Linux malware can avoid syscall-based endpoint protection
The proof-of-concept program 'Curing' utilizes the io_uring interface in Linux to perform IO operations that traditional antivirus tools fail to monitor, exploiting a major security blind spot.