eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

5th May 2026

Copy Fail is a 732 byte Python script that roots every Linux distribution shipped since 2017. If you don't have the patch on your system or your vendor hasn't provided one yet, you can already defend yourself with eBPF. I've seen multiple projects on Github using eBPF to live patch systems against Copy Fail and there is even a blog on how to do it with Tetragon.

This simple story shows the power of eBPF, live patch your system without having to wait for your vendor or upstream to ship a fix. It's the reason that Cisco chose Tetragon for Live Protect and its the reason that the whole runtime security industry is turning towards eBPF as the platform of choice. Protect in real time without disrupting the running system, name a better positioned technology to capture the category. I need to finish a knitting project for my new niece so let’s 🐝 -gin.

The Technical

eBPF-based audit & block for CI workloads, written in Rust with aya

SoulKyu/cpg

Cilium Policy Generator using Hubble Relay

shun159/gregw

An experimental XDP/eBPF IPv4-over-GRE gateway

dorser/trace-ktls

eBPF to capture plaintext from kTLS connections

spinningfactory/kloak

Transparent secret injection from outbound TLS traffic in Kubernetes using eBPF

OpenGamingCollective/cardwire

A GPU Manager for linux that uses eBPF LSM hooks to block GPUs

boratanrikulu/gobee

Transpile a Go subset to BPF C and generate typed cilium/ebpf bindings

cilium/stackwhere

A tool for exploring where BPF stack usage comes from

immanuwell/pktz

Per-process, per-connection network monitoring from the kernel

false-systems/jalki

Programmable eBPF fentry/fexit tracing framework for Linux

🐝

The Ecosystem

The invisible engineering behind Lambda’s network

How eBPF became the foundation of AWS Lambda's network (Cilium shoutout too!)

eBPF Fellowship Update: Tutorials, Research, and Expanding eBPF into GPU & AI

Yusheng's research into GPU flame graph profiling, AI agent observability, & more

🐝

The How To

The Video

How eBPF & Tetragon Give You Real-Time Kernel-Level Security

See Liz Rice live demo Tetragon

🐝

The Events

ACM SOSP'26 Workshop on eBPF and Kernel Extensions

September 29th in Prague, CfP open

Linux Plumbers Conference

October 5-7th in Prague, CfP open

🐝 

The Livestreams

eCHO Episode 207: Exploring eBPF Summit Hackathon Winner xgotop

Upcoming on May 8: eCHO Episode 208: Tetragon & OpenClaw Lab Preview

The Post of the Week

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan and Katie Meinders. Any feedback is welcome!