This week, we had a glimpse of WordPress 6.0, as Beta 1 is now available for testing. Also, VMware’s VMware Cloud Director is struggling with high severity vulnerabilities that are under active exploitation in the wild. This week, MX Linux 21.1 and EndeavourOS 22.1 are also released. Finally, the FBI announced that the admin of RaidForums is now under arrest.
WordPress 6.0 Beta 1 is ready
The WordPress team has announced the availability of the first beta for the upcoming major release, 6.0. It brings a lot of new improvements, most of the noticeable changes are block-editor related. The WordPress team is planning to release two more beta versions before the release-candidate versions. The team is planning to launch the WordPress 6.0 final on May 24.
MX Linux 21.1 is ready for download
The developers of MX Linux have announced the release of the 21.1 version, codenamed Wildflower. This release is focused on bug fixes, kernels, and application updates. MX Linux 21.1 upgrades its base from Debian 11 to Debian 11.3 for extra stability. It also comes with mx-samba-config tool; allowing users to configure Samba and CIFS usershares in a desktop-agnostic way.
EndeavourOS 22.1
The EndeavourOS team has announced the release of the new version, dubbed Apollo. Apollo version, bringing some new features in addition to bug fixes and package updates. The new version comes with the Linux kernel version 5.17.1. EndeavourOS 22.1 Apollo includes Mesa 22.0.1-3 and Calamares 3.2.54. The most important change with Apollo is the new window manager, named Worm.
FBI arrests the admin of one of the world’s largest hacker forums
The Department of Justice announced the seizure of RaidForums, a forum where cybercriminals are trading hacked data. The forum has been seized by the FBI and the admin of the forum is now under arrest. Diogo Santos Coelho, 21, from Portugal was also arrested in the United Kingdom. He is believed to be RaidForum’s founder and chief administrator. FBI obtained authorization to seize three domains that hosted the forum.
F5 addresses NGINX LDAP zero-day vulnerability
F5 has published an advisory addressing the bug affecting LDAP reference implementation in NGINX. The zero-day vulnerability on NGINX LDAP reference implementation at end of the first week of April. The company states that NGINX Open Source and NGINX Plus are not affected by the vulnerability by themselves. So there is no action required if the reference implementation is not used.
Automatic .NET updates are now supported by Windows Server
Microsoft announced that the company will make monthly updates for modern .NET available via Microsoft Update on an opt-in basis. Until now, Windows Server could only get updates for .NET and .NET Core via Windows Server Update Services and MU Catalog. Now, admins will be able to modify configurations while receiving builds from the Automatic Updates channel. Admins, who don’t want their servers updated automatically don’t have to take any action.
A critical vulnerability is found in VMware Cloud Director
VMware Cloud Director has a critical bug allowing remote code execution with a CVSS score of 9.1. The vulnerability affects only VMware Cloud Director with 10.3.x, 10.2.x, and 10.1.x versions. VMware has released a patch to fix this flaw, updating the versions to 10.3.3, 10.2.2.3, and 10.1.4.1 respectively. The company urges the administrators to apply the patches immediately since they can be under active exploitation.