Linux

Refine Results

Filtered by

Clear All

Linux

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

May 8

5 min read

Active attack: Dirty Frag Linux vulnerability expands post-compromise risk

Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc.
May 1

6 min read

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments

A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads.
April 2

13 min read

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments.
April 1

16 min read

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet.
Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

Get started
March 31, 2025

13 min read

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot.
September 14, 2023

13 min read

Uncursing the ncurses: Memory corruption vulnerabilities found in library

A set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious actions.
June 22, 2023

11 min read

IoT devices and Linux-based systems targeted by OpenSSH trojan campaign

Microsoft has uncovered an attack leveraging custom and open-source tools to target internet-facing IoT devices and Linux-based systems.
December 21, 2022

12 min read

Microsoft research uncovers new Zerobot capabilities

The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.
Modernize your Security Operations Center with Microsoft Sentinel

Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.

Learn more
December 15, 2022

9 min read

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

The Microsoft Defender for IoT research team analyzed a cross-platform botnet that infects both Windows and Linux systems from PCs to IoT devices, to launch distributed denial of service (DDoS) attacks against private Minecraft servers.
October 25, 2022

11 min read

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.
August 19, 2022

8 min read

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
June 13, 2022

15 min read

The many lives of BlackCat ransomware

The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.

Linux

Filtered by

Refine results

Retain Microsoft Security Experts

Modernize your Security Operations Center with Microsoft Sentinel

Get started with Microsoft Security