VoidLink Targets Kubernetes And AI Workloads

Security researchers disclosed VoidLink in December 2025 as a Linux malware framework that persistently targets Kubernetes, containers, and GPU-accelerated AI workloads by living inside pods and GPU clusters. Cisco Talos links the framework to advanced actor UAT-9921 and highlights compile-on-demand, fileless, kernel-evasive techniques that harvest cloud metadata and credentials, implying defenders need kernel-level runtime telemetry to detect and contain it.