Collecting Cyber-News from over 60 sources

Tag: endpoint

Attackers Use AI to Automate EDR Evasion Testing

Jun 4, 2026 12:43 AM

Tags: ai, crowdstrike, detection, edr, endpoint, malware, sophos, windows

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/attackers-automate-edr-evasion-testing
Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise

Jun 3, 2026 1:42 PM

Tags: ai, cyber, detection, endpoint, exploit, framework, hacker, malicious, sophos, threat, tool

A threat campaign in which attackers leveraged AI-powered tools to streamline Active Directory (AD) compromise and accelerate endpoint detection and response (EDR) evasion testing. The activity, observed on June 2, 2026, was triggered by suspicious files originating from the path C:\Users\User\Documents\test. Sophos investigation revealed a collection of malicious components forming a structured post-exploitation framework designed to…
AI-built ransomware toolkit automates EDR evasion, AD discovery

Jun 2, 2026 10:42 PM

Tags: ai, attack, detection, edr, endpoint, ransomware, threat

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
AI-built ransomware toolkit automates EDR evasion, AD discovery

Jun 2, 2026 10:42 PM

Tags: ai, attack, detection, edr, endpoint, ransomware, threat

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/
(g+) Echtzeitüberwachung: Endpoint Security neu gedacht

Jun 2, 2026 2:42 PM

Tags: detection, endpoint

Endpoint-Detection-and-Response-Systeme werden zum Kern moderner Security Operations. Sie überwachen Prozesse, Identitäten und Verhalten in Echtzeit. First seen on golem.de Jump to article: www.golem.de/news/echtzeitueberwachung-endpoint-security-neu-gedacht-2606-209271.html
How Leading Organizations Are Turning EDR Into Operational Resilience

Jun 2, 2026 1:42 PM

Tags: attack, control, detection, edr, endpoint, resilience

Most organizations now recognize that endpoint protection alone is no longer sufficient.That’s why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require continuous visibility into suspicious activity across the environment.But owning EDR First seen on thehackernews.com Jump to…
Sophos uncovers AI-powered malware lab built for EDR evasion

Jun 2, 2026 12:42 PM

Tags: ai, detection, edr, endpoint, framework, malware, sophos, threat

A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/
Attackers Exploit Docker, Kubernetes Misconfigs to Breach Hosts

Jun 1, 2026 4:42 PM

Tags: api, breach, cloud, container, cyber, docker, endpoint, exploit, infrastructure, kubernetes, service, threat

Attackers are increasingly targeting Docker and Kubernetes environments by exploiting misconfigurations, weak isolation boundaries, and insecure APIs to compromise host systems and entire clusters. As containerization becomes the backbone of modern cloud infrastructure, threat actors are shifting focus from traditional endpoints to container ecosystems, where a single weakness can expose critical services at scale. A…
Iranian Hackers Hijack AppDomainManager to Bypass EDR

Jun 1, 2026 1:42 PM

Tags: cyber, detection, edr, endpoint, group, hacker, iran, jobs, malicious, tool

Iran-linked hackers have upgraded their tradecraft by using AppDomainManager hijacking in .NET applications to turn off security telemetry before malicious code fully starts, making endpoint detection and response tools much harder to spot the attack. The campaign, attributed to the Iran-nexus group Screening Serpens, pairs this technique with DLL sideloading, fake job lures, and staged…
Microsoft Defender can now automatically isolate hacked endpoints

May 26, 2026 3:00 PM

Tags: endpoint, microsoft

Microsoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers’ attempts to move laterally across the network. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-now-automatically-isolate-hacked-endpoints/
Hackers Use CypherLoc Kit to Push Fake Microsoft Support Scams

May 25, 2026 8:01 AM

Tags: cyber, endpoint, hacker, microsoft, phishing, scam

CypherLoc is a sophisticated browser-lock scareware designed to drive victims to fraudulent tech support calls. It evades scanners and sandboxes by executing in an encrypted, condition-based manner inside the browser. Security teams should have robust anti-phishing, browser, and endpoint protections and prioritize user education. Since the start of 2026, Barracuda researchers have observed around 2.8 million…
PDQ Connect Adds MSP Tools for Endpoint Management

May 22, 2026 10:00 PM

Tags: endpoint, msp, tool

First seen on scworld.com Jump to article: www.scworld.com/news/pdq-connect-adds-msp-tools-for-endpoint-management
New GhostTree Attack Causes EDR Tools to Hang, Leaving Files Unscanned

May 21, 2026 8:00 AM

Tags: attack, cyber, detection, edr, endpoint, threat, tool, windows

A newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Threat Labs, abuses NTFS junctions to create recursive directory structures that can cause security tools to hang indefinitely. New…
UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware

May 19, 2026 4:00 PM

Tags: access, cyber, endpoint, malware, military, network, ukraine

UAC-0184 uses a multi”‘stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLauncher.exe and PassMark Endpoint to gain stealthy network access on Ukrainian military networks. CERT”‘UA reporting through 20242025 highlights a focus on accounts belonging to the Armed Forces of Ukraine,…
Why the best security investment a board can make in 2026 isn’t another tool

May 18, 2026 12:00 PM

Tags: access, ai, api, attack, automation, breach, cloud, credentials, data, detection, endpoint, governance, monitoring, network, risk, service, technology, tool

Attackers don’t break through your defenses. They walk between them: The most effective attacks today don’t target any single tool’s coverage area. They move through the seams. An attacker who compromises a valid credential doesn’t trigger endpoint detection. An attacker who moves from one cloud service to another using legitimate trust relationships doesn’t trip network…
Critical Marimo RCE Flaw Could Let Attackers Execute Malicious Code Remotely

May 18, 2026 12:00 PM

Tags: cyber, cybersecurity, endpoint, flaw, framework, infrastructure, malicious, rce, remote-code-execution, vulnerability

A newly disclosed critical vulnerability in the Marimo Python notebook framework is raising serious alarms across the cybersecurity community, as it allows attackers to execute arbitrary commands remotely, without authentication. Tracked as CVE-2026-39987, the flaw exposes a WebSocket endpoint that can be abused to spawn a system-level shell, potentially leading to full infrastructure compromise. Marimo RCE…
When ransomware hits, confidence doesn’t restore endpoints

May 18, 2026 7:01 AM

Tags: compliance, endpoint, ransomware, software, supply-chain, threat, vulnerability

Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/18/absolute-security-cisos-ransomware-pressure-report/
IT-Netzwerke zwischen Cyberbedrohungen und Regulatorik – So geht Automatisierung beim Unified Endpoint Management

May 15, 2026 1:00 PM

Tags: endpoint

First seen on security-insider.de Jump to article: www.security-insider.de/so-geht-automatisierung-beim-unified-endpoint-management-a-83de467b940525debb2896ac738c015a/
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
AI agent finds 18-year-old remote code execution flaw in Nginx

May 15, 2026 5:00 AM

Tags: ai, api, application-security, cve, cvss, data, dos, endpoint, exploit, flaw, github, leak, mitigation, network, open-source, remote-code-execution, risk, service, technology, update, vulnerability, waf

ngx_http_rewrite_module, a component that handles URL rewrites, and impacts Nginx versions from 0.6.27 to 1.30.0. The issue has been given a 9.2 CVSS severity score and was patched in versions 1.31.0 and 1.30.1.The commercial product, Nginx Plus, owned and developed by network and application security firm F5, is also vulnerable, and received patches in versions…
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

May 14, 2026 3:00 PM

Tags: authentication, cve, endpoint, exploit, framework, open-source, threat, vulnerability

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure.The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the First seen on…
Microsoft Research: AI Can Generate Realistic Command-Line and Process Telemetry

May 14, 2026 1:00 PM

Tags: ai, attack, cloud, cyber, cybersecurity, data, detection, endpoint, incident response, intelligence, microsoft, risk, threat

A new approach showing how artificial intelligence can generate highly realistic command-line data and process telemetry potentially transforming how security teams build and test threat detection systems. Logs and telemetry form modern cybersecurity risk, powering threat detection, incident response, and forensic investigations across endpoints and cloud environments. However, collecting high-quality attack telemetry remains a persistent…
BlackBerry doubles down on secure communications

May 14, 2026 12:01 PM

Tags: ai, communications, cryptography, encryption, endpoint, infrastructure, military, threat

Having sold its Cylance endpoint security portfolio to Arctic Wolf, the former smartphone pioneer is doubling down on military-grade encryption and post-quantum cryptography to shield critical infrastructure from AI-driven threats First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643081/BlackBerry-doubles-down-on-secure-communications
Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker

May 14, 2026 11:00 AM

Tags: botnet, cisa, cve, cyber, endpoint, exploit, kev, remote-code-execution, vulnerability

Langflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS keys and join a NATS-backed botnet-style worker pool dubbed “KeyHunter.” The vulnerability, now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, affects Langflow public flow-building endpoint and allows arbitrary Python execution without…
Developer workstations are the new beachhead

May 12, 2026 1:18 PM

Tags: access, application-security, attack, authentication, cloud, container, control, credentials, edr, endpoint, exploit, github, group, Hardware, identity, incident response, infrastructure, malware, mfa, monitoring, network, software, supply-chain, threat, update

The economics that drive the convergence: A typical developer workstation holds SSH keys, cloud provider credentials, container registry tokens, Git authentication tokens and CI/CD pipeline secrets. Many developers have administrative access to internal package registries and deployment infrastructure. Their machines often sit outside the hardened perimeter that security teams build around production systems.From an attacker’s…
AI security is repeating endpoint security’s biggest mistake

May 11, 2026 5:20 PM

Tags: access, ai, api, automation, business, control, data, detection, edr, endpoint, governance, incident response, injection, LLM, monitoring, open-source, radius, risk, saas, sbom, soc, strategy, technology, threat, tool, update

Most AI security is still at the posture phase: Look at where most organizations are with AI security today. Model cards, AI-specific SBOMs, input and output filters, prompt injection guardrails and access controls around model APIs. These are valuable controls, but they reflect a posture-based approach. To truly enhance security, organizations must recognize the importance…
Rustinel: Open-source endpoint detection for Windows and Linux

May 11, 2026 5:20 PM

Tags: detection, endpoint, linux, open-source, tool, windows

Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/11/rustinel-open-source-endpoint-detection-windows-linux/
New infosec products of the week: May 8, 2026

May 8, 2026 6:48 AM

Tags: ai, endpoint, infosec, tool

Here’s a look at the most interesting products from the past week LastPass, Operant AI, Sysdig, and VIAVI. Operant AI Endpoint Protector secures AI agents and MCP tools … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/08/new-infosec-products-of-the-week-may-8-2026/
Ivanti customers confront yet another actively exploited zero-day

May 8, 2026 12:48 AM

Tags: endpoint, exploit, ivanti, mobile, network, zero-day

Attackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-epmm-zero-day-vulnerability-exploited/