Stay ahead of threats with the latest on evasion techniques in infosec. Insights on how attackers bypass defenses and updates on countermeasures.
Search across headline titles and summaries.
Background for this topic.
Evasion is a technique used in cybersecurity to bypass detection by security systems. This approach involves altering or disguising malicious activities to avoid triggering alarms or being caught by intrusion detection systems, antivirus software, or other security solutions. In the context of information security, evasion techniques might include obfuscating code, encrypting payloads, exploiting legitimate processes, or using polymorphic malware that changes its identifiable features to prevent signature-based detection.
Attackers employ evasion to remain undetected within a network or system for as long as possible, ensuring their malicious operations can continue without interruption. Effective evasion can result in significant security breaches, data theft, or system damage before defenders become aware of the intrusion. Consequently, understanding and mitigating evasion tactics are critical components of a robust cybersecurity defense strategy.
Weekly headline count for the current query.
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]
A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds
Most organizations now recognize that endpoint protection alone is no longer sufficient
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its ambitions, the threat actor has been tied to some of the most audacious financial heists in recent memory, draining hundreds of millions from cryptocurrency exchanges and […]
Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections.
A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research
Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far.
Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. [...]
The Amazon Simple Email Service (SES) is being increasingly abused, a cybersecurity company's telemetry data shows, to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. [...]
Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials
Threat actors are now publishing structured OPSEC playbooks to stay undetected. Flare reveals how these guides outline layered infrastructure, identity separation, and long-term evasion strategies. [...]
The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale proxy networks of hijacked consumer devices to evade detection and disguise their malicious activity. [...]
UPGRADE and DigiSeals Programs at ARPA-H Remain Fully FundedA U.S. federal grant effort to develop autonomous medical device patching platforms for hospitals evaded the budget-cutting knife of the Trump administration. Program boosters hope to automate cyber defenses so that hospitals of any size can more quickly patch vulnerabilities.
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. [...]
Prolific Threat Actor Focused on Using Malware to Facilitate Cargo TheftCargo-stealing hackers have a new trick up their sleeve: using a third-party code-signing service makes their remote management and monitoring software installers appear to be legitimate. Who's providing this signing service isn't clear. It's probably distributed by word of mouth.
When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filters and keep it all on the down-low.