Rootkit
Operation Zero Disco exploits Cisco SNMP flaw for rootkits
Von KI berichtet Bild generiert von KI
Cyber threat actors in Operation Zero Disco have exploited a vulnerability in Cisco's SNMP service to install persistent Linux rootkits on network devices. The campaign targets older Cisco switches and uses crafted packets to achieve remote code execution. Trend Micro researchers disclosed the attacks on October 16, 2025, highlighting risks to unpatched systems.
Researchers unveil Linux rootkit evading Elastic Security EDR
Von KI berichtet
Security researchers have developed a sophisticated Linux rootkit named Singularity that bypasses Elastic Security's endpoint detection and response mechanisms. The tool demonstrates vulnerabilities in static and behavioral detection systems through advanced obfuscation techniques. Unveiled on GitHub by researcher 0xMatheuZ, it highlights ongoing challenges in kernel-level threat identification.
LinkPro rootkit exploits Linux eBPF for stealthy attacks
Von KI berichtet
A new rootkit called LinkPro has been targeting GNU/Linux systems, using eBPF technology to hide malicious activities and evade detection. Discovered in a compromised AWS infrastructure, it spreads via vulnerable Jenkins servers and malicious Docker images. The malware provides attackers with remote access while masquerading as legitimate system components.
Cisco SNMP vulnerability exploited to deploy Linux rootkits
Von KI berichtet
Cybersecurity firm Trend Micro has revealed Operation Zero Disco, a campaign exploiting a critical Cisco SNMP flaw to install rootkits on network devices. The attack targets older switches, enabling persistent access and evasion of detection. As of October 2025, it has compromised enterprise networks reliant on legacy infrastructure.