Chaos malware now targeting 64-bit Linux servers
Analysis of China-nexus groups also discovers double-pronged strategy, one on immediacy, the other around long dwell times.
Linux
20 articles
Hooked on Linux: Rootkit Detection Engineering
In this second part of a two-part series, we explore Linux rootkit detection engineering, focusing on the limitations of static detection reliance, and the i...
ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...
Kernel Observability for Data Movement
Kernel-level visibility reveals hidden data movement in breaches, exposing gaps in modern security tools and improving detection, compliance, and system beha...
SystemRescue 13 updates its kernel to Linux 6.18 LTS, adds new recovery tools
Bootable Linux recovery environments occupy a specific niche in the systems administration and incident response toolkit. SystemRescue, an Arch-based live di...
ZDI-26-238: Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...
Scanning The Internet with Linux Tools - PSW #919
BPFdoor hides deep inside the OS kernel to target telecoms worldwide
China-linked Linux backdoor first spotted in 2021, but now runs inside the kernel of core telecom servers and Kubernetes pods.
VoidLink Rootkit Leverages eBPF and Kernel Modules to Stealthily Infiltrate Linux Systems
VoidLink is a new Linux rootkit family that combines classic kernel modules with eBPF to hide processes and network activity deep inside modern cloud environ...
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Dee...
Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework
Elastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain pers...
Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
Kali Linux 2026.1, the first release of the year, is now available for download, featuring 8 new tools, a theme refresh, and a new BackTrack mode for Kali-Un...
Codenotary introduces AgentX for autonomous Linux infrastructure security
Codenotary has announced the availability of AgentX, an autonomous platform designed to manage, secure, and protect large-scale Linux infrastructure in the c...
Kali Linux 2026.1 Launches With 8 New Hacking Tools for Penetration Testers
Offensive Security has officially released Kali Linux 2026.1, marking the first major update of the year for the popular penetration testing distribution.
Linux & Cloud Detection Engineering - TeamPCP Container Attack Scenario
This publication provides a real-world walkthrough of TeamPCP's multi-stage container compromise, demonstrating how Elastic's D4C surfaces runtime signals ac...
Linux & Cloud Detection Engineering - Getting Started with Defend for Containers (D4C)
This technical resource provides a comprehensive walkthrough of Elastic’s Defend for Containers (D4C) integration, covering Kubernetes-based deployment, the ...
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the roo...
ZDI-26-193: (Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the abil...
ZDI-26-191: (Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to exec...