Tag: edr
-
Hackers Abuse Compromised WordPress Sites to Deliver GULoader Through EtherHiding Chain
In April 2026, incident responders traced a sophisticated intrusion that abused compromised WordPress sites to deliver GULoader via an EtherHiding → ClickFix → UNC-chain. The real-world ClickFix incident produced convergent evidence from an ANY.RUN sandbox detonation and live EDR telemetry, revealing a complete, user-initiated attack path from a WordPress mu-plugin backdoor to a blocked rundll32.exe…
-
Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows
Microsoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/microsoft-defender-for-endpoint-edr-updates/
-
EDRChoker Tool Abuses Windows QoS Policies to Disrupt Endpoint Security Tools
A newly disclosed red-team tool dubbed “EDRChoker” is drawing attention across the cybersecurity community for its novel approach to disrupting Endpoint Detection and Response (EDR) visibility by abusing Windows Policy-based Quality of Service (quality of service). Unlike traditional EDR evasion techniques that rely on firewall manipulation or Windows Filtering Platform (WFP) rule injection, EDRChoker operates…
-
Payouts King Ransomware Bypasses EDR via Obfuscation and Direct Syscalls
Payouts King ransomware has emerged as a notable post-BlackBasta threat, leveraging advanced obfuscation and direct system calls to evade endpoint detection and response (EDR) solutions. Threat activity observed in early 2026 shows strong overlaps with historical BlackBasta tradecraft, particularly the use of spam bombing combined with phishing and vishing. In these campaigns, attackers overwhelm victims…
-
AI accelerates development of ransomware toolkit with EDR evasion capabilities
First seen on scworld.com Jump to article: www.scworld.com/brief/ai-accelerates-development-of-ransomware-toolkit-with-edr-evasion-capabilities
-
Attackers Use AI to Automate EDR Evasion Testing
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/attackers-automate-edr-evasion-testing
-
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
-
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
-
How Leading Organizations Are Turning EDR Into Operational Resilience
Most organizations now recognize that endpoint protection alone is no longer sufficient.That’s why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require continuous visibility into suspicious activity across the environment.But owning EDR First seen on thehackernews.com Jump to…
-
Sophos uncovers AI-powered malware lab built for EDR evasion
A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/
-
Iranian Hackers Hijack AppDomainManager to Bypass EDR
Iran-linked hackers have upgraded their tradecraft by using AppDomainManager hijacking in .NET applications to turn off security telemetry before malicious code fully starts, making endpoint detection and response tools much harder to spot the attack. The campaign, attributed to the Iran-nexus group Screening Serpens, pairs this technique with DLL sideloading, fake job lures, and staged…
-
New GhostTree Attack Causes EDR Tools to Hang, Leaving Files Unscanned
A newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Threat Labs, abuses NTFS junctions to create recursive directory structures that can cause security tools to hang indefinitely. New…
-
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
Nightmare-Eclipse’s Windows disclosure spree keeps growing: MiniPlasma is only the latest entry in what has become one of 2026’s most chaotic Windows disclosure runs.The spree began with BlueHammer, a Windows Defender privilege escalation flaw later assigned CVE-2026-33825. That was followed by RedSun and UnDefend, two additional Windows privilege escalation and denial-of-service disclosures. Huntress later reported…
-
7AI Uncovers Browser Extension Campaign Evading EDR Defenses
7AI uncovered a browser-extension campaign that bypassed EDR defenses to inject malicious JavaScript into authenticated browser sessions. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/7ai-uncovers-browser-extension-campaign-evading-edr-defenses/
-
Vidar Stealer Campaign Evades EDR to Steal Credentials
A new Vidar Stealer campaign is abusing trusted tools, multi”‘stage loaders, and heavy obfuscation to bypass EDR visibility and steal credentials from infected systems silently. This operation shows a clear shift toward “living”‘off”‘the”‘land” techniques and stealthy backdoor architectures that make traditional signature”‘based defenses almost useless. The campaign starts with spear”‘phishing emails that contain compressed archives,…
-
Vidar Stealer Campaign Evades EDR to Steal Credentials
A new Vidar Stealer campaign is abusing trusted tools, multi”‘stage loaders, and heavy obfuscation to bypass EDR visibility and steal credentials from infected systems silently. This operation shows a clear shift toward “living”‘off”‘the”‘land” techniques and stealthy backdoor architectures that make traditional signature”‘based defenses almost useless. The campaign starts with spear”‘phishing emails that contain compressed archives,…
-
Developer workstations are the new beachhead
Tags: access, application-security, attack, authentication, cloud, container, control, credentials, edr, endpoint, exploit, github, group, Hardware, identity, incident response, infrastructure, malware, mfa, monitoring, network, software, supply-chain, threat, updateThe economics that drive the convergence: A typical developer workstation holds SSH keys, cloud provider credentials, container registry tokens, Git authentication tokens and CI/CD pipeline secrets. Many developers have administrative access to internal package registries and deployment infrastructure. Their machines often sit outside the hardened perimeter that security teams build around production systems.From an attacker’s…
-
AI security is repeating endpoint security’s biggest mistake
Tags: access, ai, api, automation, business, control, data, detection, edr, endpoint, governance, incident response, injection, LLM, monitoring, open-source, radius, risk, saas, sbom, soc, strategy, technology, threat, tool, updateMost AI security is still at the posture phase: Look at where most organizations are with AI security today. Model cards, AI-specific SBOMs, input and output filters, prompt injection guardrails and access controls around model APIs. These are valuable controls, but they reflect a posture-based approach. To truly enhance security, organizations must recognize the importance…
-
The fake IT worker problem CISOs can’t ignore
Tags: access, ai, breach, business, captcha, cio, ciso, compliance, computer, control, credentials, crowdstrike, data, detection, edr, endpoint, fedramp, fraud, gartner, iam, identity, jobs, linkedin, mitigation, monitoring, network, north-korea, office, phone, risk, skills, tool, training, zero-trustWhat to do if you suspect a fake IT worker: When a CIO suspects a fake IT worker, next steps are important as the issue shifts from recruitment to insider risk management.During his time at MongoDB, George Gerchow, IANS faculty advisor and Bedrock Data CSO, oversaw the investigation after the company detected it had unknowingly…
-
6 Best Enterprise Antivirus Software Choices in 2026
We reviewed the leading enterprise antivirus and EDR tools for 2026 and found SentinelOne Singularity to be the best overall, followed closely by Microsoft Defender and CrowdStrike Falcon. The post 6 Best Enterprise Antivirus Software Choices in 2026 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/best-antivirus-software/
-
Diagnostic Fatigue: Why the Visibility Industry Just Hit Its Limit
For more than a decade, cybersecurity has sold one product under a thousand names: visibility. SIEM for events. EDR for endpoints. ASM for the attack surface. CNAPP for the cloud. Exposure management for everything else. Every category promised the same thing: if we could just see enough, we would finally secure enough. The visibility industry…The…
-
CNAPP ein Kaufratgeber
Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmwareCloud Security bleibt ein diffiziles Thema und die Tools, mit denen sie sich gewährleisten lässt, werden zunehmend komplexer und schwieriger zu durchschauen auch dank der ungebrochenen Liebe der Branche zu Akronymen. Mit CNAPP kommt nun ein weiteres hinzu. Die Abkürzung steht für Cloud-Native Application Protection Platform und kombiniert die Funktionen von vier separaten Cloud-Security-Werkzeugen: Cloud…
-
Why AI-Driven Arms Race Needs Better Threat Intelligence
TrendAI’s Tom Kellermann on Defending Against Agentic Attacks, APT Collaboration. AI-driven threats now operate with speed, scale and persistence. Defenders need expanded telemetry, a global research team and an advanced XDR platform to predict and suppress adversaries defenders, said Tom Kellermann, vice president of AI security and threat intelligence at TrendAI. First seen on govinfosecurity.com…
-
Fünf Gründe gegen isolierten Endpunktschutz – Warum EDR im Zeitalter von KI-Angriffen versagt
First seen on security-insider.de Jump to article: www.security-insider.de/edr-endpunktschutz-ki-angriffe-versagt-a-e39cd1af1cadfeed156d38788e57ea67/
-
Payouts King Emerges: New Ransomware Operation Tied to Ex-BlackBasta Members
Payouts King is emerging as a technically sophisticated ransomware operation believed to be run by former BlackBasta affiliates, reusing their social”‘engineering playbook while introducing hardened obfuscation and encryption routines. The group focuses on high”‘value data theft and selective encryption, leveraging strong cryptography and extensive evasion to stay ahead of antivirus and EDR tools. BlackBasta, itself…
-
Microsoft’s Windows Recall still allows silent data extraction
Exploitation risk: The barrier to weaponizing this technique is lower than Microsoft’s security messaging would suggest, Hagenah said.”They only need code running in the user’s context and a way to reuse the authorized Recall session,” he said. “That is a much lower bar than many people would assume from Microsoft’s security messaging.”While Recall’s limitation to…