GentleKiller Framework Disables Victims' Security Software
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
Explore the latest frameworks in information security. Stay updated on guidelines to protect your digital assets and ensure data privacy.
Search across headline titles and summaries.
Background for this topic.
A security framework is an organized set of principles, practices, and controls for managing information and technology risk. Frameworks such as the NIST Cybersecurity Framework, ISO/IEC 27001, and COBIT help organizations structure activities including identifying assets and risks, protecting systems, detecting events, responding to incidents, and recovering operations. They are reference models rather than automatically effective security programs: an organization must select and implement measures appropriate to its systems, threats, and risk tolerance.
Practitioners use frameworks to assign responsibilities, prioritize vulnerability remediation, assess suppliers and cloud services, and document why particular controls are in place. They also provide a common vocabulary for audits, regulatory or contractual evidence, and measuring improvement over time. News under this tag may concern revisions to framework requirements, mappings between frameworks, assessment findings, or failures caused by treating a framework checklist as proof that controls work. A framework can guide governance and security operations, but it does not replace technical testing, continuous monitoring, or judgment about specific attack surfaces.
Weekly headline count for the current query.
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
The OWASP agentic AI security framework helps organizations assess governance maturity vs adoption and adjust governance as needed
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds
DKnife is a Chinese made malware framework that targets Chinese-based users
PeckBirdy command-and-control framework targeting gambling, government sectors in Asia since 2023 has been linked to China-aligned APTs
2 security vulnerabilities in the Chainlit framework expose risks from web flaws in AI applications
Detected by Check Point researchers, VoidLink is a sophisticated malware framework that can be used to implant malware in the most common cloud environments
Researchers at Palo Alto’s Unit 42 have outlined a list of recommended security controls for vibe coding tools
The GhostFrame phishing framework, using stealthy iframes, was linked to over 1 million attacks
A major US real estate firm has been targeted with an advanced intrusion attempt using Tuoni C2, combining social engineering, steganography and in-memory attacks
Cybercriminals are abusing AdaptixC2, a legitimate emulation framework, in ransomware campaigns
An ongoing malware campaign has been observed using malvertising to deliver PS1Bot, a PowerShell-based framework
The UK’s National Cyber Security Centre has released the Cyber Assessment Framework 4.0
MITRE has introduced AADAPT framework, a new cybersecurity framework aimed at mitigating risks in digital financial systems like cryptocurrency
The threat actor used a combination of open-source and publicly available tools to establish their attack framework
The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets
The UNIDR Intrusion Path is designed to provide a simplified view of cyber-threats and security across the network perimeter
A new AI-powered framework dubbed “AkiraBot” has successfully spammed 80,000 websites since September 2024
A new phishing campaign has been identified using Havoc to control infected systems, leveraging SharePoint and Microsoft Graph API
OpenSSF has released new baseline security best practices to improve open source software quality