advised to avoid executing unknown commands to mitigate the risk of malware infections.

Microsoft and VIAcode offer a free guide for migrating Linux workloads to Microsoft Azure, highlighting the benefits of running Linux on Azure, including significant cost savings and a zero-downtime migration framework. The guide includes expert insights, case studies, and strategies for optimizing performance and AI-readiness post-migration.

Caracal is a Rust-based tool that leverages eBPF techniques to conceal specific target processes and programs from being visible in various system monitoring tools. It requires a Linux-based OS and the installation of specific dependencies like bpf-linker and Rust's nightly toolchain. Caracal is intended for educational purposes and is distributed under the GPLv3 license.

A blog is currently hosted on a Nintendo Wii using the NetBSD operating system, showcasing the viability of running general-purpose software on unconventional hardware. The author details the process of softmodding the Wii and installing NetBSD, alongside the challenges and limitations faced while serving a static website on this retro gaming console. Despite performance constraints, the project highlights the potential for using outdated hardware in modern applications.

A significant security vulnerability has been discovered in Lenovo webcams that are based on Linux, potentially allowing unauthorized access and control. Users are advised to update their firmware and take precautions to secure their devices against possible exploitation.

YAMS is a persistent memory solution that offers content-addressed storage with features like deduplication, compression, and both full-text and semantic search capabilities. It supports platforms such as Linux and macOS, provides a portable CLI and server, and allows extensibility through plugins, making it a versatile tool for managing data efficiently. Installation and configuration are facilitated through a setup script and Meson build system, with detailed documentation available online.

Daniel Almeida's article explores the intricacies of GPU drivers, focusing on the Tyr Rust driver for Linux and its interaction with the Vulkan-based VkCube application. It explains the roles of User Mode Drivers (UMDs) and Kernel Mode Drivers (KMDs), detailing how they manage GPU workloads, memory allocation, and job submission. The piece sets the stage for further discussions on Arm's CSF hardware in subsequent entries of the series.

Falco is a cloud native runtime security tool for Linux that monitors real-time events and detects potential threats using custom rules. Originally developed by Sysdig and now maintained under the Cloud Native Computing Foundation, it integrates with container runtimes and Kubernetes, offering features like a command-line utility, plugins, and a structured codebase across multiple repositories. The project encourages community involvement and provides comprehensive documentation for setup and contributions.

RingReaper is a stealthy post-exploitation agent for Linux that utilizes the io_uring asynchronous I/O interface to minimize detection by EDR solutions. By replacing traditional system calls with io_uring operations, RingReaper effectively reduces the risk of triggering security alerts, even when some traditional calls are necessary. The tool is intended for educational purposes and demonstrates advanced evasion techniques against security monitoring.

A new Linux malware named Koske uses seemingly harmless panda JPEG images to deploy sophisticated malware directly into system memory, leveraging vulnerabilities in exposed JupyterLab instances. The malware, believed to be developed with AI assistance, deploys cryptocurrency miners and employs advanced tactics to maintain persistence and evade detection. Researchers warn that the adaptability of Koske could lead to even more dangerous variants in the future.

KoviD is an open-source Loadable Kernel Module designed for educational and defensive security research, providing a platform for security professionals to understand and combat rootkit techniques within Linux systems. It enables users to analyze rootkit behavior, develop detection methods, and improve security strategies in a controlled environment. The project emphasizes responsible usage and compliance with legal regulations to ensure ethical testing practices.

The article discusses alternatives to Windows for users whose hardware does not support Windows 11, highlighting free options like Linux and Chrome OS Flex. It emphasizes the ease of installation and use for newcomers, allowing them to continue utilizing older PCs productively without the need for expensive upgrades. The guide provides steps for installation and reassures users about the simplicity of transitioning from Windows to these operating systems.

The article explores Linux capabilities as a fine-grained access control mechanism that allows for more secure privilege management by dividing the traditional superuser privileges into distinct units. It demonstrates how these capabilities can be manipulated to create potential security vulnerabilities, particularly in the context of privilege escalation and backdooring. Additionally, it provides commands for viewing and managing capabilities on Linux systems.

The article explains how modern operating systems, specifically Linux, manage shared libraries with load-time relocation. It details the challenges of loading shared libraries due to their unknown memory addresses and discusses the role of the dynamic loader in adjusting the shared libraries for their runtime locations. The focus is primarily on load-time relocation, which is one of the methods used in handling shared libraries in the Linux environment.

This article guides readers through the process of building a micro Linux distribution from scratch, focusing on the RISC-V architecture. It aims to provide a simplified understanding of operating systems, the Linux kernel, and essential concepts related to creating a minimal operating system environment, while also noting that advanced users might find some explanations oversimplified.

The article discusses how the Linux kernel executes ELF (Executable and Linkable Format) binaries, detailing the structure of ELF files and the process involved in loading them. It explains the key components of the ELF format, including program header entries, and describes the steps the kernel takes to prepare and execute an ELF binary, emphasizing the complexity of the handling process.

The article explores the intricate process that occurs between a program's execution request to the OS kernel and the execution of the main function. It delves into the execve system call, the structure of ELF executable files, and the various components involved in loading and executing a program on Linux systems.

The upcoming Android 16 QPR2 update enhances the Linux Terminal by expanding its file access to nearly all shared storage on the device, moving beyond the current limitation of just the Downloads folder. This improvement facilitates easier file sharing between the Android host and the Linux virtual machine, enabling users to utilize Linux tools more effectively on their mobile devices. The update is currently available in beta and is expected to roll out in early December.

The article explains the Linux boot process, detailing the sequence of events from when the power button is pressed to the execution of the first line of C code within the Linux kernel. It covers the roles of the CPU, firmware (BIOS and UEFI), and the bootloader (GRUB) in facilitating the transition to the operating system. The piece emphasizes the technical intricacies involved in initializing hardware and preparing the system for the Linux kernel to take over.

The GitHub repository "recall-for-linux" by rolflobker aims to bring Microsoft Recall's features to Linux users, offering tools for data storage, screen capturing, OCR, and more. The installation process is intentionally made simple, although the project humorously highlights concerns over privacy and data collection. Future updates are promised, including AI integration and data monetization.

The article presents a detailed diagram of the entire Linux Network Stack, covering various components such as virtualization, network sockets, the upper and lower layers of the network stack, and network functions accelerated by NIC. It also includes tips for optimizations and statistics for each section. This resource is part of the book "Operativni sustavi i računalne mreže - Linux u primjeni."

The article presents a detailed diagram of the Linux disk I/O subsystem, illustrating its various components and the commands associated with each layer. It covers layers from the application to hardware, including the Virtual Filesystem, block layers, disk scheduler, and device drivers. This diagram is part of a broader work on Linux applications in operating systems and computer networks.