Threat Research

EDR killers have become a standard component of modern ransomware attacks, used by affiliates to disable security tools before deploying encryption payloads. While the BYOVD technique remains common, attackers increasingly adopt driverless methods, legitimate utilities, and customizable kits to evade detection....

Reynolds ransomware leverages a Bring Your Own Vulnerable Driver (BYOVD) technique to neutralize endpoint security controls prior to file encryption. It drops a legitimately signed but vulnerable kernel driver, NSecKrnl.sys, and exploits CVE-2025-68947 to gain kernel-level privileges....

Labs have uncovered targeted phishing campaigns in Taiwan that exploit local business workflows. The attacks deliver Winos 4.0 (ValleyRat) and additional malicious plugins through weaponized attachments and embedded links. Lures impersonate official communications, including tax audit notices, tax software installers, and cloud e-invoice downloads....

Osiris ransomware is a modern, enterprise-focused threat that conducts targeted intrusions involving deep network compromise, data exfiltration, and double-extortion tactics before encrypting victim systems....

A financially motivated threat actor deploying DeadLock ransomware has adopted new tactics, including a previously unknown BYOVD loader that exploits Baidu Antivirus driver vulnerability CVE-2024-51324 to disable EDR protections....

The Agenda ransomware group (Qilin) has been observed deploying Linux-based binaries on Windows hosts using legitimate remote management and file transfer tools. This cross-platform technique evades traditional Windows-focused detections, including many EDR solutions....