#voidlink — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #voidlink, aggregated by home.social.
-
New threat actor, UAT-9921, leverages VoidLink framework in campaigns
#UAT_9921 #VoidLink
https://blog.talosintelligence.com/voidlink/ -
#CheckPoint Research revealed that #VoidLink, a recently exposed cloud-native #Linux #malware framework, is authored almost entirely by AI, likely under the direction of a single individual. The malware was produced predominantly through AI-driven development, reaching the first functional implant in under a week. From a methodology perspective, the actor used the model beyond coding, adopting an approach called Spec Driven Development (SDD).
https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/
-
📢 ⚠️ ☁️ VoidLink malware is now targeting cloud systems with custom-built attacks, adapting to evade detection and abuse cloud environments like AWS and Azure, according to researchers.
Read: https://hackread.com/voidlink-malware-cloud-system-custom-built-attack/
#CyberSecurity #Malware #CloudSecurity #Linux #Infosec #VoidLink
-
"The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model.
That's according to new findings from Check Point Research, which identified operational security blunders by malware's author that provided clues to its developmental origins. The latest insight makes VoidLink one of the first instances of an advanced malware largely generated using AI.
"These materials provide clear evidence that the malware was produced predominantly through AI-driven development, reaching a first functional implant in under a week," the cybersecurity company said, adding it reached more than 88,000 lines of code by early December 2025.
VoidLink, first publicly documented last week, is a feature-rich malware framework written in Zig that's specifically designed for long-term, stealthy access to Linux-based cloud environments. The malware is said to have come from a Chinese-affiliated development environment. As of writing, the exact purpose of the malware remains unclear. No real-world infections have been observed to date.
A follow-up analysis from Sysdig was the first to highlight the fact that the toolkit may have been developed with the help of a large language model (LLM) under the directions of a human with extensive kernel development knowledge and red team experience, citing four different pieces of evidence -"
https://thehackernews.com/2026/01/voidlink-linux-malware-framework-built.html
#CyberSecurity #Malware #Linux #VoidLink #China #VibeCoding #LLMs #AI
-
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
#VoidLink
https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/ -
🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #03/2026 is out!
→ It includes the following and much more:
🔓️ #BreachForums had its user database leaked;
❌ #RedVDS Infrastructure seized by #Microsoft and Law Enforcement;
🇪🇸 🇪🇺 #Europol and Spanish police arrested 34 people linked to the Black Axe;
🇮🇷 🔌 #Iran has cut off internet and phone access nationwide for more than a week
🐧 New modular #Linux malware framework called #VoidLink;
🩸 #MongoBleed, a critical, unauthenticated #MongoDB memory-leak vulnerability;
📆 🩹 Microsoft #PatchTuesday addresses 112 defects, including one actively exploited zero-day;
--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-03-2026
-
🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #03/2026 is out!
→ It includes the following and much more:
🔓️ #BreachForums had its user database leaked;
❌ #RedVDS Infrastructure seized by #Microsoft and Law Enforcement;
🇪🇸 🇪🇺 #Europol and Spanish police arrested 34 people linked to the Black Axe;
🇮🇷 🔌 #Iran has cut off internet and phone access nationwide for more than a week
🐧 New modular #Linux malware framework called #VoidLink;
🩸 #MongoBleed, a critical, unauthenticated #MongoDB memory-leak vulnerability;
📆 🩹 Microsoft #PatchTuesday addresses 112 defects, including one actively exploited zero-day;
--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-03-2026
-
🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #03/2026 is out!
→ It includes the following and much more:
🔓️ #BreachForums had its user database leaked;
❌ #RedVDS Infrastructure seized by #Microsoft and Law Enforcement;
🇪🇸 🇪🇺 #Europol and Spanish police arrested 34 people linked to the Black Axe;
🇮🇷 🔌 #Iran has cut off internet and phone access nationwide for more than a week
🐧 New modular #Linux malware framework called #VoidLink;
🩸 #MongoBleed, a critical, unauthenticated #MongoDB memory-leak vulnerability;
📆 🩹 Microsoft #PatchTuesday addresses 112 defects, including one actively exploited zero-day;
--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-03-2026
-
🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #03/2026 is out!
→ It includes the following and much more:
🔓️ #BreachForums had its user database leaked;
❌ #RedVDS Infrastructure seized by #Microsoft and Law Enforcement;
🇪🇸 🇪🇺 #Europol and Spanish police arrested 34 people linked to the Black Axe;
🇮🇷 🔌 #Iran has cut off internet and phone access nationwide for more than a week
🐧 New modular #Linux malware framework called #VoidLink;
🩸 #MongoBleed, a critical, unauthenticated #MongoDB memory-leak vulnerability;
📆 🩹 Microsoft #PatchTuesday addresses 112 defects, including one actively exploited zero-day;
--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-03-2026
-
🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #03/2026 is out!
→ It includes the following and much more:
🔓️ #BreachForums had its user database leaked;
❌ #RedVDS Infrastructure seized by #Microsoft and Law Enforcement;
🇪🇸 🇪🇺 #Europol and Spanish police arrested 34 people linked to the Black Axe;
🇮🇷 🔌 #Iran has cut off internet and phone access nationwide for more than a week
🐧 New modular #Linux malware framework called #VoidLink;
🩸 #MongoBleed, a critical, unauthenticated #MongoDB memory-leak vulnerability;
📆 🩹 Microsoft #PatchTuesday addresses 112 defects, including one actively exploited zero-day;
--
👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-03-2026
-
#Erfolg von #Linux mit Schattenseiten: "Nie dagewesene" #Malware entdeckt
#Sicherheitsforscher enthüllen #Voidlink, ein "hoch entwickeltes" Linux-Malware-Framework mit über 30 modularen Komponenten. Das #Schadprogramm zielt auf #Cloud-Umgebungen ab und gilt als "deutlich fortgeschrittener" als typische Linux-Malware.
Spätestens mit dem #Support-Ende von #Windows10 schwappte eine Welle nie dagewesener Höhe an Nutzern zu Linux-Systemen rüber ...
https://www.pcgameshardware.de/Linux-Software-26761/News/Voidlink-Malware-Cloud-Framework-1490953/
-
Researchers have discovered a never-before-seen #framework that infects #Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers.
The framework, referred to as #VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers’ needs for each infected machine.
These modules can provide additional stealth and specific tools for reconnaissance,
privilege escalation,
and lateral movement inside a compromised network.
The components can be easily added or removed as objectives change over the course of a campaign.
VoidLink can target machines within popular #cloud #services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent,
-- and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases.
To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor’s API.Similar frameworks targeting #Windows servers have flourished for years. They are less common on Linux machines.
The feature set is unusually broad and is “far more advanced than typical Linux malware,” said researchers from Check Point,
the security firm that discovered VoidLink.
Its creation may indicate that the attacker’s focus is increasingly expanding to include Linux systems,
cloud infrastructure, and application deployment environments,
as organizations increasingly move workloads to these environments.
https://arstechnica.com/security/2026/01/never-before-seen-linux-malware-is-far-more-advanced-than-typical/ -
📢⚠️ New China linked VoidLink Linux malware targets major cloud providers like AWS, Azure and Google Cloud to steal data and evade detection.
Read: https://hackread.com/china-voidlink-linux-malware-cloud-providers/
-
Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework
#VoidLink
https://research.checkpoint.com/2026/voidlink-the-cloud-native-malware-framework/