Ransomware groups are advancing beyond traditional methods, employing sophisticated techniques to disable EDR systems. Stay informed to protect your organization. #CyberSecurity #Ransomware #EDREvasion Link: thedailytechfeed.com/ransomware-g...

New ‘BlackSanta’ EDR killer spotted targeting HR departments For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.

New BlackSanta EDR-killer malware is targeting HR departments — attackers are aiming where data and trust intersect. Even people teams are now frontline targets. 🎯💀 #EDREvasion #SocialEngineering

www.bleepingcomputer.com/news/securit...

EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State The article presents EDR-Freeze, a user-mode tool exploiting Windows Error Reporting to suspend EDR and antivirus processes by abusing MiniDumpWriteDump and WerFaultSecure, leaving security agents in a “coma” and creating a blind spot for attacks.

Original text by Two Seven One Three (@TwoSevenOneT) / X


I. #AntivirusFreeze #EDRBypass #EDREvasion #EDRFreeze #EndpointSecurity #MiniDumpWriteDump #RaceCondition #RedTeam #UserModeExploit #WerFaultSecure #WerFaultSecureWindowsErrorReporting
core-jmp.org/2026/02/edr-...

Discover how the new Swarmer tool evades EDR by stealthily modifying Windows registry for persistence. Stay informed and protect your systems. #CyberSecurity #EDREvasion #WindowsSecurity Link: thedailytechfeed.com/new-tool-swa...

Introducing EDRStartupHinder: A tool that disrupts antivirus and EDR services during Windows 11 startup. Security teams, stay alert! #CyberSecurity #EDREvasion #Windows11 Link: thedailytechfeed.com/new-tool-edr...

Storm-0249 Abuses EDR Processes in Stealthy Attacks The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.

Storm-0249 is now targeting EDR processes to stay hidden — striking at the very tools meant to catch them. When visibility is blinded, compromise follows. 👀💀 #EDREvasion #ThreatIntelligence

Ransomware IAB abuses EDR for stealthy malware execution An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence…

Ransomware brokers are abusing EDR tools to execute malware stealthily — turning defenses into delivery systems. Even security layers can be weaponized. 🛡️💀 #EDREvasion #Ransomware

Ransomware gangs turn to Shanya EXE packer to hide EDR killers Several ransomware groups have been spotted using a packer-as-a-service (PaaS) platform named Shanya to assist in EDR (endpoint detection and response) killing operations.

Ransomware gangs are using the Shanya.exe packer to hide EDR-killers — making defenses blind before the attack even begins. Obfuscation is their new edge. 🧩💀 #Ransomware #EDREvasion

Introducing Singularity: A sophisticated Linux rootkit that evades Elastic EDR detection through advanced obfuscation and in-memory execution. Stay informed on evolving cybersecurity threats. #CyberSecurity #LinuxRootkit #EDREvasion Link: thedailytechfeed.com/new-singular...

🧩 New research: EDR-Redir tool exploits Windows Bind & Cloud Filter drivers to hijack EDR folders - no kernel access needed.
Breaks Elastic, Sophos, and even isolates Defender via Cloud Files API.
A new chapter in #EDREvasion?

#CyberSecurity #InfoSec #WindowsExploit #BYOVD #RedTeam #ThreatResearch

Cybercriminals are deploying fileless Remcos attacks, injecting malicious code into RMClient to bypass EDRs and steal credentials. Stay vigilant! #CyberSecurity #Remcos #EDREvasion #FilelessAttack Link: thedailytechfeed.com/emerging-fil...

New malware RingReaper exploits Linux's io_uring to evade EDR detection, highlighting the need for advanced monitoring strategies. #CyberSecurity #LinuxMalware #EDREvasion Link: thedailytechfeed.com/ringreaper-m...

EDR Killer Tool Shared by Ransomware Groups

~Sophos~
Multiple competing ransomware groups are using a shared EDR killer tool, often packed with HeartCrypt and using drivers signed with compromised certificates.
-
IOCs: HeartCrypt, EDRKillShifter
-
#EDREvasion #Malware #Ransomware #ThreatIntel

New Linux tool 'RingReaper' exploits io_uring to bypass EDR systems, highlighting the need for advanced monitoring strategies. #CyberSecurity #Linux #EDREvasion Link: thedailytechfeed.com/ringreaper-e...

Cybercriminals exploit SHELLTER framework to bypass AV and EDR systems, deploying sophisticated malware. Stay vigilant and enhance your defense strategies. #CyberSecurity #EDREvasion #Malware Link: thedailytechfeed.com/cybercrimina...

Process injection via Atom Tables is an underrated stealth tactic.

Store shellcode in an atom, retrieve it in a remote process, and execute via callback.

Avoids common memory scanning detections.

#RedTeam #EDREvasion #Infosec #CyberSecurity