Tag: linux
-
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system’s primary disk and render it unbootable.The names of the packages are listed below -github[.]com/truthfulpharm/prototransformgithub[.]com/blankloggia/go-mcpgithub[.]com/steelpoor/tlsproxy”Despite appearing legitimate, First seen on thehackernews.com Jump to article: thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html
-
Linux in Excel? Sure, why not ruin both
Tags: linuxThe spreadsheet from Hell First seen on theregister.com Jump to article: www.theregister.com/2025/05/01/linux_in_microsoft_excel/
-
What is EDR? An analytical approach to endpoint security
Tags: access, android, antivirus, api, attack, automation, breach, cloud, corporate, data, defense, detection, edr, email, endpoint, firewall, incident response, infection, infosec, infrastructure, intelligence, Intruder, linux, macOS, malicious, malware, network, service, siem, soar, software, threat, tool, trainingEDR vs. antivirus: What’s the difference?: Antivirus software has similar goals to EDR, in that it aims to block malware from installing on and infecting endpoints (usually user PCs). The difference is that antivirus spots malicious activity by trying to match it to signatures, known patterns of code execution or behavior that the security community…
-
BTW Windows Subsystem for Linux officially uses Arch now
The tryhard’s favorite distro wins an approved home in Microsoft’s OS First seen on theregister.com Jump to article: www.theregister.com/2025/04/30/official_arch_on_wsl2/
-
The 14 most valuable cybersecurity certifications
Tags: access, ai, application-security, attack, automation, best-practice, blockchain, blueteam, china, cisa, cisco, ciso, cloud, compliance, computer, computing, conference, control, country, credentials, cryptography, cyber, cybersecurity, data, defense, encryption, endpoint, exploit, finance, governance, government, guide, hacker, hacking, incident response, intelligence, Internet, jobs, kali, law, linux, malware, metric, microsoft, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-analysis, risk-management, skills, threat, training, vulnerability, windowsIndustry recognition Who’s to say one certification is more respected than another? Such criteria can be very subjective, so we turned to the most direct and unbiased source to cut through the ambiguity: job listings. In addition to education, skills, and qualifications, employers often specify certs they seek in their ideal candidate. These mentions carry…
-
Chrome 136 Fixes 20-Year-Old Privacy Bug in Latest Update
Google has begun rolling out Chrome 136 to the stable channel for Windows, Mac, and Linux, bringing significant security and privacy upgrades to millions of users worldwide. The update, set to be distributed over the coming days and weeks, addresses a range of vulnerabilities. However, its most notable change closes a privacy loophole that has…
-
CNAPP-Kaufratgeber
Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmware -
Watch out for any Linux malware sneakily evading syscall-watching antivirus
Google dumped io_uring after $1M in bug bounties First seen on theregister.com Jump to article: www.theregister.com/2025/04/29/linux_io_uring_security_flaw/
-
Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories
Tags: control, cyber, cybersecurity, hacker, infrastructure, linux, malicious, open-source, risk, software, toolCybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads and a Linux ELF Cobalt Strike beacon. The discovery, originating from a routine search for open-source proxy software, highlights the pervasive risks of unsecured infrastructure and the sophistication of modern cyber threats. Hunt’s continuous scanning of public IPv4…
-
Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware
The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet. Detailed insights from a recent incident response case in Brazil, handled by Kaspersky, reveal the group’s evolving tactics. Sophisticated Threat Targets Weak SSH Credentials The attackers target…
-
Critical Linux Kernel Flaw (CVE-2025-21756) Allows Privilege Escalation
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2025-21756 and dubbed “Attack of the Vsock,” has sent ripples through the cybersecurity community. The flaw enables attackers to escalate privileges to root, potentially gaining full control over affected Linux systems. According to the Hoefler report, Researchers warn that exploitation is feasible and demonstrated in real-world conditions,…
-
Kali Linux warns of update failures after losing repo signing key
Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/linux/kali-linux-warns-of-update-failures-after-losing-repo-signing-key/
-
Chinesische Hacker nutzen Malware – Angriffe auf Linux mit Snowlight und VShell
First seen on security-insider.de Jump to article: www.security-insider.de/unc5174-hackergruppe-angriffe-linux-systeme-snowlight-malware-a-4742febffb36ab5acc30d132fa7f6351/
-
PoC rootkit Curing evades traditional Linux detection systems
Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. >>Curing is a POC of a rootkit that uses io_uring to perform different tasks without using any syscalls,…
-
Three IXON VPN Client Vulnerabilities Let Attackers Escalate Privileges
Security researchers at Shelltrail have discovered three significant vulnerabilities in the IXON VPN client that could allow attackers to escalate privileges on both Windows and Linux systems. The vulnerabilities, temporarily designated as CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, and CVE-2025-ZZZ-03, affect the widely used VPN solution that provides remote access to industrial systems. While official CVE IDs have been…
-
Unsichtbare Rootkits: Blinder Fleck bei Kernel-Interface bedroht Linux-Systeme
Viele Sicherheitstools überwachen System-Calls, um Malware zu erkennen. Unter Linux gibt es jedoch eine Alternative, die oft völlig missachtet wird. First seen on golem.de Jump to article: www.golem.de/news/unsichtbare-rootkits-blinder-fleck-bei-kernel-interface-bedroht-linux-systeme-2504-195655.html
-
ARMO: io_uring Interface Creates Security ‘Blind Spot’ in Linux
Researchers from security firm ARMO developed a POC rootkit called Curing that showed how the io_uring interface in Linux could be exploited by bad actors to bypass system calls, creating what they calle a “massive security loophole” in the operating system’s runtime security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/armo-io_uring-interface-creates-security-blind-spot-in-linux/
-
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring.This causes a “major blind spot in Linux runtime security tools,” ARMO said.”This mechanism allows a user application to perform various actions without using system calls,” the company said in First…
-
Linux ‘io_uring’ security blindspot allows stealthy rootkit attacks
A significant security gap in Linux runtime security caused by the ‘io_uring’ interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linux-io-uring-security-blindspot-allows-stealthy-rootkit-attacks/
-
PoC Released for Linux Kernel Vulnerability Allowing Privilege Escalation
A security vulnerability, tracked as CVE-2024-53141, has recently come to light in the Linux kernel’s ipset component. This flaw enables out-of-bounds (OOB) write on the kernel heap, which threat actors can exploit to execute arbitrary code with elevated privileges. Security researchers have now released a proof-of-concept (PoC) exploit, escalating concerns about possible real-world attacks on unpatched…
-
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States.”From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence,” Cisco Talos researcher Joey Chen said in a Thursday analysis. First…
-
Google, AWS say it’s too hard for customers to use Linux to swerve Azure
Re-writing applications takes years, is expensive, in-house expertise needed First seen on theregister.com Jump to article: www.theregister.com/2025/04/17/swapping_linux_for_microsoft_is_hard/
-
Chinese hackers set sights on Linux systems, Ivanti appliances
First seen on scworld.com Jump to article: www.scworld.com/brief/chinese-hackers-set-sights-on-linux-systems-ivanti-appliances
-
Chinese Hackers Deploy SNOWLIGHT and VShell in Linux Intrusions
First seen on scworld.com Jump to article: www.scworld.com/brief/chinese-hackers-deploy-snowlight-and-vshell-in-linux-intrusions
-
Bösartige Kampagne der APT-Gruppe UNC5174 kombiniert Snowlight und VShell
Das Threat-Research-Team (TRT) von Sysdig hat eine laufende Kampagne der chinesischen APT-Gruppe UNC5174 aufgedeckt, die auf Linux-basierte Systeme in westlichen Ländern und im asiatisch-pazifischen Raum abzielt. Die Angreifer kombinieren dabei die bereits bekannte Snowlight-Malware mit dem Remote-Access-Trojaner (RAT) VShell, einem Open-Source-Tool, das als besonders schwer detektierbar gilt. Die initiale Infektion erfolgt über ein Bash-Skript, das…
-
China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses
NVISO discovered new variants of the BRICKSTORM backdoor, initially designed for Linux, on Windows systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-hackers-brickstorm-backdoor/
-
Tails 6.14.2 Released with Critical Fixes for Linux Kernel Vulnerabilities
The Tails Project has urgently releasedTails 6.14.2, addressing critical security vulnerabilities in the Linux kernel and the Perl programming language. This emergency release is vital for users who rely on Tails’ security and privacy features, following the discovery of multiple flaws that could compromise system safety. Critical Security Vulnerabilities Addressed The most significant updates in…
-
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.”The controller could open a reverse shell,” Trend Micro researcher Fernando Mercês said in a technical report published earlier…
-
UNC5174 Deploys SNOWLIGHT Malware in Linux and macOS Attacks
A threat group believed to have ties with China’s state-sponsored cyber operations, identified as UNC5174, has launched a stealthy and technically advanced cyber campaign aimed at Linux and macOS environments. According to new research published by Sysdig, the group is… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/unc5174-snowlight-malware-linux-macos/
-
Chinese Hackers Unleash New BRICKSTORM Malware to Target Windows and Linux Systems
A sophisticated cyber espionage campaign leveraging the newly identified BRICKSTORM malware variants has targeted European strategic industries since at least 2022. According to NVISO’s technical analysis, these backdoors previously confined to Linux vCenter servers now infect Windows environments, employing multi-tiered encryption, DNS-over-HTTPS (DoH) obfuscation, and cloud-based Command & Control (C2) infrastructure to evade detection. The…