Attackers Use AI to Automate EDR Evasion Testing
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday. The coordinated effort involved the simultaneous takedown of four attacker-controlled servers that were designed to […] The post CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain appeared first on CyberScoop.
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition
Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.
PSA: Only accept updates via official channels ... ironically enough CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop's threat intel team, which spotted the scam just days after the Falcon sensor update fiasco.…
Phishing and fraud surges during any national news story. This time though, the activity is both more voluminous and more targeted.
'In the short term, they're going to have to do a lot of groveling' Analysis The great irony of the CrowdStrike fiasco is that a cybersecurity company caused the exact sort of massive global outage it was supposed to prevent. And it all started with an effort to make life more difficult for criminals and their malware, with an update to its endpoint detection and response tool Falcon.…
How could this happen to us? We were supposed to be two versions behind? If administrators have learned anything from the CrowdStrike chaos, it's to understand exactly what delayed updates mean – or don't mean – in the anti-malware world.…
Latest trend follows various malware campaigns that began just hours after IT calamity Thousands of typosquatting domains are now registered to exploit the desperation of IT admins still struggling to recover from last week's CrowdStrike outage, researchers say.…
Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix
A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023
New CrowdStrike Falcon platform integration delivers multi-cloud visibility and protection of data assets with layered malware detection and file scanning to stop modern attacks.
Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software
A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor
IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.
LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign
A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host
CrowdStrike report warns that threat actors are getting smarter at evasion