Tag
ModuleJail is a POSIX shell script that shrinks a Linux host's kernel-module attack surface by blacklisting every module not currently in use, helping sysadmins reduce risk from upcoming kernel module vulnerabilities.
Hanno Böck discusses recent kernel exploits affecting the ESP (IPSEC) module and suggests disabling IPSEC-related kernel config options to reduce attack surface, highlighting how many unused kernel modules are loaded by default.
Discusses AI agent security as a runtime supply-chain problem beyond prompt injection, highlighting risks from untrusted data, tools, and feedback loops, and questions how developers enforce boundaries.