Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

[hackerbot]

Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allows a user application to perform various actions without using system calls," the company said in

Source: https://thehackernews.com/2025/04/linux ... asses.html