9 articles
Trend Micro documented QLNX, a Linux RAT that combines credential harvesting, LD_PRELOAD persistence, PAM backdoors, and rootkit behavior. The real risk is not one infected host - it is the supply chain access behind it.
CVE-2026-46333 (ssh-keysign-pwn) is a nine-year-old Linux kernel race condition that lets an unprivileged local user steal SSH host keys and dump /etc/shadow. Root command execution is also possible on specific configurations.
Two new Linux kernel vulnerabilities — Dirty Frag (CVE-2026-43284/43500) and Copy Fail (CVE-2026-31431) — enable local privilege escalation to root on nearly all major distros. What users and admins need to know.
Qualys TRU disclosed nine confused deputy vulnerabilities in Linux AppArmor — exposing 12.6 million servers to root escalation, KASLR bypass, and container isolation collapse. Technical deep dive and detection guide.
Every major Linux distro ships services you never asked for. From snapd to CUPS to rpcbind — a practical audit guide covering Ubuntu, Debian, RHEL, Rocky, Fedora, and openSUSE.
A complete guide to Linux lateral movement — SSH pivoting, ssh-agent hijacking, credential harvesting, port forwarding, and NFS abuse. Includes auditd rules, Sigma, Wazuh, and Sentinel KQL detections.
A complete guide to Linux privilege escalation — SUID abuse, sudo misconfig, cron hijacking, capabilities, and kernel exploits. Includes auditd rules, Sigma, Wazuh, and Sentinel KQL detections.
A practical workflow for the first 10 minutes after a suspected breach — commands with explanations for Linux and Windows triage, red flags, and when to escalate.
Microsoft's Defender team uncovered a clever attacker technique: PHP webshells that stay completely dormant until activated by a secret HTTP cookie. Here's how it works — and how to catch it.