LinuxSecurity – Security Features The central voice for Linux and Open Source security news.
- What Is a Checksum? Meaning, Examples & Why You Should Use Them
by MaK Ulac on March 27, 2026 at 11:00 amA checksum is a calculated value that represents the exact contents of a file or message. If the file changes ” even by a single byte ” the checksum changes as well. That’s why it’s often described as a digital fingerprint for data integrity.
- Port Scanning Explained: Tools, Techniques, and Best Open-Source Port Scanners for Linux
by Brittany Day on March 20, 2026 at 7:12 amMost Linux admins assume they know which TCP/IP ports their servers expose, until a scan reveals something unexpected. A database port listening on all interfaces, a forgotten development service, or a management interface that was meant to stay internal can easily appear once you look from the network side.
- The Ni8mare Chain: How n8n RCE Turns Auth Bypass Into Linux Host Compromise
by MaK Ulac on March 18, 2026 at 4:29 pmn8n (CVE-2025-68613) is an open-source automation tool used to connect APIs, databases, and SaaS apps into workflows. It is commonly used to move data between systems, trigger jobs, and tie services together, and in many environments, it also holds credentials and access to internal services.
- Linux Kernel eBPF Monitoring Rootkit Threats and Evasion Techniques
by MaK Ulac on March 16, 2026 at 2:18 pmLinux runtime security increasingly depends on watching what the operating system is doing in real time. Security tools use eBPF (extended Berkeley Packet Filter) to attach probes within the Linux kernel, recording events such as new processes starting, files being opened, or network connections being created. Those events are then sent to detection engines such as Falco and other Linux runtime monitoring tools, which analyze the activity and alert when something suspicious is detected.This approach works because it lets defenders observe system behavior directly inside the kernel rather than relying only on logs written after the fact.The problem is that it assumes the monitoring pipeline inside the kernel can be trusted. Modern Linux rootkits are beginning to target that pipeline directly by intercepting functions in the eBPF event path and filtering or dropping records before they reach the buffer that security tools read from.When that happens, the activity still occurs on the system, but the monitoring tool never sees it.Experimental research such as SPiCa explores what this looks like in practice by demonstrating how kernel malware can manipulate the event stream produced by eBPF monitoring and effectively silence parts of the security stack while the tools themselves continue running normally.If attackers can tamper with the signals that monitoring tools rely on, defenders face a difficult problem because any security system that depends on those signals may be operating with blind spots.
