Security news aggregator

Latest coverage for Rootkit

Coverage examines rootkits, malware designed to hide persistent access, including incident analysis, infrastructure, disruption efforts, and defensive guidance.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A rootkit is malware or a set of tools designed to hide malicious code, files, processes, accounts, or system activity, often by operating with privileged access. Rootkits may reside in user space, the kernel, boot components, or firmware; their location affects what security tools can see, how persistent they are, and how recovery must be performed. Not every privileged malware component is a rootkit, and capabilities vary.

Rootkits matter because they can cause host-based tools to report an incomplete system state, complicating detection and evidence collection. Useful defenses include least privilege, prompt patching of vulnerable drivers and boot components, Secure Boot and signed code where supported, and monitoring for unexpected kernel, boot, or firmware changes. If compromise is suspected, validate the system from trusted offline media and preserve evidence before remediation. Recovery may require rebuilding the system and, for lower-level compromise, checking or re-flashing firmware through documented platform procedures.

Showing 3 most recent headlines Filtered view