SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...

Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
Linux Journal

Linux Kernel 6.18 Is Out: What’s New and Important

The stable release of Linux Kernel 6.18 was officially tagged on November 30, 2025. It’s expected to become this year’s major long-term support (LTS) kernel, something many users and distributions ...
Hackaday

BCacheFS Is Now A DKMS Module After Exile From The Linux Kernel

It’s been a tense few months for users of the BCacheFS filesystem, as amidst the occasional terse arguments and flowery self-praise on the Linux Kernel mailing list the future of this filesystem ...
TWCN Tech News

Fault Module Name Kernelbase.dll causing application crashes

If a Fault Module Name Kernelbase.dll is causing application crashes on your Windows 11/10 computer, then this post may be able to help you. KernelBase.dll is a Dynamic Link Library file in the ...
IEEE

Detecting exploit code execution in loadable kernel modules

Abstract: In current extensible monolithic operating systems, loadable kernel modules (LKM) have unrestricted access to all portions of kernel memory and I/O space. As a result, kernel-module ...
CSOonline

PUMA creeps through Linux with a stealthy rootkit attack

A new loadable kernel module (LKM) rootkit has been spotted in the wild compromising Linux systems with advanced stealth and privilege escalation features. PUMAKIT, as called by the Elastic Security ...