Search Results: EndpointSecurity

The Akira ransomware group is exploiting a legitimate Intel CPU tuning driver (rwdrv.sys) to disable Microsoft Defender in a sophisticated Bring Your Own Vulnerable Driver (BYOVD) attack. Security researchers observed this evasion tactic paired with SonicWall VPN targeting and trojanized software installers, underscoring critical supply chain risks.

Trend Micro warns attackers are actively exploiting a critical command injection vulnerability (CVE-2025-54948/CVE-2025-54987) in its Apex One endpoint security platform, enabling pre-authenticated remote code execution. With no patch available until mid-August, administrators must implement temporary mitigations that disable key management features. This marks the third Apex One zero-day exploited since 2022, highlighting persistent supply chain risks for enterprise defense systems.