Stay informed on rootkit threats. Learn about detection, removal, and prevention to secure your systems from this stealthy type of malware.
Search across headline titles and summaries.
Background for this topic.
Rootkit is a type of malicious software designed to gain unauthorized root or administrative access to a target device or network. Unlike many forms of malware, rootkits are particularly insidious because they can actively hide their presence or the presence of other malicious software, making detection and removal exceptionally challenging.
In the context of information security, a rootkit poses a severe threat as it may allow attackers to maintain persistent and undetected access to the infected system. This ongoing access can be used for malicious activities including but not limited to data theft, system monitoring, creation of backdoors, and distribution of other malware. Understanding and defending against rootkits are essential for maintaining system integrity and protecting sensitive information.
Weekly headline count for the current query.
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access. [...]
Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions
North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. [...]