Rootkit
Operation Zero Disco exploits Cisco SNMP flaw for rootkits
Ti AI ṣe iroyin Àwòrán tí AI ṣe
Cyber threat actors in Operation Zero Disco have exploited a vulnerability in Cisco's SNMP service to install persistent Linux rootkits on network devices. The campaign targets older Cisco switches and uses crafted packets to achieve remote code execution. Trend Micro researchers disclosed the attacks on October 16, 2025, highlighting risks to unpatched systems.
Security researchers have developed a sophisticated Linux rootkit named Singularity that bypasses Elastic Security's endpoint detection and response mechanisms. The tool demonstrates vulnerabilities in static and behavioral detection systems through advanced obfuscation techniques. Unveiled on GitHub by researcher 0xMatheuZ, it highlights ongoing challenges in kernel-level threat identification.
Ti AI ṣe iroyin
A new rootkit called LinkPro has been targeting GNU/Linux systems, using eBPF technology to hide malicious activities and evade detection. Discovered in a compromised AWS infrastructure, it spreads via vulnerable Jenkins servers and malicious Docker images. The malware provides attackers with remote access while masquerading as legitimate system components.