Tag: edr

Microsoft develops a new scanner to detect hidden backdoors in LLMs

Feb 5, 2026 12:14 PM

Tags: ai, backdoor, ceo, computing, detection, edr, hacker, LLM, microsoft, open-source, software, supply-chain, virus

Effectiveness of the scanner: Microsoft said the scanner does not require retraining models or prior knowledge of backdoor behavior and operates using forward passes only, avoiding gradient calculations or backpropagation to keep computing costs low.The company also said it works with most causal, GPT-style language models and can be used across a wide range of…
EDR killer tool uses signed kernel driver from forensic software

Feb 4, 2026 4:13 PM

Tags: edr, hacker, software, tool

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/
Interlock Ransomware Exploits Zero-Day in Gaming Anti-Cheat Driver to Disable EDR, AV

Feb 4, 2026 1:13 PM

Tags: cyber, defense, edr, endpoint, exploit, flaw, ransomware, tool, zero-day

Interlock ransomware operators have been observed using a new process”‘killing tool that abuses a zero”‘day flaw in a gaming anti”‘cheat kernel driver to try to shut down endpoint defenses (EDR/AV). The activity was documented during an intrusion against a North Americabased education organization and shows Interlock continuing to evolve its internal tooling rather than relying…
Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack

Feb 3, 2026 1:13 PM

Tags: access, ai, apt, attack, backdoor, china, control, cybersecurity, detection, edr, email, espionage, exploit, framework, government, group, incident response, infrastructure, malicious, malware, microsoft, network, software, supply-chain, tool, update

Rapid7 identifies custom malware: Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.”Forensic analysis conducted by the MDR team suggests that the…
Swarmer Tool Abuses Windows Registry to Evade Detection and Persist on Systems

Jan 29, 2026 4:26 PM

Tags: access, cyber, defense, detection, edr, endpoint, exploit, infrastructure, monitoring, tool, windows

Swarmer, a sophisticated tool designed to manipulate Windows registry hives while bypassing endpoint detection systems. The tool exploits legacy Windows infrastructure to achieve persistent access without triggering traditional EDR monitoring systems that typically flag direct registry modifications. Endpoint Detection and Response (EDR) solutions have significantly hardened defenses against conventional registry persistence techniques. Classic methods using…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Jan 25, 2026 4:18 PM

Tags: ai, edr, exploit, international, malware, pypi

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Jan 25, 2026 4:18 PM

Tags: ai, edr, exploit, international, malware, pypi

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]…
PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion

Jan 20, 2026 11:25 PM

Tags: edr, exploit, malware, network, ransomware, social-engineering, threat

Threat actors use PDFSIDER malware with social engineering and DLL sideloading to bypass AV/EDR, and ransomware gangs already abuse it. Resecurity has learned about PDFSIDER during an investigation of a network intrusion attempt that was successfully prevented by a Fortune 100 energy corporation. The threat actor contacted their staff, impersonating technical support, and used social…
Thales named Growth Index leader in Frost Radar: Data Security Platforms Report

Jan 20, 2026 2:13 PM

Tags: access, ai, business, cloud, compliance, container, control, data, defense, detection, edr, encryption, endpoint, governance, identity, intelligence, LLM, monitoring, risk, saas, service, siem, soc, technology, tool

Thales named Growth Index leader in Frost Radar: Data Security Platforms Report madhav Tue, 01/20/2026 – 04:29 Data has always been the backbone of enterprise operations, but the rise of cloud, big data, and GenAI has multiplied its value and, with it, the motivation for attackers. In parallel, regulatory expectations are increasing and evolving. The…
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses

Jan 19, 2026 10:13 AM

Tags: access, antivirus, backdoor, control, cyber, defense, detection, edr, endpoint, exploit, infection, malware, phishing, spear-phishing, threat

Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat demonstrates advanced persistent threat (APT) tradecraft, combining evasion mechanisms with encrypted command-and-control capabilities to maintain covert access on compromised systems. PDFSIDER’s infection chain originates through spear-phishing campaigns delivering ZIP archives containing…
PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion

Jan 18, 2026 4:14 PM

Tags: edr, exploit, malware

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/pdfsider-malware-exploitation-of-dll-side-loading-for-av-and-edr-evasion
Top 10 vendors for AI-enabled security, according to CISOs

Jan 13, 2026 9:01 AM

Tags: access, ai, api, attack, automation, business, ceo, cisco, ciso, cloud, container, crowdstrike, cybersecurity, data, detection, edr, email, encryption, endpoint, firewall, gartner, google, governance, group, ibm, identity, incident response, intelligence, jobs, mandiant, microsoft, monitoring, network, openai, phishing, ransomware, risk, risk-assessment, service, siem, soar, soc, social-engineering, software, startup, technology, threat, tool, vmware, vulnerability, waf, zero-trust

2. Microsoft: Why they’re here: Similar to Cisco, Microsoft is embedded in virtually every enterprise, and is also a vendor that has marshalled its considerable resources to build an AI-powered security ecosystem. The platform includes Microsoft Defender for securing cloud environments, Microsoft Sentinel for cloud-native SIEM, Microsoft Purview for data governance, Microsoft Intune for endpoint…
EDRStartupHinder: Blocks Antivirus EDR at Windows 11 25H2 Startup (Defender Included)

Jan 12, 2026 7:01 AM

Tags: antivirus, api, cyber, cybersecurity, detection, edr, endpoint, exploit, microsoft, software, startup, tool, windows

A cybersecurity researcher has unveiled EDRStartupHinder, a proof-of-concept tool that prevents antivirus and endpoint detection and response (EDR) solutions from launching during Windows startup, including Microsoft Defender on Windows 11 25H2. The technique exploits Windows Bindlink API functionality through the bindflt.sys driver to interfere with security software initialization. The tool builds on previous research into Bindlink…
Why FIM Add-Ons Aren’t Integrity Monitoring ( Why EDR Still Isn’t Enough)

Jan 8, 2026 11:01 PM

Tags: edr, endpoint, malicious, monitoring

<div cla If you are running a strong EDR platform, you’re doing something right. EDR is essential. It’s great at detecting and responding to malicious activity: suspicious processes, behaviors, lateral movement, and indicators of compromise. But here’s the uncomfortable truth: EDR does not tell you, with certainty, whether your systems are still in a known and…
Cybersecurity Awareness: Why Centralized Monitoring Is No Longer Optional

Jan 5, 2026 10:52 PM

Tags: awareness, business, cloud, cybersecurity, edr, firewall, monitoring, tool, waf

In today’s digital world, cybersecurity is no longer just an IT problem, it is a business survival requirement. Organizations are deploying multiple tools such as firewalls, EDR, databases, operating systems, cloud platforms, WAFs, proxies, and more. However, simply deploying tools does not guarantee security. What truly matters is how effectively you monitor, correlate, and respond…
From tech sprawl to clarity with XDR

Jan 5, 2026 11:52 AM

Tags: detection, edr, endpoint

For organizations struggling with tech sprawl or alert fatigue, Cortex XDR offers a way to automate detection and response and adopt a more consolidated approach to endpoint security — without the wholesale replacement of your tech stack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/from-tech-sprawl-to-clarity-with-xdr/808081/
Cisco XDR in 30: Turning Security Signals Into Confident Action

Jan 2, 2026 9:52 PM

Tags: cisco, edr, network, threat

How network-led Cisco XDR helps teams see threats clearly and respond faster First seen on theregister.com Jump to article: www.theregister.com/2026/01/02/cisco-xdr-in-30/
NtKiller Malware Advertised on Dark Web With Claims of Antivirus and EDR Bypass

Dec 24, 2025 7:19 PM

Tags: access, antivirus, cyber, cybercrime, dark-web, detection, edr, endpoint, malware, ransomware, threat, tool

A new and sophisticated defensive evasion tool dubbed >>NtKillerAlphaGhoul.
2025 Year in Review at Cloud Security Podcast by Google

Dec 22, 2025 9:19 PM

Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust

(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
Singularity Linux Kernel Rootkit with klogctl Detection Evasion

Dec 17, 2025 9:19 PM

Tags: cyber, detection, edr, linux

Singularity, a stealth-focused Linux Kernel Module (LKM) rootkit targeting modern 6.x kernels, has added a powerful log”evasion capability that prevents its detection through traditional kernel logging interfaces such as klogctl. Designed as a “final boss” rootkit for defenders, Singularity notes deep kernel hooking, advanced log sanitization, and EDR evasion techniques to stay invisible on compromised systems.…
Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks

Dec 17, 2025 7:19 PM

Tags: detection, edr, malware, tool, windows

A new Moonwalk++ proof-of-concept (PoC) shows how malware can spoof Windows call stacks while staying encrypted in memory, bypassing modern EDR detection. The research highlights blind spots in stack-based telemetry increasingly relied on by enterprise defenders. “Public detection tools fail entirely to recognize the call stack tampering,” said the researcher. Moonwalk++ Shows the Limits of…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
Storm-0249: EDR Process Sideloading to Conceal Malicious Activity

Dec 15, 2025 9:19 AM

Tags: access, cyber, defense, detection, edr, endpoint, group, malicious, phishing, risk, threat

Initial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes through sideloading techniques to conceal malicious activity as routine security operations. This represents a significant escalation in the group’s capabilities and poses a critical risk to organizations relying on traditional defense…
Storm-0249: EDR Process Sideloading to Conceal Malicious Activity

Dec 15, 2025 9:19 AM

Tags: access, cyber, defense, detection, edr, endpoint, group, malicious, phishing, risk, threat

Initial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes through sideloading techniques to conceal malicious activity as routine security operations. This represents a significant escalation in the group’s capabilities and poses a critical risk to organizations relying on traditional defense…
Storm-0249 Abuses EDR Processes in Stealthy Attacks

Dec 10, 2025 11:32 PM

Tags: access, attack, detection, edr, endpoint, windows

The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/storm-0249-edr-processes-stealthy-attacks
2025 Year of Browser Bugs Recap:

Dec 10, 2025 8:33 PM

Tags: access, ai, api, attack, authentication, awareness, browser, cctv, chrome, cloud, communications, computer, credentials, crypto, cyber, data, data-breach, detection, edr, email, endpoint, exploit, flaw, gartner, google, guide, identity, injection, leak, login, malicious, malware, network, openai, passkey, password, phishing, ransom, ransomware, risk, saas, service, threat, tool, update, vulnerability, windows, xss, zero-day

At the beginning of this year, we launched the Year of Browser Bugs (YOBB) project, a commitment to research and share critical architectural vulnerabilities in the browser. Inspired by the iconic Months of Bugs tradition in the 2000s, YOBB was started with a similar purpose”Š”, “Što drive awareness and discussion around key security gaps and…
Polymorphic AI malware exists, but it’s not what you think

Dec 10, 2025 8:32 AM

Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, tool

what the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
Polymorphic AI malware exists, but it’s not what you think

Dec 10, 2025 8:32 AM

Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, tool

what the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…