Stay informed on the latest in Endpoint Detection & Response (EDR): Expert insights, attack prevention, and advanced threat management solutions.
Search across headline titles and summaries.
Background for this topic.
Within the context of information security, EDR platforms operate by continuously monitoring endpoint and network events and recording this information in a central database where it can be further analyzed. They leverage various detection methods, such as behavioral analysis and anomaly detection, to identify suspicious activities that may indicate a compromise or an attack in progress. Once a threat is detected, EDR tools enable security teams to quickly contain the incident and mitigate the risk to prevent further damage or data loss.
Moreover, EDR systems provide investigative capabilities, allowing security teams to search historical data for indicators of compromise (IoCs) to understand the scope and impact of a threat. This retrospective analysis assists in revealing the root cause of the breach and in enhancing the organization's security posture to prevent similar incidents in the future. By delivering continuous visibility across all endpoints and offering tools for active incident response, EDR plays a vital role in modern cybersecurity strategies.
Weekly headline count for the current query.
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]
A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds
Most organizations now recognize that endpoint protection alone is no longer sufficient
Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how
BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. [...]
A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. [...]
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.…
A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.
As Innovation Sandbox Turns 21, AI-Based Solutions Dominate Annual ContestNext month in San Francisco, the Innovation Sandbox at RSAC Conference will celebrate its 21st year of choosing key emerging solutions in cybersecurity. Past winners and finalists range from EDR and XDR giant SentinelOne in 2014 to cloud security phenom Wiz in 2021.
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself
Many modern attacks happen entirely inside the browser, leaving little evidence for traditional security tools. Keep Aware shows why EDR, email, and SASE miss browser-only attacks and how visibility changes prevention. [...]
The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it.
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. [...]
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.