// #ebpf

2 articles

More than 400 packages in the Arch Linux User Repository were compromised by an attacker who spoofed trusted maintainer identities to push malicious preinstall scripts. The scripts deploy an ELF infostealer harvesting developer credentials and an optional eBPF rootkit that persists across package removal attempts.

Jun 16, 2026 #supply-chain +5

🔬 Assessment

CVE-2026-23111 Detection and Hardening Guide: Protecting Linux Environments from the nf_tables Exploit

With public proof-of-concept code available for CVE-2026-23111, security teams running Linux across production, containerised, and cloud environments need specific detection and hardening guidance. This guide covers kernel patch availability by distribution, interim mitigations, eBPF-based detection, and Kubernetes-specific containment measures.

Jun 11, 2026 #linux-kernel +9

Over 400 Arch Linux AUR Packages Poisoned with eBPF Rootkit in Coordinated Maintainer Compromise

CVE-2026-23111 Detection and Hardening Guide: Protecting Linux Environments from the nf_tables Exploit