Rootkit
eBPF kernel rootkit (q2.bpf.c) hides processes via /proc rewriting and TCP sockets via netlink filtering; requires root and absent kernel lockdown for full effect.
discovered 2026-06-03
eBPF kernel rootkit (q2.bpf.c) hides processes via /proc rewriting and TCP sockets via netlink filtering; requires root and absent kernel lockdown for full effect.
