New LinkPro Linux rootkit exploits eBPF for stealthy attacks
A new Linux rootkit called LinkPro has surfaced, and it’s causing quite a stir in the cybersecurity world. Discovered by Synacktiv, this sneaky little backdoor takes advantage of eBPF modules to hi...
A new Linux rootkit called LinkPro has surfaced, and it’s causing quite a stir in the cybersecurity world. Discovered by Synacktiv, this sneaky little backdoor takes advantage of eBPF modules to hide itself and can be triggered by a "magic packet." Researchers found that attackers first compromised an Amazon Web Services infrastructure through a vulnerable Jenkins server. They exploited CVE-2024-23897, which has a scary CVSS score of 9.8, before deploying a malicious Docker image named "kvlnt/vv" across several Kubernetes clusters.
This Docker image, which has since been removed, was built on a Kali Linux base and contained a shell script to kick off an SSH service. If you’re managing any cloud infrastructure, it might be time to double-check your security measures and stay vigilant against these kinds of threats.
More insights from the team
Continue exploring adjacent research and threat briefings selected for their relevance to this topic.
U.S. Congressional Budget Office faces suspected cyberattack
The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...
Researchers uncover vulnerabilities in ChatGPT that expose data
Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...
Gootloader malware resurfaces with new tactics after seven months
Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...