Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers

Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers.

Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure—that surprisingly persisted into various releases of Webmin (1.882 through 1.921) and eventually remained hidden for over a year.

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs'

Updated Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to steal secrets and other data from running applications.