https://rfxn.com Open source Linux security and systems tools from R-fx Networks. en-us Thu, 09 Apr 2026 15:06:47 GMT https://rfxn.com/research/axios-npm-supply-chain-attack https://rfxn.com/research/axios-npm-supply-chain-attack Tue, 31 Mar 2026 00:00:00 GMT The axios npm package (50M+ weekly downloads) was compromised via maintainer account hijack. Malicious versions 1.14.1 and 0.30.4 inject a postinstall dropper that delivers a cross-platform RAT attributed to Lazarus Group (DPRK/APT38). We publish 33 maldet signatures covering the dropper, all platform payloads, and C2 infrastructure. Research https://rfxn.com/research/wordpress-supply-chain-attacks https://rfxn.com/research/wordpress-supply-chain-attacks Fri, 27 Mar 2026 00:00:00 GMT Three premium plugin supply chain compromises in 12 months (BuddyBoss, Gravity Forms, and Groundhogg) show attackers systematically targeting vendor update infrastructure. We publish 10 new maldet signatures including generic detection rules that catch future supply chain backdoors in any WordPress plugin. Research https://rfxn.com/research/mu-plugin-malware-ecosystem https://rfxn.com/research/mu-plugin-malware-ecosystem Wed, 08 Apr 2026 00:00:00 GMT WordPress must-use plugins auto-execute on every page load, don't appear in the admin panel, and can't be deactivated. Five distinct malware families, from simple redirectors to a 7-layer persistence fortress, have independently converged on this vector. We document them all and publish detection signatures. Research https://rfxn.com/research/webrtc-skimmer-csp-bypass https://rfxn.com/research/webrtc-skimmer-csp-bypass Wed, 15 Apr 2026 00:00:00 GMT The first documented payment skimmer using WebRTC DataChannels for both payload delivery and data exfiltration. CSP connect-src cannot block RTCPeerConnection. DTLS-encrypted UDP is invisible to HTTP security tools. We break down the technique and connect it to the ongoing Magento PolyShell mass exploitation. Research https://rfxn.com/research/magento-polyshell-mitigation https://rfxn.com/research/magento-polyshell-mitigation Wed, 25 Mar 2026 00:00:00 GMT A critical unauthenticated file upload vulnerability in Magento's REST API allows attackers to plant PHP webshells disguised as GIF images. We break down the attack, publish 7 ModSecurity rules, Apache hardening guidance, and four new maldet signatures. Research https://rfxn.com/research/structured-audit-logging-bash https://rfxn.com/research/structured-audit-logging-bash Thu, 02 Apr 2026 00:00:00 GMT Most bash tools log unstructured text. We built elog_lib.sh, a shared event logging library that emits 23 typed events to six formats simultaneously: JSONL, CEF, syslog, GELF, and Elasticsearch ECS. One function call, zero-code SIEM integration, no compiled dependencies. Research https://rfxn.com/research/compound-signatures-detection-language https://rfxn.com/research/compound-signatures-detection-language Thu, 12 Mar 2026 00:00:00 GMT ClamAV's signature format cannot express boolean logic. We built a compound signature engine that evaluates AND/OR/threshold rules using shell-native primitives (grep, awk, sort) with 22x less memory and 2.1x higher detection rates. No daemon, no dependencies. Research https://rfxn.com/research/batch-parallel-scan-engine https://rfxn.com/research/batch-parallel-scan-engine Thu, 05 Mar 2026 00:00:00 GMT Linux Malware Detect v1.6.6 forked 500,000 subprocesses per scan. The v2.0 rewrite uses batch parallel workers, Aho-Corasick grep, and awk preloading to scan 10,000 files in 28 seconds, zero external dependencies and a 44 MB memory footprint. Research https://rfxn.com/projects/linux-malware-detect https://rfxn.com/projects/linux-malware-detect A high-performance malware scanner for Linux designed for the multi-core era. v2.0.1 introduces a foundational engine leap that delivers up to 10x faster performance than traditional scanners via hash-first short-circuiting and batch-parallel processing. https://rfxn.com/projects/advanced-policy-firewall https://rfxn.com/projects/advanced-policy-firewall An iptables(netfilter) based firewall system for Linux servers. Provides three-fold filtering with static rules, stateful connection tracking, and sanity-based packet inspection. https://rfxn.com/projects/brute-force-detection https://rfxn.com/projects/brute-force-detection A modular shell script for parsing application logs and detecting authentication failures. Uses regex rules and integrates with APF, Shorewall, or raw iptables for blocking. https://rfxn.com/projects/irsync-incremental-rsync https://rfxn.com/projects/irsync-incremental-rsync An incremental backup utility built on rsync with traffic control shaping, hard-link snapshots, point-in-time restore, and MySQL backup support. https://rfxn.com/projects/linux-environment-security https://rfxn.com/projects/linux-environment-security A security hardening tool that prevents environment-based attacks including PATH tainting, profile script hijacking, and system traversal exploitation. https://rfxn.com/projects/linux-socket-monitor https://rfxn.com/projects/linux-socket-monitor A port monitor that tracks changes to network sockets and Unix domain sockets using differential comparison, alerting on newly activated services. https://rfxn.com/projects/network-socket-inode-validation https://rfxn.com/projects/network-socket-inode-validation Validates network socket inodes at the kernel level, correlating processes to sockets to expose hidden or injected connections indicative of compromise. https://rfxn.com/projects/process-resource-monitor https://rfxn.com/projects/process-resource-monitor A CPU, memory, and process resource monitor for Linux and BSD. Supports global and per-process/per-user limits with automatic enforcement. https://rfxn.com/projects/system-integrity-monitor https://rfxn.com/projects/system-integrity-monitor A system and services monitor for SysVinit systems. Monitors services, load, disk space, and network status with auto-restart for downed services. https://rfxn.com/projects/system-priority https://rfxn.com/projects/system-priority A tool for managing system process priorities and CPU scheduling on Linux. Provides persistent, rule-based priority management via nice and scheduling subsystems.