Rootkits
Elastic Security Labs has detailed the evolution of Linux rootkits in a two-part research series published on March 5, 2026. These modern threats exploit kernel features like eBPF and io_uring to remain hidden in cloud, IoT, and server environments. The research highlights how such rootkits evade traditional detection methods.
Reported by AI
Advanced rootkits BPFDoor and Symbiote are targeting Linux-based servers and network appliances by exploiting BPF and eBPF filters to conceal command-and-control traffic. In 2025, researchers detected 151 new BPFDoor samples and three Symbiote samples, highlighting ongoing evolution of these threats. These malware families enable stealthy remote access, evading traditional firewalls and detection tools.