> TritonInfoSec News
Home / May 09, 2026 / Story
0
#9 The Hacker News general May 08, 2026 at 08:41 UTC

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

By [email protected] (The Hacker News)

AI Summary

A new Linux backdoor named PamDOORa, advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called 'darkworm,' abuses Pluggable Authentication Modules (PAM) to maintain persistent SSH access via a magic password and specific TCP port combination. The PAM-based approach is particularly stealthy as it sits at the authentication layer and can survive reboots and software updates. Linux sysadmins should audit PAM configurations and monitor for unauthorized PAM module additions as a detection control.

Read full article → https://thehackernews.com/2026/05/new-linux-pamdoo…

Relevance score: 72.0/100

# More from May 09

  1. 1
    Palo Alto Networks firewall zero-day exploited for nearly a month BleepingComputer
  2. 2
    Ivanti warns of new EPMM flaw exploited in zero-day attacks BleepingComputer
  3. 3
    Canvas login portals hacked in mass ShinyHunters extortion campaign BleepingComputer
  4. 4
    New Linux 'Dirty Frag' zero-day gives root on all major distros BleepingComputer
  5. 5
    Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking SecurityWeek
  6. 6
    Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion SecurityWeek
  7. 7
    Trellix source code breach claimed by RansomHouse hackers BleepingComputer
  8. 8
    Americans sentenced for running 'laptop farms' for North Korea BleepingComputer
  9. 10
    Chrome 148 Rolls Out With 127 Security Fixes SecurityWeek