A sophisticated new Endpoint Detection and Response (EDR) evasion tool, evolving from RansomHub's 'EDRKillShifter,' is being wielded by at least eight ransomware groups to disable security products on compromised systems. The tool leverages obfuscated binaries and stolen certificates to execute 'bring your own vulnerable driver' (BYOVD) attacks, targeting giants like Microsoft Defender and SentinelOne. Sophos researchers warn this signals a dangerous trend of collaborative development among cybercriminals, escalating the arms race in enterprise security.