Trend-Analysis
eBPF Cuts Both Ways: The Kernel Rootkit Is Now Standard Issue in 2026's Supply-Chain Malware
In two weeks, IronWorm and the atomic-lockfile AUR compromise both shipped an eBPF kernel rootkit as just another payload module. The observability primitive your stack is built on is now the malware's stealth layer — and most detection assumptions are structurally defeated.
SSRF to the Model, Model to the Cloud: The Inference Layer Is 2026's Softest Attack Surface
Model gateways and inference servers are repeating two decades of solved web-security mistakes — default-open binds, pickle RCE, pre-auth SQLi, and SSRF straight into cloud credentials. A field guide to the AI control plane's softest links and how to harden them before the next 36-hour exploitation window.
NTLM Coercion's Quiet Resurgence: Why 2026's Zero-Click Attacks Look Like 2021
Two unrelated bugs in the last month — an incomplete APT28 patch and an unpatched RPC defect — both hand attackers a 1990s-era credential primitive. The fact that NTLM coercion still works in 2026 is not a series of accidents. It is the model.