This was another busy week in the Linux ecosystem and wider FOSS community, with an update on the way for Linux Mint, growing Steam marketshare, and much more. Here are the biggest stories you might have missed.
As Microsoft continues giving everyone reasons to drop Windows in favor of a more reliable and open platform, there's no better time to explore what Linux has to offer. Here are a few good apps worth your time if you've got a Linux computer to play with this weekend.
Cybersecurity researchers uncover a sophisticated Linux campaign that blends legacy botnet capabilities with modern evasion techniques. A newly discovered Linux malware campaign is demonstrating the evolving sophistication of threat actors by combining Mirai-derived distributed denial-of-service (DDoS) functionality with a stealthy, fileless cryptocurrency mining operation. According to research from Cyble Research & Intelligence Labs (CRIL), the [β¦]
The post New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A Linux distribution known for its security and stability, Alpine Linux, has released version 3.23 with several improvements and upgrades to its package base. It's the first major point release since May, and it carries on support a wide range of computer architectures.
Canonical just made a massive announcement for anyone using Linux on Windows, Ubuntu Pro is now available for the Windows Subsystem for Linux (WSL), and the best part is that it is still free for personal use. If youβre a developer or a power user who relies on WSL to get work done, this is a huge deal.
In the third quarter, attackers continued to exploit security flaws in WinRAR, while the total number of registered vulnerabilities grew again. In this report, we examine statistics on published vulnerabilities and exploits, the most common security issues impacting Windows and Linux, and the vulnerabilities being leveraged in APT attacks that lead to the launch of widespread C2 frameworks. The report utilizes anonymized Kaspersky Security Network data, which was consensually provided by our users, as well as information from open sources.
This section contains statistics on registered vulnerabilities. The data is taken from cve.org.
Let us consider the number of registered CVEs by month for the last five years up to and including the third quarter of 2025.
Total published vulnerabilities by month from 2021 through 2025 (download)
As can be seen from the chart, the monthly number of vulnerabilities published in the third quarter of 2025 remains above the figures recorded in previous years. The three-month total saw over 1000 more published vulnerabilities year over year. The end of the quarter sets a rising trend in the number of registered CVEs, and we anticipate this growth to continue into the fourth quarter. Still, the overall number of published vulnerabilities is likely to drop slightly relative to the September figure by year-end
A look at the monthly distribution of vulnerabilities rated as critical upon registration (CVSS > 8.9) suggests that this metric was marginally lower in the third quarter than the 2024 figure.
Total number of critical vulnerabilities published each month from 2021 to 2025 (download)
This section contains exploitation statistics for Q3 2025. The data draws on open sources and our telemetry.
In Q3 2025, as before, the most common exploits targeted vulnerable Microsoft Office products.
Most Windows exploits detected by Kaspersky solutions targeted the following vulnerabilities:
These vulnerabilities historically have been exploited by threat actors more frequently than others, as discussed in previous reports. In the third quarter, we also observed threat actors actively exploiting Directory Traversal vulnerabilities that arise during archive unpacking in WinRAR. While the originally published exploits for these vulnerabilities are not applicable in the wild, attackers have adapted them for their needs.
It should be pointed out that vulnerabilities discovered in 2025 are rapidly catching up in popularity to those found in 2023.
All the CVEs mentioned can be exploited to gain initial access to vulnerable systems. We recommend promptly installing updates for the relevant software.
Dynamics of the number of Windows users encountering exploits, Q1 2023Β β Q3 2025. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)
According to our telemetry, the number of Windows users who encountered exploits increased in the third quarter compared to the previous reporting period. However, this figure is lower than that of Q3 2024.
For Linux devices, exploits for the following OS kernel vulnerabilities were detected most frequently:
Dynamics of the number of Linux users encountering exploits, Q1 2023Β β Q3 2025. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)
A look at the number of users who encountered exploits suggests that it continues to grow, and in Q3 2025, it already exceeds the Q1 2023 figure by more than six times.
It is critically important to install security patches for the Linux operating system, as it is attracting more and more attention from threat actors each yearΒ β primarily due to the growing number of user devices running Linux.
In Q3 2025, exploits targeting operating system vulnerabilities continue to predominate over those targeting other software types that we track as part of our monitoring of public research, news, and PoCs. That said, the share of browser exploits significantly increased in the third quarter, matching the share of exploits in other software not part of the operating system.
Distribution of published exploits by platform, Q1 2025 (download)
Distribution of published exploits by platform, Q2 2025 (download)
Distribution of published exploits by platform, Q3 2025 (download)
It is noteworthy that no new public exploits for Microsoft Office products appeared in Q3 2025, just as none did in Q2. However, PoCs for vulnerabilities in Microsoft SharePoint were disclosed. Since these same vulnerabilities also affect OS components, we categorized them under operating system vulnerabilities.
We analyzed data on vulnerabilities that were exploited in APT attacks during Q3 2025. The following rankings draw on our telemetry, research, and open-source data.
TOP 10 vulnerabilities exploited in APT attacks, Q3 2025 (download)
APT attacks in Q3 2025 were dominated by zero-day vulnerabilities, which were uncovered during investigations of isolated incidents. A large wave of exploitation followed their public disclosure. Judging by the list of software containing these vulnerabilities, we are witnessing the emergence of a new go-to toolkit for gaining initial access into infrastructure and executing code both on edge devices and within operating systems. It bears mentioning that long-standing vulnerabilities, such as CVE-2017-11882, allow for the use of various data formats and exploit obfuscation to bypass detection. By contrast, most new vulnerabilities require a specific input data format, which facilitates exploit detection and enables more precise tracking of their use in protected infrastructures. Nevertheless, the risk of exploitation remains quite high, so we strongly recommend applying updates already released by vendors.
In this section, we will look at the most popular C2 frameworks used by threat actors and analyze the vulnerabilities whose exploits interacted with C2 agents in APT attacks.
The chart below shows the frequency of known C2 framework usage in attacks on users during the third quarter of 2025, according to open sources.
Top 10 C2 frameworks used by APT groups to compromise user systems in Q3 2025 (download)
Metasploit, whose share increased compared to Q2, tops the list of the most prevalent C2 frameworks from the past quarter. It is followed by Sliver and Mythic. The Empire framework also reappeared on the list after being inactive in the previous reporting period. What stands out is that Adaptix C2, although fairly new, was almost immediately embraced by attackers in real-world scenarios. Analyzed sources and samples of malicious C2 agents revealed that the following vulnerabilities were used to launch them and subsequently move within the victimβs network:
This section highlights the most noteworthy vulnerabilities that were publicly disclosed in Q3 2025 and have a publicly available description.
ToolShell refers to a set of vulnerabilities in Microsoft SharePoint that allow attackers to bypass authentication and gain full control over the server.
These vulnerabilities form one of threat actorsβ combinations of choice, as they allow for compromising accessible SharePoint servers with just a few requests. Importantly, they were all patched back in July, which further underscores the importance of promptly installing critical patches. A detailed description of the ToolShell vulnerabilities can be found in our blog.
CVE-2025-8088 is very similar to CVE-2025-6218, which we discussed in our previous report. In both cases, attackers use relative paths to trick WinRAR into extracting archive contents into system directories. This version of the vulnerability differs only in that the attacker exploits Alternate Data Streams (ADS) and can use environment variables in the extraction path.
Details about this vulnerability were presented by researchers who claim it was used in real-world attacks in 2024.
At the core of the vulnerability lies the fact that an attacker can substitute the command used to launch the Service Discovery component of the VMware Aria tooling or the VMware Tools utility suite. This leads to the unprivileged attacker gaining unlimited privileges on the virtual machine. The vulnerability stems from an incorrect regular expression within the get-versions.sh script in the Service Discovery component, which is responsible for identifying the service version and runs every time a new command is passed.
The number of recorded vulnerabilities continued to rise in Q3 2025, with some being almost immediately weaponized by attackers. The trend is likely to continue in the future.
The most common exploits for Windows are primarily used for initial system access. Furthermore, it is at this stage that APT groups are actively exploiting new vulnerabilities. To hinder attackersβ access to infrastructure, organizations should regularly audit systems for vulnerabilities and apply patches in a timely manner. These measures can be simplified and automated with Kaspersky Systems Management. Kaspersky Symphony can provide comprehensive and flexible protection against cyberattacks of any complexity.
Extended Berkeley Packet Filter (eBPF) represents one of Linuxβs most powerful kernel technologies, enabling users to load sandboxed programs directly into the kernel for network packet inspection and system call monitoring. Introduced in 2015 to modernize the 1992 BPF architecture, this capability has become a double-edged sword providing unprecedented observability while simultaneously offering sophisticated attackers [β¦]
The post BPFDoor and Symbiote: Advanced eBPF-Based Rootkits Target Linux Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
FreeBSD, the open-source operating system, just released a new major update. FreeBSD 15 includes overhauled package management, new versions of utilities like OpenZFS and OpenSSL, and the end of support for most 32-bit hardware.
Linux usage on Steam has officially hit an all-time high, reaching 3.2% market share according to the Steam Survey results for November 2025. This is fantastic news for the open-source community, and it shows that the momentum driven by Valveβs hardware strategy isn't slowing down at all.
Homebrew, the package manager for macOS and Linux, just got a handy new feature in the latest v5.0.4 update. Brewfile install scripts are now more like a one-stop shop for installing software, as Flatpaks are now supported alongside Brew packages, Mac App Store Apps, and other packages.
Linux Mint's development team made a blog post today announcing a nickname for the upcoming 22.3 release, as well as estimating the arrival date of the first beta release and listing some specific new features we can look forward to.
If you've ever maintained a configuration for an extensible text editor, you'll know it can become a full-blown software project. Making a disaster of it like I did means that adding a new feature fills you with dread. LazyVim tackles that problem with some awesome features, and I'll explain how.
The Linux 6.18 stable kernel has officially been released, bringing a lot of major performance improvements and crucial hardware support. This new kernel is packed with features, touching everything from storage and networking to graphics and Apple hardware support.
Remember when Intel launched its Arrow Lake-S desktop processors (the Core Ultra 200S series) late last year? The reception was a bit lukewarm. But new data shows itβs been quietly getting way better with age. According to some fresh benchmarks from Phoronix, the flagship Core Ultra 9 285K is now running about 9% faster on [β¦]
The post Your Arrow Lake PC may suddenly feel faster, hereβs why appeared first on Digital Trends.
Linus Torvalds has officially released Linux 6.18, the latest stable version of the Linux kernel. The announcement came on Sunday, November 30, 2025, marking another milestone for the open-source operating system that powers everything from smartphones to supercomputers. Torvalds shared the news through the Linux kernel mailing list, noting that while there was more bugfixing [β¦]
The post Linux 6.18 Rolls Out With Major Hardware Support Upgrades and Driver Enhancements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read more of this story at Slashdot.
Self-hosting is a great way to save money on subscriptions and take control of your data, but getting everything running smoothly on one system can be difficult, especially if you have incompatible dependencies.
If you're like me, you don't like unnecessary friction when trying to accomplish tasks on your Linux PC. The following desktop software is so useful to me, I want them to be running when I start using my computer so that I don't have to manually launch them.
The first time I gave money to a Linux project felt weird. I'd been playing with one distro or another for a while, never quite figuring it out. Then Ubuntu Linux launched just as I started college, and because we all had bad internet, they sent me an installation disc for free.
The numbers on Linux installations are finally starting to show some life, and despite what some people might say, it's not all down to just one or two major moves. But, undeniably, the rise of Linux gaming has something to do with it.
Login