Tag: linux
-
Sysdig zeigt neue Erkenntnisse zur Linux-Malware VoidLink
Eine neue Analyse von Sysdig zeigt auf, wie die C2-Server der Linux-Malware Kernel-Module erstellt, die der Kernel-Version des Ziels entsprechen. Damit umgeht sie ein zentrales Portabilitätsproblem klassischer LKM-Rootkits First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sysdig-zeigt-neue-erkenntnisse-zur-linux-malware-voidlink/a43463/
-
Emmabuntüs DE 6: A newbie-friendly Linux to help those in need
Tags: linuxA distro aimed at helping people, reducing e-waste and helping a charity, too First seen on theregister.com Jump to article: www.theregister.com/2026/01/25/emmabuntus_6_charitable_linux/
-
Brax Open Slate: Modulares Dual-Boot-Tablet mit Android und Linux
Brax entwickelt ein neues modulares, auf Privacy fokussiertes Mobilgerät – nach dem Smartphone Brax3 kommt das Tablet Open Slate. First seen on golem.de Jump to article: www.golem.de/news/brax-open-slate-modulares-dual-boot-tablet-mit-android-und-linux-2601-204599.html
-
AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities
Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively…
-
Ransomware gang’s slip-up led to data recovery for 12 US firms
Tags: access, attack, backup, breach, business, citrix, cloud, corporate, cyber, data, data-breach, detection, encryption, endpoint, exploit, finance, group, incident response, infosec, infrastructure, law, linux, network, phishing, powershell, ransom, ransomware, risk, software, spear-phishing, sql, threat, tool, veeam, vulnerabilityscrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work;monitor for encrypted data leaving your environments and see where it goes. Does this…
-
Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously…
-
VoidLink Malware Puts Cloud Systems on High Alert With Custom Built Attacks
Sysdig TRT analysis reveals VoidLink as a revolutionary Linux threat. Using Serverside Rootkit Compilation and Zig code, it targets AWS and Azure with adaptive stealth. First seen on hackread.com Jump to article: hackread.com/voidlink-malware-cloud-system-custom-built-attack/
-
VoidLink malware was almost entirely made by AI
What VoidLink signals for enterprise security: Check Point’s analysis frames the malware as an important indicator of how threat development itself is changing. The researchers emphasize that the significance of VoidLink lies less in its current deployment and more in how quickly it was created using AI-driven processes.VoidLink is designed to operate on Linux systems…
-
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts.The package, named sympy-dev, mimics SymPy, replicating the latter’s project description verbatim in an attempt to deceive unsuspecting users into thinking that they…
-
Coder Builds Malware in Week With AI Help
Check Point Identifies VoidLink Framework First ‘Advanced’ AI-Generated Threat. A single developer built a Linux malware framework in less than a week using artificial intelligence, said security researchers. Check Point researchers say this is a case of AI-generated malware reaching operational maturity at a pace that challenges assumptions about development timelines. First seen on govinfosecurity.com…
-
Complex VoidLink Linux Malware Created by AI
Researchers say the advanced framework was built almost entirely by agents, marking a significant evolution in the use of AI to develop wholly original malware. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/voidlink-linux-malware-ai
-
Complex VoidLink Linux Malware Created by AI
Researchers say the advanced framework was built almost entirely by agents, marking a significant evolution in the use of AI to develop wholly original malware. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/voidlink-linux-malware-ai
-
NVIDIA Nsight Graphics on Linux Exposed to Code Execution Vulnerability
NVIDIA has released an urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux systems. The vulnerability, tracked as CVE-2025-33206, allows attackers to execute arbitrary code through command injection, posing significant risks to development and graphics analysis workflows. Vulnerability Overview The flaw exists in NVIDIA NSIGHT Graphics across all Linux versions prior to…
-
VoidLink Emerges: First Fully AI-Driven Malware Signals a New Era of Cyber Threats
A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware linked to inexperienced threat actors, VoidLink represents the first documented case of high-complexity, production-grade malware authored by AI under the direction of a skilled developer. Development artifacts exposed through operational…
-
Voidlink Linux Malware Was Built Using an AI Agent, Researchers Reveal
Sophisticated malware previously thought to be the work of a well-resourced cyber-crime group was built by one person – with the aid of AI tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/voidlink-linux-malware-built-using/
-
Linux users targeted by crypto thieves via hijacked apps on Snap Store
Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/21/linux-malware-snap-store/
-
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code
The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model.That’s according to new findings from Check Point Research, which identified operational security blunders by malware’s author that provided clues to its developmental origins. The latest insight makes…
-
VoidLink shows how one developer used AI to build a powerful Linux malware
VoidLink is a cloud-focused Linux malware, likely built by one person using AI, offering loaders, implants, rootkit evasion, and modular plugins. Check Point researchers uncovered VoidLink, a cloud-focused Linux malware framework likely built by a single developer with help from an AI model. VoidLink includes custom loaders, implants, rootkit-based evasion features, and dozens of plugins…
-
Chrome 144 Released to Fix High-Severity V8 JavaScript Engine Flaw
Google has released Chrome version 144.0.7559.96/.97 to the stable channel across Windows, Mac, and Linux platforms, addressing a critical race condition vulnerability in the V8 JavaScript engine. The update is rolling out gradually to users over the coming days and weeks. Security Update Details The latest stable release patches one significant security vulnerability tracked as…
-
Chrome 144 Released to Fix High-Severity V8 JavaScript Engine Flaw
Google has released Chrome version 144.0.7559.96/.97 to the stable channel across Windows, Mac, and Linux platforms, addressing a critical race condition vulnerability in the V8 JavaScript engine. The update is rolling out gradually to users over the coming days and weeks. Security Update Details The latest stable release patches one significant security vulnerability tracked as…
-
VoidLink Debuts AI-Assisted, Server-Side Kernel Compilation Rootkit Technique
On January 13, 2026, Check Point Research published its analysis of VoidLink, a Chinese-developed Linux malware framework designed to target cloud environments. Following this disclosure, the Sysdig Threat Research Team (TRT) examined VoidLink’s binaries to understand its loader chain, rootkit internals, and control mechanisms. VoidLink’s most significant innovation addresses a persistent challenge in Linux malware:…
-
Secure web browsers for the enterprise compared: How to pick the right one
Tags: access, ai, android, api, attack, browser, business, chrome, cloud, computer, control, corporate, data, encryption, endpoint, fortinet, gartner, google, guide, identity, linux, login, malicious, malware, mfa, mobile, monitoring, network, okta, phishing, saas, service, siem, software, technology, threat, tool, training, vpn, windows, zero-trustEnable MFA at the beginning of any browser session by default.Handle isolation controls both with respect to the user’s session and to isolate any application from cross-infection. This means controlling the movement of data between the browser, your particular endpoint and the web application or applications involved.Control access to web destinations, either to allow or…
-
Attackers Abuse WSL2 to Operate Undetected on Windows Systems
Windows Subsystem for Linux (WSL) has transformed the developer experience on Windows. However, it has also quietly created a powerful hiding place for attackers. With WSL2, Microsoft moved from lightweight translation to a whole virtual machine (VM) model. That architectural change gives adversaries a semi-isolated Linux environment running inside Hyper”‘V that is rarely monitored by…
-
Ready for a newbie-friendly Linux? Mint team officially releases v 22.3, ‘Zena’
Newer kernel, newer Cinnamon, new tools, and even new icons First seen on theregister.com Jump to article: www.theregister.com/2026/01/16/linux_mint_223_zena_officially_release/
-
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rondodox-botnet-targets-hpe/
-
Check Point Research: VoidLink Shows Cloud-Native Linux Malware Evolving
Check Point researchers say VoidLink shows how cloud-native Linux malware is evolving with stealthy, modular persistence. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/check-point-research-voidlink-shows-cloud-native-linux-malware-evolving/
-
Sophisticated VoidLink malware framework targets Linux cloud servers
Cloud reconnaissance and adaptability: The malware was designed to detect whether it’s being executed on various cloud platforms such as AWS, GCP, Azure, Alibaba, and Tencent and then to start leveraging those vendors’ management APIs. The code suggests the developers plan to add detections for Huawei, DigitalOcean, and Vultr in the future.The malware collects extensive…
-
New Linux malware targets the cloud, steals creds, and then vanishes
Cloud-native, 37 plugins “¦ an attacker’s dream First seen on theregister.com Jump to article: www.theregister.com/2026/01/14/voidlink_linux_malware/
-
New China Linked VoidLink Linux Malware Targets Major Cloud Providers
Researchers have discovered VoidLink, a sophisticated new Linux malware framework designed to infiltrate AWS, Google Cloud, and Azure. Learn how this Chinese-affiliated toolkit uses adaptive stealth to stay hidden. First seen on hackread.com Jump to article: hackread.com/china-voidlink-linux-malware-cloud-providers/