Linux admins -

For over a decade, iptables served as the backbone of Linux-based firewalls. It eventually evolved into eBPF, which allows dynamically loaded programs to run directly within the kernel. This also introduces new risks that require careful management and oversight.

This has allowed adversaries to increasingly weaponize eBPF capabilities, as evidenced by public proofs-of-concept exploits like Boopkit and fully developed backdoors like BPFDoor. This places systems at risk for stealthy and persistent attacks. Read on to learn more about how attackers can hide processes within your own system to evade detection and exploiting eBPF for kernel manipulation.

Yours in Open Source,

Dv Signature Newsletter 2024 Esm W150

Dave Wreski

LinuxSecurity Founder

eBPF

The Discovery 

Strong evidence from 2018 through 2025 shows that eBPF has evolved from a powerful kernel instrumentation API into a realistic attacker vector.

LinuxKernel Esm W206

The Impact

This trend puts systems at risk for stealthy and persistent attacks like Boopkit and BPFDoor.

The Fix

To protect against this threat, it is crucial to hide processes within your own system to evade detection and the exploitation of eBPF for kernel manipulation.

Sudo

The Discovery 

A flaw in sudo, CVE-2025-32463, that affects nearly every Linux distribution, has been added to CISA's Known Exploited Vulnerabilities catalog.

Sudo Logo Esm W137

The Impact

This bug allows someone with limited access to bypass security controls and directly escalate to root.

The Fix

Patches have been released by multiple popular Linux distros to fix this flaw. All impacted admins and users should update immediately to secure their servers and devices.