The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.

Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft. The vulnerabilities addressed in this month’s Patch Tuesday ...

Following the massive Windows outage in July caused by a defective CrowdStrike update, Microsoft is working on a way to allow security products to ‘run in user mode just as apps do,’ Microsoft’s David ...

Much of modern operating system functionality happens in and around the kernel. That’s a problem when you’re implementing monitoring and observability tools or adding low-level security tools because ...

Windows 11, the most-used consumer desktop operating system in the world, undoubtedly has its problems. Yet, despite those problems, it's the most refined version of the company's operating system, ...

Kernel Mode Linux (KML) is a technology that enables the execution of user processes in kernel mode. I described the basic concept and the implementation techniques of KML on IA-32 architecture in my ...

Just over a week after the botched CrowdStrike update caused millions of Windows-based machines to crash, Microsoft has published its analysis of the outage. Just over a week after the botched ...