Rootkit
Operation Zero Disco exploits Cisco SNMP flaw for rootkits
Lisa Kern AI에 의해 생성된 이미지
Cyber threat actors in Operation Zero Disco have exploited a vulnerability in Cisco's SNMP service to install persistent Linux rootkits on network devices. The campaign targets older Cisco switches and uses crafted packets to achieve remote code execution. Trend Micro researchers disclosed the attacks on October 16, 2025, highlighting risks to unpatched systems.
Cisco SNMP vulnerability exploited to deploy Linux rootkits
AI에 의해 보고됨
Cybersecurity firm Trend Micro has revealed Operation Zero Disco, a campaign exploiting a critical Cisco SNMP flaw to install rootkits on network devices. The attack targets older switches, enabling persistent access and evasion of detection. As of October 2025, it has compromised enterprise networks reliant on legacy infrastructure.
LinkPro rootkit exploits Linux eBPF for stealthy attacks
A new rootkit called LinkPro has been targeting GNU/Linux systems, using eBPF technology to hide malicious activities and evade detection. Discovered in a compromised AWS infrastructure, it spreads via vulnerable Jenkins servers and malicious Docker images. The malware provides attackers with remote access while masquerading as legitimate system components.
Researchers unveil Linux rootkit evading Elastic Security EDR
Security researchers have developed a sophisticated Linux rootkit named Singularity that bypasses Elastic Security's endpoint detection and response mechanisms. The tool demonstrates vulnerabilities in static and behavioral detection systems through advanced obfuscation techniques. Unveiled on GitHub by researcher 0xMatheuZ, it highlights ongoing challenges in kernel-level threat identification.