edr

China's Ransomware Groups Are Using Zero-Days Now. That Changes the Math.

John Z Black Apr 7, 2026

Ransomware & Cybercrime #storm-1175 #medusa #qilin #china #zero-day #edr #ransomware

Microsoft links China-based Storm-1175 to Medusa ransomware using zero-day exploits, while Qilin deploys EDR-killing techniques before encryption.

BRICKSTORM Hides Where Your EDR Can't See It

John Z Black Apr 6, 2026

Threat Intelligence #china #espionage #vmware #vsphere #brickstorm #unc5221 #edr #hypervisor

A suspected China-nexus espionage operation targets VMware vCenter and ESXi hypervisors, persisting at the virtualization layer where endpoint security is blind.

Searching for Tax Forms? Malicious Google Ads Want to Kill Your Antivirus First

John Z Black Mar 25, 2026

Threat Intelligence #malvertising #byovd #screenconnect #edr #tax-season #endpoint-security #huntress

A malvertising campaign running since January targets W2 and W9 searchers with a kill chain that disables endpoint security at the kernel level before installing remote access malware. Your antivirus can't stop it once it's running.

BlackSanta Kills Your EDR Before You Even Know You're Hit — and It's Coming Through HR

John Z Black Mar 11, 2026

Malware #malware #edr #endpoint-security #phishing #hr-security #blacksanta

New malware called BlackSanta disables your endpoint detection, and it's getting in through HR inboxes. That combo is nastier than it sounds.