-
Linux rootkits have historically received less attention than their Windows counterparts, but the rapid adoption of Linux in cloud infrastructure, containers, and IoT devices has shifted the threat landscape. Attackers are constantly innovating, and ov…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers Per Idenfeldt Okuyama and Sam Eizad have uncovered a critical physical attack vulnerability in the Moxa UC-1222A Secure Edition industrial computer, demonstrating that its LUKS full-disk encryption can be fully defeated by passivel…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
LockBit’s new 5.0 version is actively attacking Windows, Linux, and ESXi systems, using a unified yet highly optimized ransomware framework that significantly increases the risk to enterprise environments. Analysis by the Acronis Threat Research Unit (…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The landscape of malware analysis has taken a significant leap forward with the official release of REMnux v8. This popular Linux toolkit, which has served the security community for fifteen years, has been updated to address modern threats and integra…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical infrastructure worldwide faces mounting threats from sophisticated, state-sponsored “espionage ecosystems.” These well-funded organizations deploy various tools designed to disrupt essential services and gather intelligence. Some l…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
“DKnife,” a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework that turns Linux-based routers and edge devices into surveillance tools. Active since at least 2019, this campaign employs seven distinct Linux implan…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The inner workings of LockBit 5.0, a sophisticated ransomware variant targeting Windows, Linux, and VMware ESXi systems simultaneously. This latest version represents a significant evolution in the cyber threat landscape, demonstrating how ransomware o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated fileless Linux malware framework, ShadowHS, that represents a significant evolution in post-exploitation tooling. Unlike traditional malware binaries, ShadowHS operates entirely in memory and demonstrates advanced operator-driven capabi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCap…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
