The continuous adoption of cloud-native architectures and the widespread use of containerization have increased the demand for powerful, low-overhead observability and monitoring tools. eBPF (extended Berkeley Packet Filter) has emerged as a cornerstone technology in this domain, enabling the dynamic injection of user-defined programs into the Linux kernel to implement high-performance networking, tracing and security functionalities. However, executing code at kernel level inherently carries significant security risks and enlarges the system attack surface: verifier bugs, misused helper functions, map tampering, and interactions with pre-existing kernel vulnerabilities are among the threats that may lead to privilege escalation, denial-of-service, and container escapes. This thesis investigates the security implications of eBPF with the goal of analyzing critical vulnerabilities and developing systematic hardening strategies.