The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations.
...
Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to remain out of sight from security products. The malware, dubbed CronRat, hides in the calendar subsystem of Linux servers (“cron”) on a non-existent day, 31 February, according to a blog post by security researchers at Sansec.
The stealthy LightBasin hacking group (also known as UNC1945) is infiltrating telecommunications companies around the world in a campaign that researchers have linked to intelligence gathering and cyber espionage. LightBasin's primary focus is on Linux and Solaris servers that are critical for running telecommunications infrastructure – and are likely to have less security measures in place than Windows systems.