Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

VoidLink analysis reveals Kubernetes/Docker checks and modular anti-analysis behavior

Technical Analysis
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

VoidLink is a Linux C2 framework built for cloud and container environments, with multi-cloud targeting across AWS, Google Cloud Platform, Microsoft Azure, Alibaba Cloud and Tencent Cloud. The latest analysis shows the implant also supports credential theft, data exfiltration and stealthy persistence, while using AES-256-GCM over HTTPS to blend C2 traffic into normal web activity. Researchers further observed LLM-assisted coding artifacts in the binary, but described the sample as an operational implant with live infrastructure rather than a proof of concept.

Related Happenings

PCPJack Linux cloud credential-theft and persistence framework

Malware Activity
First: 07.05.2026 21:35 Last: 07.05.2026 21:35 Sources 1

About this happening: The **PCPJack** malware framework is stealing credentials from **exposed Linux cloud systems**, creating a broad risk of account takeover and lateral movement. It targets services...

Open Happening

Zealot autonomous AI cloud intrusion proof of concept

Technical Analysis
First: 23.04.2026 13:09 Last: 23.04.2026 13:09 Sources 1

About this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...

Open Happening

Unit 42 Zealot proves autonomous cloud attack chaining in GCP

Technical Analysis
First: 23.04.2026 13:00 Last: 23.04.2026 13:00 Sources 1

About this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...

Open Happening

Checkmarx/kics Docker Hub repository hit by network compromise

Incident
First: 22.04.2026 20:55 Last: 22.04.2026 20:55 Sources 1

About this happening: **Checkmarx's checkmarx/kics Docker Hub repository** suffered a **supply-chain compromise** that could expose **secrets** from infrastructure-as-code scans. **Unknown threat actor...

Open Happening

GPUBreach GPU Rowhammer research enables GDDR6 page-table corruption and privilege escalation

Technical Analysis
First: 07.04.2026 00:44 Last: 07.04.2026 00:44 Sources 1

About this happening: **GPUBreach** research shows **Rowhammer** bit flips in **GDDR6** can corrupt **GPU page tables**, creating a path to **arbitrary GPU memory read/write** and potential **full syst...

Open Happening

Timeline

  1. 14.01.2026 00:12 3 articles · 4mo ago

    Check Point details VoidLink cloud-native Linux framework

    Technical Analysis Update

    Check Point identified VoidLink as a newly discovered cloud-native Linux malware framework built for cloud and container environments. The framework uses custom loaders, implants, rootkits, and 35 plugins; fingerprints Docker and Kubernetes; queries instance metadata for AWS, GCP, Azure, Alibaba, and Tencent; and can tune behavior after assessing installed security controls and host hardening. Analysts also said no active infections have been confirmed and assessed the codebase as likely a product offering or customer-built framework.

    Show sources
    Open in new tab