Elastic Security | Breaking Cybersecurity News | The Hacker News

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the tool for infostealer campaigns. An update has since been released to plug the issue. "Despite our rigorous vetting process – which has successfully prevented such incidents since the launch of Shellter Pro Plus in February 2023 – we now find ourselves addressing this unfortunate situation," the Shellter Project Team said in a statement. The response comes shortly after Elastic Security Labs released a report about how the commercial evasion framework is being abused in the wild since April 2025 to propagate Lumma Stealer, Rhadamanthys Stealer, and SectopRAT (aka ArechClient2). Shellter is a pot...

Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers," Elastic Security Lab researchers Remco Sprooten and Ruben Groenewoud said in a technical report published Thursday. The company's analysis comes from artifacts uploaded to the VirusTotal malware scanning platform earlier this September. The internals of the malware is based on a multi-stage architecture that comprises a dropper component named "cron," two memory-resident executables ("/memfd:tgt" and "/memfd:wpn"), an LKM rootkit ("puma.ko"), and a shared object (SO) userland rootkit called Kitsune ("li...