Attackers don’t need a vulnerable driver to blind an EDR — they need the agent’s own installer and a window. The durable detection isn’t the kill command, it’s the silence that follows. Here is what that detection looks like the first time you deploy it, and why it floods the SOC before it works.
RunMRU is the tidiest endpoint signal for ClickFix, which is exactly why it’s the first thing attackers stopped touching. A look at what the registry detection catches, why it’s already half-blind, and the process-ancestry signal that actually survives.
Most prompt injection is semantic and resists signature detection. Invisible Unicode tag smuggling is the exception: it leaves a deterministic byte range you can match at the gateway. Here’s the detection, the tuning, and why most teams instrument the wrong path.
SRG moved its extortion infrastructure onto DNS fast flux. Building the detection is easy; the hard part is that a naive low-TTL-plus-many-IPs rule lights up every CDN in your environment before it ever surfaces the botnet.
China-nexus operational relay box networks rotate their egress IPs monthly and pick exit nodes inside the victim’s own region. Blocklists and impossible-travel rules don’t fire. Here’s where the detection actually lives, and what the first round of tuning has to fix.
FortiBleed isn’t a Fortinet vulnerability — it’s years of leaked configs, infostealer logs, and legacy password hashing compounding into tens of thousands of working FortiGate logins. There’s nothing to patch. Here’s what that changes for detection and response.
Z.ai’s GLM-5.2 is a cheap, MIT-licensed, long-horizon coding agent anyone can self-host with no provider-side refusal, logging, or kill switch. Paired with fresh AISI research on autonomous container-sandbox escape, the lesson is blunt: the model was never your control point. Your runtime hardening is.
Keyless OIDC federation killed long-lived AWS keys in CI, but it moved the trust boundary into a JSON condition block most teams wrote once and never reread. Here is where the sub-claim hole lives, what CloudTrail can and can’t tell you, and why this is a configuration audit before it is ever a detection.
CVE-2025-32463 lets any local user reach root through sudo’s chroot option, and it patches in an afternoon. The detection most teams wrote for it alerts on the wrong binary — here’s the field to key on and the false positives that flood you first.
Ubuntu 24.04 enabled AppArmor mediation of unprivileged user namespaces by default, then Qualys published three ways around it. Here’s what the control actually stops, the audit chain that proves it fired, and how to detect abuse without flooding the SOC.
