Kernel

2026-06-14
eBPF Cuts Both Ways: The Kernel Rootkit Is Now Standard Issue in 2026's Supply-Chain Malware
In two weeks, IronWorm and the atomic-lockfile AUR compromise both shipped an eBPF kernel rootkit as just another payload module. The observability primitive your stack is built on is now the malware's stealth layer — and most detection assumptions are structurally defeated.
ebpf rootkit linux kernel detection-engineering edr-evasion bpfdoor supply-chain trend-analysis

eBPF Cuts Both Ways: The Kernel Rootkit Is Now Standard Issue in 2026's Supply-Chain Malware