Featured Story

New EDR Killer Tool Used by Eight Different Ransomware Groups

A newly evolved EDR killer tool—successor to EDRKillShifter and attributed to RansomHub—has been adopted by eight ransomware gangs: RansomHub, Blacksuit, Medusa, Qilin, Dragonforce, Crytox, Lynx, and INC. The tool uses obfuscated binaries and masquerades as legitimate drivers such as the CrowdStrike Falcon Sensor Driver to disable AV/EDR tools like Microsoft Defender, SentinelOne, McAfee, and others.

Other Stories

Android Gets Patches for Qualcomm Flaws Exploited in Attacks

Google’s August 2025 Android update includes patches for six vulnerabilities, with two critical Qualcomm GPU flaws—CVE-2025-21479 and CVE-2025-27038—already being actively exploited. These flaws enable memory corruption and may allow threat actors to escalate privileges on compromised devices.

Privilege Escalation in Amazon ECS Allows IAM Hijacking (ECScape)

A newly disclosed vulnerability in Amazon ECS, dubbed ECScape, could allow attackers to hijack IAM roles and access other cloud resources from within the same EC2 instance. Discovered by Naor Haziz, the flaw stems from unsafe internal credential handling between ECS tasks.

Phishing Campaign Targets Proximus Skynet Email Users

A phishing campaign is targeting Proximus customers with Skynet.be email addresses, warning falsely that their email accounts will be deleted within hours. The urgent tone and brand impersonation make this campaign highly convincing, especially to less security-aware users.