VulnHub

Real-time Cybersecurity News

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

The Hacker News
Actively Exploited
LinuxPatchBotnet

Overview

Researchers have identified a new botnet named SSHStalker that uses the Internet Relay Chat (IRC) protocol for its command-and-control operations. This botnet targets Linux systems, employing older kernel exploits to gain access. It features tools for hiding its activities, including log tampering and rootkit-like components. The existence of SSHStalker is concerning as it demonstrates that attackers are still leveraging outdated vulnerabilities to compromise systems. Organizations running Linux servers should assess their security measures and patch any known vulnerabilities to mitigate potential risks from this botnet.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Linux systems, particularly those with legacy kernels
  • Action Required: Organizations should patch vulnerabilities in their Linux systems and implement security measures to detect and respond to unauthorized access.
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of

Impact

Linux systems, particularly those with legacy kernels

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should patch vulnerabilities in their Linux systems and implement security measures to detect and respond to unauthorized access.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, Patch, Botnet.

Read Original Article

Related Coverage

Your AI doctor doesn’t have to follow the same privacy rules as your real one

CyberScoop

AI applications are increasingly entering the healthcare space, but they may not be required to follow the same privacy regulations that traditional healthcare providers must adhere to. This raises concerns about how patient data is handled, as there is no guarantee that these AI tools will implement stringent data security measures. Patients using AI for medical advice might be at risk of their personal health information being mismanaged or inadequately protected. As healthcare technology evolves, it's crucial for users to be aware of the potential privacy implications and for regulators to consider updating laws to keep pace with these advancements. The situation calls for careful scrutiny to ensure that patient rights are upheld in an increasingly digital healthcare environment.

Feb 11, 2026

North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms

Infosecurity Magazine

North Korean hackers have launched a sophisticated campaign targeting cryptocurrency firms by using deepfake video calls to impersonate legitimate company representatives. These attackers have stolen Telegram accounts and are conducting fake Zoom meetings to trick users into installing infostealer malware. This malware is designed to harvest sensitive information, which could lead to significant financial losses for the affected companies. The use of deepfake technology in these scams highlights a concerning trend in cybercrime, where attackers are becoming increasingly adept at using advanced tactics to deceive their targets. Cryptocurrency firms, already vulnerable to various cyber threats, must remain vigilant against such innovative attack methods.

Feb 11, 2026

AI-generated React2Shell malware infects 90-plus hosts

SCM feed for Latest

Researchers have recently identified a new strain of malware named React2Shell, which has infected over 90 hosts. This malware, discovered through a Docker honeypot, is primarily used for cryptojacking, a practice where attackers hijack computing resources to mine cryptocurrency without the owner's consent. The emergence of React2Shell signals a growing trend in the use of artificial intelligence to create more sophisticated malware. Organizations need to be vigilant about their Docker environments and ensure they have robust security measures in place to protect against such threats. The impact of this malware could lead to significant financial losses for businesses if their systems are compromised.

Feb 11, 2026

Is spyware hiding on your phone? How to find out and remove it - fast

Latest news

The article discusses the possibility of spyware infecting smartphones, alerting users to signs that their devices may be compromised. It emphasizes that unusual behavior, such as faster battery drain, unexpected data usage, and unfamiliar apps, can indicate spyware presence. The piece provides guidance on how to identify and remove such malicious software quickly. Given the rise in cyber threats, this information is crucial for users to protect their personal data and maintain their device security. Understanding how to detect and eliminate spyware can help individuals avoid potential privacy breaches and unauthorized access to sensitive information.

Feb 11, 2026

Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed

SecurityWeek

A recent data breach involving Conduent has compromised the personal information of nearly 17,000 employees at Volvo Group, part of a much larger incident affecting at least 25 million individuals. Initially thought to involve only 10 million people, the breach has expanded significantly, raising concerns about data security across numerous organizations. The exposed data could include sensitive information, putting affected employees at risk for identity theft and other malicious activities. This incident emphasizes the need for companies to bolster their cybersecurity measures and protect sensitive employee data. The breach's scale indicates a potential vulnerability in third-party vendor systems, which can have widespread implications for many businesses relying on such services.

Feb 11, 2026

Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

SecurityWeek

Ivanti has addressed a serious security flaw in its Endpoint Manager software, which was disclosed in October 2025. A high-severity authentication bypass vulnerability was identified, allowing attackers to remotely exploit the system without needing any form of authentication. This means that unauthorized users could potentially gain access to sensitive credentials. The implications of this vulnerability are significant, as it could expose organizations to data breaches and unauthorized access. Users of Ivanti Endpoint Manager are strongly encouraged to apply the latest patches to secure their systems and safeguard their information.

Feb 11, 2026