New endpoint/OS exploits emerging
Key Questions
What is the VMware Fusion TOCTOU vulnerability?
A public PoC exploit has been released for CVE-2026-41702, a time-of-check to time-of-use root privilege escalation flaw in VMware Fusion on macOS. Urgent patching is recommended for virtualization environments.
How are Symbiote and BPFDoor evolving?
Symbiote and BPFDoor Linux backdoors have gained new eBPF evasion filters, making detection harder in compromised systems. Security teams should enhance hunts for these stealthy implants.
What actions are advised for virtualization and Linux environments?
Apply patches for VMware Fusion immediately and perform targeted hunts for eBPF-based evasion in Linux systems. Monitoring for backdoor activity in virtualization stacks is essential.
Public PoC for VMware Fusion TOCTOU root privilege escalation on macOS; Symbiote and BPFDoor Linux backdoors gaining new eBPF evasion filters. Urgent patching and hunts for virtualization and Linux environments.