banner
Previous Page
PCLinuxOS Magazine
PCLinuxOS
Article List
Disclaimer
Next Page

ICYMI: Decade Old Vulnerability Found In Sudo


by Paul Arnote (parnote)


Hacker
Image by Cliff Hang from Pixabay

A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices, according to an article from Bleeping Computer. The malware is a possible evolution of SparkCat, which Kaspersky discovered in January. SparkCat used optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected devices. When installing crypto wallets, the installation process tells users to write down the wallet's recovery phrase and store it in a secure, offline location. Access to this seed phrase can be used to restore a crypto wallet and its stored assets on another device, making them a valuable target for threat actors. While taking a screenshot of your seed phrase is never a good idea, some people do so for convenience. A report by Kaspersky says that the new SparkKitty malware indiscriminately steals all images from an infected device's photo gallery.

Facebook is asking users for access to their phone’s camera roll to automatically suggest AI-edited versions of their photos — including ones that haven’t been uploaded to Facebook yet, according to an article from TechCrunch. The feature is being suggested to Facebook users when they’re creating a new Story on the social networking app. Here, a screen pops up and asks if the user will opt into “cloud processing” to allow creative suggestions. As the pop-up message explains, by clicking “Allow,” you’ll let Facebook generate new ideas from your camera roll, like collages, recaps, AI restylings, or photo themes. To work, Facebook says it will upload media from your camera roll to its cloud (meaning its servers) on an “ongoing basis,” based on information like time, location, or themes. The message also notes that only you can see the suggestions, and the media isn’t used for ad targeting. However, by tapping “Allow,” you are agreeing to Meta’s AI Terms of Service. This allows your media and facial features to be analyzed by AI, it says. The company will additionally use the date and presence of people or objects in your photos to craft its creative ideas.

A serious security vulnerability in many Bluetooth headphones allows attackers to read data from the devices remotely and take over connections, according to an article from Heise Online. This was discovered by researchers from the German security company ERNW. They presented their discovery at this year's edition of the TROOPERS security conference. Millions of devices from various manufacturers are suspected to be affected; updates to resolve the problem are not yet available. Nevertheless, the researchers are reassuring: although attacks are possible, the target group for attacks is limited. The vulnerabilities are located in Bluetooth SoC (System-on-Chip) from the Taiwanese manufacturer Airoha, which is particularly popular for “True Wireless Stereo” (TWS) headphones. Using Airoha chips, small in-ear headphones can reproduce stereo sound from playback devices such as smartphones without latency. Well-known manufacturers such as Sony, JBL, Marshall, and Bose use it in some cases, but also install Bluetooth technology from other suppliers.


Hacker
Image by Tumisu from Pixabay

Security researchers have discovered a critical elevation of privilege (EoP) vulnerability in a popular Linux utility, and another that has been lying hidden for over a decade, according to an article from Infosecurity Magazine. Sudo is a privileged command-line tool installed on 99% of Linux servers and workstations, which means around 30-50 million endpoints in the US alone, according to security vendor Stratascale. The utility is often used to implement least privilege access by delegating admin tasks that require elevated privileges without sharing the root password, and also creating an audit trail in the system log, Stratascale explained. However, CVE-2025-32463 undermines this by enabling local users to gain full root access to a targeted system, via abuse of the chroot function.

Cybercriminals are using v0, an AI tool developed by Vercel, to rapidly generate convincing phishing websites, sometimes in as little as 30 seconds, according to an investigation by Okta, an identity and access management company, says an article from TechRepublic. Okta Threat Intelligence has uncovered that the AI-driven tool, designed to help developers create websites through natural language prompts, has now been co-opted by threat actors. These bad actors are abusing the technology to build fake login portals for well-known services, including Microsoft 365, cryptocurrency platforms, and Okta. Following Okta’s disclosure, Vercel promptly removed the phishing pages. The company is now working with Okta to implement more effective abuse-reporting systems. In a statement to Axios, Ty Sbano, chief information security officer at Vercel, said: “Like any powerful tool, v0 can be misused. This is an industry-wide challenge, and at Vercel, we’re investing in systems and partnerships to catch abuse quickly and keep v0 focused on what it does best: helping people build powerful web apps.” Despite the takedowns, Okta discovered open-source clones of the v0 tool on GitHub, complete with DIY guides that could allow other malicious actors to create their AI-powered phishing infrastructure.

Apple will battle the European Commission in court to try to overturn a €500 million ($587 million) fine imposed by the commission in April, according to an appeal filed on July 7, says an article from TechRepublic. At stake is the much-debated App Store ecosystem, which the commission said was in violation of the Digital Markets Act. Specifically, the DMA states tech companies can’t block app makers from accepting payments through third-party services. The European Commission enforces EU laws, including the Digital Markets Act. Apple’s App Store and its design to keep monetary transactions inside approved apps as much as possible has gotten the company in trouble before. Both lawmakers and companies with a significant financial stake in their mobile apps have protested it in court. For its part, Apple said the “walled garden” was a matter of safety and security, reducing breaches and scams, while allowing customers to control who has access to their data.


The brain as a computer
Image by Kohji Asakawa from Pixabay

OpenAI is set to launch its own internet browser, powered by artificial intelligence, in the coming weeks, in the hopes that it will pose a real threat to market leader Google Chrome, according to an article from TechRepublic. The idea is to reduce the need for users to visit third-party sites or apps, whether to access information or a competitor AI chatbot, as ChatGPT will be integrated into the software. While OpenAI ignited the fuse of the AI boom with the release of ChatGPT, it is now facing competition from rival chatbots based on comparable or more powerful large language models. As a result, it is looking to diversify into other areas, and the browser is part of that plan, anonymous sources told Reuters. OpenAI plans to integrate its AI agent products, such as Operator, directly into its browser, allowing it to perform multi-step tasks on the user’s behalf, according to the sources. Having access to their web activity, typically collected and stored by browsers, will significantly enhance the usefulness and intuitiveness of agent-driven interactions on websites, such as autofilling forms or booking reservations. The ability to access user data is a key reason OpenAI chose to develop its own browser instead of building a plug-in for Chrome or other existing browsers, according to the sources. After all, it is what has allowed Chrome to dominate for so long.

If you want a job at McDonald’s today, there’s a good chance you'll have to talk to Olivia, according to an article from Wired. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them “go insane” by repeatedly misunderstanding their most basic questions. Until last week (the first week of July, 2025), the platform that runs the Olivia chatbot, built by artificial intelligence software firm Paradox.ai, also suffered from absurdly basic security flaws. As a result, virtually any hacker could have accessed the records of every chat Olivia had ever had with McDonald's applicants — including all the personal information they shared in those conversations — with tricks as straightforward as guessing that an administrator account's username and password was “123456.” Uhm … there’s a lesson here. Can you spot it? (Hint: it’s something we’ve written about here in the magazine, ad nauseam).

Microsoft's $13 billion love affair with OpenAI hides a ticking clock: a clause that lets OpenAI ditch Microsoft the moment it deems its models to have reached artificial general intelligence and are powerful enough to generate the $100+ billion required to pay off its backers, according to an article from TechRepublic. Satya Nadella, Microsoft's CEO, once shrugged it off, assuming AGI was years away. Now, Sam Altman hints it could be months, and Microsoft is scrambling to renegotiate as part of OpenAI's shift to a public-benefit corporation. The clause also forbids Microsoft from independently pursuing AGI, effectively handcuffing its research while rivals like Meta throw Ohtani-sized paychecks at talent. If OpenAI's board rings the “we did it” bell, Redmond might be stuck with last year's model while the rest of Big Tech sprints ahead. OpenAI reportedly may concede that its nonprofit roots and profit caps are outdated, giving Microsoft leverage to kill the clause altogether. Whether that happens will shape who controls the next-gen AI gold mine—and on whose cloud it runs.


Measuring the waist
Image by Michal Jarmoluk from Pixabay

Economic development is associated with increased prevalence of obesity and related health problems, but the relative importance of increased caloric intake and reduced energy expenditure remains unresolved, according to a new study published on PNAS. We show that daily energy expenditures are greater in developed populations, and activity energy expenditures are not reduced in more industrialized populations, challenging the hypothesis that decreased physical activity contributes to rises in obesity with economic development. Instead, our results suggest that dietary intake plays a far greater role than reduced expenditure in the elevated prevalence of obesity associated with economic development.

Researchers in Japan say they have set a new world record for the fastest internet speed, transmitting over 125,000 gigabytes of data per second over 1,120 miles (1,802 kilometers), according to an article from LiveScience. That's about 4 million times the average internet speed in the U.S. and would allow you to download the entire Internet Archive in less than four minutes, according to some rough estimates. This is also more than twice the previous world record of 50,250 GB/s, previously set by a different team of scientists in 2024. To achieve this new speed — which has not been independently verified — the team developed a new form of optical fiber to send information at groundbreaking speeds over roughly the distance between New York and Florida.

In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps), according to a blog from Cloudflare. This comes shortly after the publication of our DDoS threat report for 2025 Q1 on April 27, 2025, where we highlighted attacks reaching 6.5 Tbps and 4.8 billion packets per second (pps). The 7.3 Tbps attack is 12% larger than our previous record and 1 Tbps greater than a recent attack reported by cyber security reporter Brian Krebs at KrebsOnSecurity. 37.4 terabytes is not a staggering figure in today’s scales, but blasting 37.4 terabytes in just 45 seconds is. It’s the equivalent to flooding your network with over 9,350 full-length HD movies, or streaming 7,480 hours of high-definition video nonstop (that’s nearly a year of back-to-back binge-watching) in just 45 seconds. If it were music, you’d be downloading about 9.35 million songs in under a minute, enough to keep a listener busy for 57 years straight. Think of snapping 12.5 million high-resolution photos on your smartphone and never running out of storage—even if you took one shot every day, you’d be clicking away for 4,000 years — but in 45 seconds.


Galaxy
Image by Mattia Verga from Pixabay

The Lambda Cold Dark Matter (LCDM) theory suggests that most galaxies are low-mass dwarf galaxies, many of which orbit larger galaxies like the Milky Way, according to an article from Gizmodo. More broadly, the LCDM represents our best understanding of how the universe works. But there’s a problem. According to the theory, the Milky Way should have significantly more satellite galaxies than scientists have observed with telescopes and predicted with computer simulations. By combining the highest-resolution supercomputer simulations to date with new mathematical modeling, cosmologists at Durham University in the U.K. suggest there might be up to 100 previously unidentified galaxies orbiting the Milky Way, effectively tracking down our galaxy’s “missing” companions. If future telescopes detect these galaxies directly, it would further bolster the reliability of the LCDM theory, the most widely accepted standard model of large-scale cosmology.

The Perseids, considered by astronomers to be the best meteor shower of the year, are about to begin, according to an article from ABC News. The meteor shower occurs annually from about July 17 to Aug. 23, typically peaking in mid-August, according to the American Meteor Society. Its “swift and bright” meteors often leave long “wakes” of light and color behind as they streak through the Earth's atmosphere, leading to the best annual display of meteors, astronomers say. The Perseids are also known for their fireballs, which are larger explosions of light and color that persist longer than an average meteor streak, according to NASA.

An object has been discovered orbiting the sun far beyond Pluto, calling into question theories about a possible Planet Nine in the solar system, according to an article from Forbes. The object, for now, designated 2023 KQ14 and nicknamed “Ammonite,” was found by astronomers in Japan using its Subaru Telescope in Hawaii. Announced in a paper published July 14, 2025 in Nature Astronomy, the object is not a planet but a sednoid. It's only the fourth sednoid ever discovered. A sednoid is an object beyond the orbit of Neptune that has a highly eccentric orbit, similar to that of the dwarf planet Sedna, one of the most distant objects in the solar system known to astronomers. Astronomers use the distance between the Earth and the sun — one astronomical unit or AU — to measure distance in the solar system. Sedna gets as close to the sun as about 76 au, but as far away as 900 au on its elliptical orbit. 2023 KQ14 gets as close as 66 au from the sun and as far away as 252 au.


Viruses
Image by MasterTux from Pixabay

Researchers at MIT and other institutions have identified compounds that can fight off viral infection by activating a defense pathway inside host cells, according to an article from MIT News. These compounds, they believe, could be used as antiviral drugs that work against not just one but any kind of virus. The researchers identified these compounds, which activate a host cell defense system known as the integrated stress response pathway, in a screen of nearly 400,000 molecules. In tests in human cells, the researchers showed that the compounds help cells fend off infection from RSV, herpes virus, and Zika virus. They also proved effective in combating herpes infection in a mouse model.

In spite of having plagued humans for millennia, typhoid fever is rarely considered in developed countries today. But this ancient threat is still very much a danger in our modern world, according to an article from ScienceAlert. According to research published in 2022, the bacterium that causes typhoid fever is evolving extensive drug resistance, and is rapidly replacing strains that aren't resistant. Currently, antibiotics are the only way to effectively treat typhoid, which is caused by the bacterium Salmonella enterica serovar Typhi (S Typhi). Yet over the past three decades, the bacterium's resistance to oral antibiotics has been growing and spreading. In their study, researchers sequenced the genomes of 3,489 S Typhi strains contracted from 2014 to 2019 in Nepal, Bangladesh, Pakistan, and India, and found a rise in extensively drug-resistant (XDR) Typhi. Even worse, these strains are spreading globally at a rapid rate. While most XDR Typhi cases stem from South Asia, researchers have identified nearly 200 instances of international spread since 1990. Most strains have been exported to Southeast Asia, as well as East and Southern Africa, but typhoid superbugs have also been found in the United Kingdom, the United States, and Canada.


Anonymous Hacktivist
Image by Pete Linforth from Pixabay

Hackers continue to go after healthcare-related businesses in their attacks and unfortunately, you could easily get caught up in the aftermath as the result of a data breach. Case in point, millions of Americans are now receiving data breach notifications in the mail following a cyberattack on a medical billing company earlier this year, according to an article at Tom’s Guide. As reported by BleepingComputer, back in January and early February, hackers stole the personal and medical information of 5.4 million people during a cyberattack at the American healthcare services company Episource. While you likely haven’t heard of this company, which is owned by UnitedHealth Group’s Optum subsidiary, it provides risk adjustment, medical coding, data analytics and other tech to healthcare providers. As a result, Episource often handles large troves of personal and medical data, which makes it a valuable target for hackers and other cybercriminals. Now, though, the company has begun notifying affected individuals that their personal and medical data could be in the hands of hackers.

Maybe a job in the tech industry isn’t looking so good these days. According to an article from TechCrunch, the tech layoff wave is still kicking in 2025. Last year saw more than 150,000 job cuts across 549 companies, according to independent layoffs tracker Layoffs.fyi. So far this year, more than 22,000 workers have been the victim of reductions across the tech industry, with a staggering 16,084 cuts taking place in February alone. TechCrunch is tracking layoffs in the tech industry in 2025 so you can see the trajectory of the cutbacks and understand the impact on innovation across all types of companies. As businesses continue to embrace AI and automation, this tracker serves as a reminder of the human impact of layoffs — and what could be at stake with increased innovation.

Looking for an all-day meal? In Japan, Burger King’s gargantuan but curiously named Baby Body Burger tips the scales at nearly 680g (1.5lb), according to an article from The Guardian. As part of a collaboration with the Japan Sumo Association, whose July wrestling tournament has just started, the burger checks in at 1,876 calories. Sumo wrestlers would only need about four of these to get their average daily caloric needs; a mere mortal would need just one to one-and-a-half. And, at ¥2,590 (£13.05), it’s nearly twice the price of a one-patty Whopper with cheese. The burger stack is thick and impressive: five charbroiled beef patties, four cheddar cheese slices, bacon, lettuce, tomato and pickles on a sesame seed bun topped with mayonnaise, mustard and an umami-infused, tomato paste-based Aurora sauce. “This could dislocate my jaw,” joked a woman splitting one with her family.


Neanderthal man

When folks picture Neanderthals, the image often involves heavy brows, furry pelts, and stone tools. Yet, pieces of their DNA are still part of the modern human genome. Recent research suggests that some of these genetic variants inherited from Neanderthals could be linked to autism spectrum disorder, according to an article from Earth.com. About 50,000-60,000 years ago, small groups of modern humans trekked out of Africa into Eurasia. They met Neanderthals, exchanged tools, and also exchanged genes through interbreeding. It has been estimated that Eurasian-derived populations have approximately 2% Neanderthal DNA, which was acquired during introgression events occurring shortly after anatomically modern humans migrated out of Africa. Later, some descendants journeyed back to Africa, sprinkling a much thinner dusting of Neanderthal genes across the continent. That genetic shuffling means nearly everyone on Earth carries at least a trace of Neanderthal ancestry, though the amount varies. Genetic leftovers can be helpful. Certain Neanderthal alleles boost immune responses or aid survival at high altitudes. Many others never meshed well with our biology and were slowly weeded out by natural selection. Brain-related genes are especially unforgiving; even minor glitches can prove disruptive.

Another month, another set of Google Chrome vulnerabilities. Google has released a critical security update for its Chrome web browser, patching six vulnerabilities, according to an article from TechRepublic. The most alarming of the bunch is CVE-2025-6558, a high-severity bug (CVSS score: 8.8) found in Chrome’s ANGLE and GPU components that is being actively exploited in the wild. According to the National Vulnerability Database (NVD), the bug stems from insufficient validation of untrusted input in ANGLE and GPU modules. ANGLE (Almost Native Graphics Layer Engine) is a key layer in Chrome that translates graphics commands to work across various systems, including Direct3D, Vulkan, Metal, and OpenGL. By creating a malicious HTML page, an attacker could exploit this vulnerability to escape Chrome’s sandbox, a protective barrier designed to keep malicious code locked inside the browser and away from the rest of your computer. The zero-day flaw was discovered on June 23, 2025, by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG), a team known for tracking targeted cyberattacks. Google confirmed in its official release that it is “aware that an exploit for CVE-2025-6558 exists in the wild.”

Unless you've already ditched Google for good (I haven’t used Google search for a very long time), you've probably noticed that these days, your search results typically start with an AI-generated answer, according to an article from Lifehacker. Maybe you've found this useful, or maybe you've found it annoying. But the thing is, whether you want it there or not, most of your Google searches include these long, AI Overviews by default. The feature isn't as problematic or error-prone as it was when Google first rolled it out, but you still shouldn't take these results at face value. The feature is merely summarizing answers it finds in its own web searches, which might include high-quality and accurate sources, but also low-quality, intentionally misleading, or comedic sources as well. Check out the article for three ways to remove AI from Google services.


Artificial Intelligence Robot
Image by BrownMantis from Pixabay

A recently discovered prompt-injection flaw in Google’s Gemini makes it possible for hackers to target unsuspecting users in sophisticated phishing attacks, according to an article from TechRepublic. The flaw allows attackers to embed hidden instructions in seemingly benign emails. When a user clicks Summarize This Email using Gemini for Google Workspace, the chatbot can be manipulated into generating fake security alerts, prompting victims to click malicious links or call scam phone numbers. According to the anonymous researcher who originally discovered and reported the vulnerability, the technique “involves clever and unorthodox tactics designed to deceive the model, often requiring an understanding of its operational mechanics to achieve desired outcomes.”

DuckDuckGo recently announced a new feature for its Images tab that allows you to hide AI-generated images by default, according to an article from Lifehacker. While there are ways to hide AI from your Google searches, unless you install extensions, you have to go out of your way to use them every time you make a new search. With DuckDuckGo's solution, it's set-it-and-forget-it. Just go to the DuckDuckGo website, enter your search, click on the Images tab, then in the settings toolbar below the search bar, click on AI images and choose Hide from the dropdown menu. DuckDuckGo will then remember your settings for all future searches. Alternatively, click on the hamburger menu in the top-right corner, click on Settings under Search, and toggle on Hide AI-Generated Images. Or, you can just start your search from noai.duckduckgo.com. The company does warn you that its “block list is not exhaustive,” so a few AI-generated results might slip through the cracks, but I immediately noticed a big difference in my attempts. While searching for tabby kittens, I managed to cut a good four or five AI images off of the front page of results, including some with weird, cartoony proportions that wouldn't really help me if I just wanted to know what a baby tabby looks like. It wasn't quite as noticeable as the “baby peacock” example DuckDuckGo gave in its announcement, but it's a welcome assurance that what I'm seeing is probably real.

I have to say that it’s quite rare for me to come across a website that really blows me away, but I’ve found one. The site is called “Engineerine,” and it highlights all sorts of advances in a multitude of fields. Here’s an assortment of some of the more interesting articles I’ve found on their website. There’s an article reporting on researchers using CRISPR technology to remove the extra chromosome that causes Down’s Syndrome, and another article that reports on researchers using the same CRISPR technology to remove all traces of HIV from cells. Yet another article reports on researchers at Stanford discovering a molecule that makes cancer cells self-destruct. Still another article reports on Chinese researchers using stem-cell therapy that reverses BOTH Type 1 and Type 2 diabetes. Another article describes how researchers in Japan have created an artificial womb capable of sustaining embryos outside the human body, potentially saving the lives of extremely premature babies. So, poke around on their site, and I’m sure everyone will find news about a wide variety of topics that piques their interest.



Previous Page              Top              Next Page