EDR killer tool uses signed kernel driver from forensic software

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in ...

Wave of Citrix NetScaler scans use thousands of residential proxies

A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of ...
SecurityWeek

Ivanti Patches Exploited EPMM Zero-Days

Ivanti has patched CVE-2026-1281 and CVE-2026-1340, two Endpoint Manager Mobile (EPMM) flaws exploited as zero-days.
CSO Online

Ivanti patches two actively exploited critical vulnerabilities in EPMM

The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but ...
Microsoft

Infostealers without borders: macOS, Python stealers, and platform abuse

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...