Linux Security Articles

A process with a stable workload shouldn’t keep growing its resident memory. When it does, the first question isn’t how much RAM is available. It’s where the allocations stopped being released. On Linux, that answer isn’t always obvious because the kernel, allocator, and application all influence what memory usage looks like from the outside.

AI is beginning to reshape how penetration testing workflows are organized. For years, the penetration tester’s workflow has been a labor-intensive ritual: scan, enumerate, research, exploit, and report. But new frameworks like Dark Moon are attempting to codify that intuition, turning the “human-in-the-loop” process into a machine-coordinated workflow. But is this a genuine evolution in how we secure Linux environments, or just a sophisticated wrapper around the same old tools?

SSH persistence usually does not look malicious at first. The login succeeds normally, the session opens cleanly, and the account already exists on the server, which is exactly why attackers continue using SSH keys after gaining a foothold on Linux systems.

AI-assisted patches are already showing up across open source. Small GitHub projects, package updates, kernel-adjacent tools, system libraries. It’s not a future problem anymore.

Most weeks in Linux are about new features. This one is about avoiding problems before they happen. Several projects shipped updates that quietly change how systems behave behind the scenes. None of them are particularly flashy, but if you’re responsible for containers, workstations, gaming systems, or recovery media, these releases are worth paying attention to. Here’s what stood out this week.