Ebpf

The Atomic Arch campaign compromises orphaned Arch User Repository (AUR) packages, modifying their PKGBUILDs to install malicious npm/Bun dependencies like 'atomic-lockfile,' which deploy a Linux payload with credential harvesting, eBPF-based stealth, anti-debugging, and data exfiltration capabilities, impacting approximately 1,500 packages.

The OpenTelemetry eBPF Instrumentation (OBI) Postgres protocol parser is vulnerable to a remote availability issue - when processing BIND messages, the parser assumes payloads contain a valid NUL-terminated portal name; a crafted empty or unterminated payload can cause OBI to slice beyond the end of the captured buffer, triggering a runtime panic and crashing the agent.

BPFDoor, an evasive Linux backdoor, is detected via the unusual access of process ID and lock files in the /var/run/ directory, indicating potential malicious activity.

The open-source Inner Warden project is a security agent leveraging eBPF for kernel-level monitoring and autonomous response actions like IP blocking and process termination, aiming to create a distributed security mesh.