Iran alleges that the United States used pre‑installed firmware backdoors and a device‑level botnet to paralyze core network equipment from Cisco, Juniper and MikroTik, proving that physical internet isolation cannot protect against supply‑chain cyber attacks.
This article examines real‑world anecdotes of hidden backdoors in software, explores how Chinese law treats such vulnerabilities, and outlines the hierarchy of backdoor techniques from simple code tricks to compiler‑level implants, highlighting the security risks they pose.
The article recounts a real‑world incident where a device’s MAC address could not be changed because a previous engineer deliberately disabled the relevant function, discusses the discovery of the backdoor code, and examines the legal and ethical implications of such intentional vulnerabilities.
A severe backdoor discovered in XZ Utils versions 5.6.0 and 5.6.1 (CVE‑2024‑3094) allows unauthorized remote code execution via SSH, affecting major Linux distributions such as Debian testing, Fedora Rawhide, Arch, and openSUSE, and users are urged to upgrade immediately.
A recent backdoor implanted in the widely used open‑source compression tool XZ exposes the fragile reliance on volunteer‑maintained software infrastructure, highlighting the massive economic value of open‑source, the sophisticated attack methods employed, and the urgent need for better security and maintenance practices.
A security researcher uncovered a sophisticated supply‑chain attack where a malicious contributor infiltrated the open‑source xz project, inserted a hidden backdoor into versions 5.6.0 and 5.6.1, and leveraged it to compromise systems that rely on xz via OpenSSH.
Red Hat’s emergency advisory (CVE‑2024‑3094) warns that malicious code was inserted into xz‑utils 5.6.0/5.6.1, creating a remote‑access backdoor that affects only Fedora 41 and Rawhide, traced to attacker JiaT75 who compromised the Tukaani project for three years before GitHub disabled the repository.
A recent security analysis reveals how a malicious contributor infiltrated the open‑source xz compression tool over two and a half years, inserted a backdoor using IFUNC hooks to compromise OpenSSH, and was eventually uncovered due to a CPU‑spike bug, highlighting severe risks for Linux and macOS systems.
The article recounts real-world examples of hidden backdoors in software—from an Android ROM project and Ken Thompson’s compiler-level exploit—to discuss their legal ambiguity in China, highlight the challenges of detection, and conclude with a call for developers to share their own experiences, alongside a promotional Python course.
Redigo, a Go‑based malware discovered by AquaSec, continuously scans for unpatched Redis servers vulnerable to CVE‑2022‑0543, uses Redis commands to load a malicious module that creates a hidden backdoor for arbitrary command execution, gathers system data, and may enlist the host in DDoS or crypto‑mining botnets.
This article shares three intriguing Zhihu answers that illustrate how developers embed hidden backdoors in software—from contract‑related ROM hacks to compiler‑level exploits—while discussing Chinese legal interpretations and the varying technical sophistication of such vulnerabilities.
The article recounts three Zhihu answers that illustrate how hidden backdoors are used in software projects to secure payments, discusses the ambiguous legal status of such practices in China, and explores historic and advanced backdoor techniques ranging from driver‑level tricks to compiler‑injected vulnerabilities.
Researchers from 360 Netlab have uncovered RotaJakiro, a stealthy Linux backdoor malware first seen in 2018, which uses ZLIB compression, AES/XOR/ROTATE encryption, and hidden plugins to exfiltrate data and evade detection, with twelve functions yet its true purpose remains unknown.
When a server suddenly generated 800 MB of outbound traffic and SSH became unresponsive, the author traced the issue to a hidden backdoor, blocked the malicious IP, identified compromised binaries, removed malicious processes and startup scripts, and outlined preventive security measures.
This guide explores the versatile netcat (nc) utility, showing how a single command can open a backdoor shell, transfer files and directories, test network connectivity, bypass firewalls, and even serve simple web or audio streams, all with concise examples.
This article walks through the discovery, reverse‑engineering, and full reproduction of a malicious Nginx backdoor, detailing its cookie‑based trigger, shell‑reversal mechanism, code analysis, compilation steps, and detection methods for security researchers.
This guide explains how to use Netcat—a tiny, versatile TCP/UDP utility—to test ports, transfer files, measure bandwidth, and even create simple backdoors, covering both GNU and OpenBSD versions with concrete command examples for Linux and Windows environments.
A newly discovered Linux backdoor called SpeakUp, exploiting the ThinkPHP CVE‑2018‑20062 flaw, spreads via a built‑in Python script, hijacks cron for persistence, leverages multiple CVEs to compromise servers, and mines Monero, with infections concentrated in China and South America.
A critical backdoor was discovered in NetSarang’s Xshell 5 Build 1326, where the nssock2.dll module contains malicious code that contacts a remote domain, affecting multiple NetSarang products; the article details the vulnerability, affected versions, behavior, and provides safe download links.
A recent security advisory reveals that popular remote terminal Xshell versions contain a backdoor in the nssock2.dll component, enabling shellcode to harvest host information, generate monthly DGA domains, and potentially expose sensitive data, prompting immediate version checks and upgrades.
This article explains how vulnerabilities, backdoors, and various Oracle rootkit techniques—ranging from simple package tricks to OS‑level and memory‑level attacks—allow attackers to maintain persistent, hidden access to databases, and it offers concrete detection and mitigation strategies.
Linux Mint warned that attackers replaced the official 17.3 Cinnamon ISO with a back‑doored version, and users can verify integrity using MD5 checksums, look for a hidden file, and follow remediation steps to protect their data and reinstall safely.
