unifi

1 Articles

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

March 20, 2026 by 13 Comments

The ides of security March are upon us — Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and Kubernetes as an additional security mechanism and application firewall.

AppArmor was added to Linux in 2010, and the vulnerabilities Qualys discovered have been present since 2017, and allow unprivileged (non-root) local users to elevate privileges by executing arbitrary code in the kernel, gaining root access, or perform a denial-of-service attack across the entire system by replacing all AppArmor behavior with “deny all” rules.

All Linux kernels since Linux 4.11 are vulnerable. If your Linux distribution enables AppArmor, and quite a few do, you’ll want to be updating as soon as fixes are available from your distribution maintainers. On systems with untrusted users, such as shared environments, VPS server environments, and the like, this is even more critical and urgent. Even on single-user systems, vulnerabilities like these allow other exploits, like the Python attack below, mechanisms to elevate their access and persistence.

At the time of writing, the full details of the AppArmor vulnerability are limited until the Linux Kernel team releases a stable version with the fixes for distribution maintainers. Qualys has published the technical write-up with the currently public information.

Python Projects Compromised

StepSecurity reports on a new campaign to infect Python projects on GitHub with a complex malware that, once deployed, appears to be yet another crypto and login stealer.

The attacker first gains access to the GitHub credentials via another info stealing worm – the Glassworm stealer infects VSCode extensions with over 35,000 downloads of infected extensions in October of 2025. Glassworm harvests NPM, GitHub, and OpenVSX credentials and sends them to a remote command and control (C2) server. It also harvests a wide range of crypto currency wallet extensions to steal crypto directly. Continue reading “This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown”