[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXvTs8w5bzAONHIYBV751GgYN6YAV1oOiKhHJBvVwopU":3},{"article":4,"iocs":40},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":23,"category":24,"article_tags":27},"0493fc85-a4ab-47e6-87fe-bddafa271541","🚨 New Linux exfiltration tool designed to bypass EDR\n\nThe malware abuses Linux io_uring to async...","new-linux-exfiltration-tool-designed-to-bypass-edr-the-malware-abuses-linux-io-u-bbc095","🚨 New Linux exfiltration tool designed to bypass EDR\n\nThe malware abuses Linux io_uring to asynchronously access \u002Fetc\u002Fshadow and exfiltrate credential material over TCP with a minimal runtime footprint.\n\nUnlike traditional stealers that rely on conventional blocking I\u002FO, it https:\u002F\u002Ft.co\u002FDzYCkDSmq9","A new Linux malware has been identified that leverages the io_uring subsystem to asynchronously access sensitive credential material from the \u002Fetc\u002Fshadow file. This tool is designed to bypass Endpoint Detection and Response (EDR) solutions by minimizing its runtime footprint and avoiding traditional blocking I\u002FO methods.","New Linux exfiltration tool bypasses EDR by abusing io_uring to access \u002Fetc\u002Fshadow.",null,"https:\u002F\u002Fx.com\u002Fnextronresearch\u002Fstatus\u002F2064032230985646251","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHKSPfm3W4AEAHhG.jpg","2026-06-08T17:10:06+00:00","2026-06-08T18:00:13.701843+00:00",8,[18,21],{"name":19,"type":20},"io_uring","technology",{"name":22,"type":20},"EDR","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":23,"icon":11,"name":25,"slug":26},"Malware","malware",[28,33,35],{"category":29},{"id":30,"icon":11,"name":31,"slug":32},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",{"category":34},{"id":23,"icon":11,"name":25,"slug":26},{"category":36},{"id":37,"icon":11,"name":38,"slug":39},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[41],{"type":26,"value":42,"context":43},"Linux exfiltration tool","New malware designed to exfiltrate credentials from Linux systems."]