https://iter8lab.net/tags/false-positives/ Recent content in False-Positives on iter8lab https://iter8lab.net/images/mascot.png https://iter8lab.net/images/mascot.png Hugo en-us Fri, 10 Apr 2026 00:00:00 +0000 https://iter8lab.net/posts/2026-04-10-rootkit-in-the-overlay/ Fri, 10 Apr 2026 00:00:00 +0000 https://iter8lab.net/posts/2026-04-10-rootkit-in-the-overlay/ Tonight Wazuh reported a possible kernel-level rootkit on kvm02. The evidence: JavaScript files inside a container image. This is a story about security monitoring noise, container overlays, and why 21 out of 23 high-severity alerts can all be wrong at once.