**This Week in Security: Hornet, Gogs, and Blinkenlights**

**Microsoft Takes a Stab at Securing Linux with Hornet LSM**

In a surprising move, Microsoft has contributed a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). This development may raise some eyebrows, given Microsoft's reputation as a Windows-centric company. However, as we delve deeper into the story, it becomes clear that this is more than just a philanthropic gesture.

Microsoft's cloud offering, Azure, runs on over half Linux, making security a top priority for the company. As a result, they're investing heavily in improving Linux security, and their efforts are already paying off. The Hornet LSM aims to enhance secure eBPF programs, which execute in kernel space, allowing for more robust load balancing, system auditing, and security measures.

But what exactly is eBPF? In short, it's a virtual machine within the kernel that enables executing scripts in kernel space. Originally designed for packet filtering, eBPF has since evolved to support a wide range of applications, including malware and spyware. The Hornet LSM addresses existing protection schemes, which may be vulnerable to Time Of Check / Time Of Use (TOCTOU) attacks.

While the patch is still in the Request For Comment (RFC) stage, its potential impact on Linux security cannot be overstated. Will Hornet pass muster and make it into the upstream kernel? Only time will tell.

**Patch Tuesday: 57 Fixes, Including a Zero-Day Vulnerability**

Microsoft's Patch Tuesday brings with it 57 fixes, many of which are classified as vulnerabilities. One notable example is CVE-2025-62221, an escalation of privilege flaw in the Windows Cloud Files Mini Filter Driver. This vulnerability allows a lesser-privileged attacker to gain SYSTEM privileges through a use-after-free attack.

Researchers at Wiz have discovered an active exploitation campaign using CVE-2025-8110, a previously unknown vulnerability in Gogs, a self-hosted GitHub/GitLab alternative written in Go. The vulnerability was first reported in July and has been exploited for five months without a patch.

**Gogs: A Tale of Unmaintained Software**

The story of Gogs is a cautionary one. Despite being reasonably popular with over 1,400 instances exposed to the Internet, the software appears to be effectively unmaintained. The vulnerability was first discovered in July and reported to the project, but as of December 11, no fix or acknowledgment has been made.

This lack of attention has led to widespread exploitation, with over 700 instances showing signs of compromise. It's essential for users to migrate to a maintained fork or explore alternative solutions.

**Blinkenlights: The Cheap Smart Watch Hack**

In a fascinating example of reverse engineering, Quarkslab's Damien Cauquil extracted firmware from a €11.99 smart watch using an Android app and Bluetooth Low Energy connection. By creating a custom watch face featuring Rick Astley, he was able to exploit a memory leak in the watch's firmware.

The hack involved sniffing the SPI bus with a Raspberry Pi Pico to recover the firmware bytes. This epic hack showcases the potential for creative exploits and highlights the importance of security testing even in seemingly trivial devices.

**Other Security Updates**

* Libpng has an out-of-bounds read vulnerability, fixed in 1.6.52. * Google pushed out an out-of-band update to Chrome, fixing a vulnerability being exploited in the wild. * The Hacker News connected a bug ID to a pull request in the LibANGLE library, suggesting a macOS-specific vulnerability.

As always, it's essential to stay up-to-date with security patches and updates. Whether you're a Linux administrator, Windows user, or simply a curious hacker, there's something for everyone in this week's security roundup.