Tag: endpoint security
30 articles

AI Coding Agents Trigger Endpoint Security Rules Meant for Attackers
In a surprising twist, over half of the blocked activity detected by Sophos in June 2026 came from developer coding assistants, not hackers, triggering endpoint security rules meant to catch malicious actors. This unexpected behavior highlights the need for a closer look at the intersection of AI-powered coding tools and cybersecurity protocols.

macOS Flaw Enables Users to Disable EDR, MDM Tools
A security flaw in macOS has been discovered that allows users to quietly disable crucial enterprise security tools, including EDR and MDM, without needing administrator privileges. This gap in endpoint security models could leave businesses vulnerable to attacks.

Gentlemen Ransomware Targets EDR Defenses With Suite of Killers
Meet GentleKiller, a powerful tool used by Gentlemen ransomware to disable EDR defenses by targeting over 400 processes from 48 security vendors, allowing for smooth data theft and encryption. This sneaky utility relies on the bring your own vulnerable driver (BYOVD) technique to outsmart security engines.

Security Insider Exposes New Hire's Chaotic Tactics
A security insider recounts a tense confrontation with a new colleague over a departing workstation, revealing a chaotic approach to security protocols. The staffer's casual exit with a PC under their arm sparks a heated debate about data safety and responsibility.

Threat Actor Leverages AI to Craft EDR Evasion Tools
Sophos X-Ops stumbled upon a secret laboratory while investigating a routine endpoint alert, uncovering a trove of AI-powered tools designed to sneak past modern EDR agents. The surprising discovery revealed a sophisticated operation using partly AI-generated Python scripts to craft evasive tools.

Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware
Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

Microsoft Defender Automatically Isolates Hacked Endpoints
Microsoft Defender for Endpoint just got a major boost with its new automatic isolation feature, which swiftly isolates compromised devices to prevent attackers from wreaking havoc on your organization. This cutting-edge capability is part of Microsoft's automatic attack disruption feature, designed to contain threats and give security teams more time to respond.

Microsoft Introduces Automated Windows Driver Rollback Feature
Microsoft's new Cloud-Initiated Driver Recovery feature lets them swiftly roll back faulty Windows drivers, so you don't have to - no more manual uninstalls or waiting for an updated driver from the hardware partner. This means your device can quickly get back on track with a reliable driver.

CISA Mandates Patching of Ivanti Flaw Exploited in Zero-Day Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) is requiring immediate patching of a high-risk Ivanti flaw, CVE-2026-6973, that allows attackers with admin privileges to remotely execute code on vulnerable systems. This critical vulnerability affects Ivanti Endpoint Manager Mobile (EPMM) version 12.8.0.0 and earlier.

MacOS Attacks Evolve, Exploiting Native Tools for Stealth
As macOS use surges in enterprise environments, accounting for over 45% of organizations, attackers are getting creative - exploiting native tools like Remote Application Scripting, Terminal, and AppleScript to stealthily run code, move undetected, and evade security measures. Cisco Talos warns that these tactics allow hackers to issue malicious instructions across processes and systems without triggering conventional monitoring.

Ransomware Exploits QEMU VMs to Evade Endpoint Security
Malicious software can now secretly launch a virtual machine inside your computer, allowing it to evade detection and phone home to its operator - a chilling new tactic that exposes weaknesses in traditional endpoint defenses. This stealthy approach, recently spotted in the Payouts King ransomware, uses the QEMU emulator to create a hidden virtual machine and bypass security measures.

Artemis Secures $70M to Deploy AI Agents Against Cyber Threats
Meet Artemis, a game-changing startup that's using AI agents to revolutionize the way organizations detect and investigate cyber threats - and they've just secured $70 million in funding to make it happen. By ditching outdated security systems, Artemis is pioneering a bold new approach to threat detection with AI-driven agents that span cloud, identity, and endpoints.

Malware Abuses Signed Software to Disable Antivirus Protections
Thousands of vulnerable endpoints across schools, utilities, governments, and hospitals have fallen prey to a sneaky malware that masquerades as legitimate software, only to disable antivirus protections and wreak havoc with SYSTEM-level privileges. This stealthy attack has left countless organizations defenseless against further threats.

Adware Operation Neutralizes Antivirus on 23,000 Hosts via Signed Updates
Imagine receiving a routine software update that secretly disables your antivirus protection, leaving you vulnerable to cyber threats - that's exactly what happened to 23,000 hosts in a shocking adware operation. Hackers cleverly used signed updates to deliver payloads that neutralized antivirus defenses, putting thousands of systems at risk.

CISA Mandates Emergency Patch for Exploited Ivanti EPMM Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert, ordering US government agencies to patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) within just four days, as the flaw has been under active exploitation since January. With a Sunday deadline looming, federal IT teams are racing against the clock to secure systems and prevent further attacks.

Fortinet Rushes Patch for Exploited FortiClient EMS Vulnerability
Fortinet has rushed out an emergency patch for a zero-day vulnerability in its FortiClient EMS product, which was being exploited by attackers before the fix was even available. This swift response aims to protect businesses from potential security breaches through its endpoint security clients.

Ransomware Actors Exploit Vulnerable Drivers to Evade EDR Tools
Ransomware operators are outsmarting defenders by exploiting vulnerable drivers to evade detection by endpoint security tools, with recent attacks disabling over 300 security products. This clever tactic allows hackers to silence security defenses and wreak havoc on networks.

Fortinet Rushes Patch for Exploited EMS Flaw
When the very tool designed to safeguard your network becomes a vulnerability, swift action is crucial - and that's exactly what Fortinet took by issuing an emergency security update over a weekend to patch a critical flaw in FortiClient Enterprise Management Server (EMS) that's being actively exploited by attackers. This out-of-the-usual-cycle patch underscores the urgency to protect your organization from prolonged exposure to potential threats.

Fortinet Fixes Exploited Flaw in FortiClient EMS Software
Fortinet has urgently patched a critical vulnerability in its FortiClient EMS software, which had already been exploited in the wild, to prevent further security breaches. The flaw, tracked as CVE-2026-35616, allows for pre-authentication API access bypass and privilege escalation, posing a significant threat to endpoint security.

Hackers Exploit TrueConf Flaw to Deploy Malicious Updates
Imagine the video conferencing platform you rely on to connect with your team being turned against you, allowing hackers to spread malicious software to everyone in the room. A recently discovered zero-day flaw in TrueConf's update mechanism has been exploited by threat actors to deliver and execute malicious files on connected devices.

ThreatsDay Bulletin: Exclusive Critical Privacy Alert
This ThreatsDay Bulletin exposes how routine vulnerabilities — from invasive camera malware to flawed archival tools — are being combined into faster, stealthier, and deeply personal attacks. Learn why a missed patch or forgotten camera permission can open the door to surveillance and what to do before it’s too late.

Endpoint Security: Exclusive 2025 Lessons, Best 2026 Moves
Endpoint Security got personal in 2025: attackers used smartphones, tablets and unmanaged devices as easy backdoors while AI supercharged phishing and exploit automation. This post distills the must-know lessons for federal IT—clear steps to inventory devices, prioritize patches, and build layered defenses heading into 2026.

CrowdStrike Stunning SGNL Deal Offers Best Identity Shield
CrowdStrike’s $740M acquisition of SGNL flips identity security from login to continuous authorization—pairing SGNL’s real‑time identity signals with CrowdStrike’s telemetry to fix identity hygiene and curb misuse by service accounts, machine IDs and AI agents. It’s a decisive bet that identity, not just authentication, is the new frontline of cyber defense.

PlushDaemon Exclusive: Dangerous New Spy Malware
Exclusive: PlushDaemon malware is a stealthy new spy quietly siphoning personal data — learn how it works, whos at risk, and easy steps you can take to protect yourself.