Alpine Linux
-
New Linux PamDOORa backdoor sold on cybercrime forum, researchers say
Researchers disclosed PamDOORa, a Linux backdoor sold on a Russian cybercrime forum for up to $1,600. The PAM-based tool can provide persistent SSH access, harvest credentials and tamper with logs, though no real-world use has been seen.
-
Linux flaw could let local users gain root on many systems
Researchers disclosed a Linux local privilege escalation flaw, called Copy Fail, that could let a local unprivileged user gain root on systems shipped since 2017. The issue affects multiple major distributions and has been assigned CVE-2026-31431.
-
Harvester deploys Linux version of GoGra backdoor in South Asia targeting campaign
Harvester has deployed a Linux version of its GoGra backdoor in attacks likely aimed at South Asia, using Microsoft cloud email services as a covert control channel, according to a technical analysis by Symantec and Carbon Black Threat Hunter Team.
-
China-linked group embeds stealthy kernel backdoors in telecom networks, Rapid7 says
Security firm Rapid7 reported that a China-linked threat cluster known as Red Menshen has embedded kernel-level implants and stealthy backdoors such as BPFDoor inside telecommunications networks to gather intelligence while evading conventional detection.
-
VoidLink modular Linux malware targets cloud and container environments
VoidLink is a modular Linux malware framework found in December 2025 that targets cloud and container environments. The framework supports 37 plugins and includes rootkit techniques, credential harvesting and multiple command and control channels.
-
Researchers: Russian-linked group used Hyper-V to hide Alpine VM and bypass endpoint security
Bitdefender and Georgia CERT say Curly COMrades abused Hyper-V to run a hidden Alpine VM hosting custom implants CurlyShell and CurlCat, bypassing endpoint security and using host networking to mask malicious traffic; researchers published IoCs on GitHub.
