Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework The leaked source code reveals VoidLink as a multigenerational, hybrid LKM–eBPF Linux rootkit developed with AI-assisted workflows that provides ICMP-based covert C2, delayed initialization, anti-debugging, module masquerading, and memfd-aware boot persistence. The analysis documents eBPF Netlink-buffer "swallowing" to hide ss entries, multiple kernel-targeted hooking strategies across CentOS 7 to kernel 5/6, and operational artifacts tied to Alibaba Cloud infrastructure. #VoidLink #AlibabaCloud

VoidLink is a sophisticated hybrid Linux rootkit using AI-assisted development, combining LKM and eBPF for covert ICMP C2, anti-debugging, module cloaking, and memfd persistence. Tied to Alibaba Cloud. #LinuxRootkit #AlibabaCloud #China

Introducing Singularity: A sophisticated Linux rootkit that evades Elastic EDR detection through advanced obfuscation and in-memory execution. Stay informed on evolving cybersecurity threats. #CyberSecurity #LinuxRootkit #EDREvasion Link: thedailytechfeed.com/new-singular...

Chinese Houken hackers exploit Ivanti CSA zero-days to deploy advanced Linux rootkits, compromising critical infrastructure. #CyberSecurity #Houken #Ivanti #ZeroDay #LinuxRootkit Link: thedailytechfeed.com/chinese-houk...