Linux

Roughly 200,000 Linux-based Framework laptops shipped with a signed UEFI shell command (mm) that can be abused to bypass Secure Boot protections -- allowing attackers to load persistent bootkits like BlackLotus or HybridPetya. Framework has begun patching affected models, though some fixes and DBX updates are still pending. BleepingComputer reports: According to firmware security company Eclypsium, the problem stems from including a 'memory modify' (mm) command in legitimately signed UEFI shells that Framework shipped with its systems. The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules. The mm command can be abused to overwrite gSecurity2 with NULL, effectively disabling signature verification. "This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads." The researchers also note that the attack can be automated via startup scripts to persist across reboots.

NordVPN Embraces Open Source By Releasing Its Linux GUI On GitHub

Linux.Slashdot.org - Tue, 10/14/2025 - 19:45

BrianFagioli shares a report from NERDS.xyz: NordVPN has open sourced its Linux GUI on GitHub, giving the community full access to the code behind its graphical client. The move follows a 70 percent surge in daily active Linux users since the GUI's debut earlier this year, showing clear demand for a user friendly VPN experience on the platform. Alongside the previously open sourced command line tool, the GUI codebase is now available for anyone to audit, modify, and contribute to. While NordVPN's core backend infrastructure remains proprietary, the company says the open source release reflects its commitment to transparency and collaboration with the Linux community. The GUI can also now be installed with a single command using Snap, simplifying setup and ensuring automatic updates across distributions.

Framework flame war erupts over support of politically polarizing Linux projects - theregister.com

Linux News - Tue, 10/14/2025 - 16:38

Framework flame war erupts over support of politically polarizing Linux projects theregister.com

Categories: Linux

Windows 10 PC can't be upgraded? You have 5 options - and must act now - ZDNET

Linux News - Tue, 10/14/2025 - 13:38

Windows 10 PC can't be upgraded? You have 5 options - and must act now ZDNET

Categories: Linux

Distribution Release: Zorin OS 18

DistroWatch.com - Tue, 10/14/2025 - 13:35

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Zorin OS distribution has a new update and a new look. Zorin OS 18 features new themes, new layouts, OneDrive integration, and includes a Web Apps tool to integrate web-based software into the desktop. Zorin OS 18 also includes a new, improved way to tile application windows:....

Categories: Linux

Navigation