< ciso
brief />
Tag Banner

All news with #crowdstrike tag

149 articles

macOS XPC Flaw Lets Non‑Root Users Disable EDR/MDM

🔒 A disclosed macOS privilege escalation allows a non-root user to abuse XPC trusted caller caching to invoke privileged helper functions without authentication, impacting multiple EDR and MDM products. XM Cyber found attackers can tamper with a legitimate app to inherit its cached trust and call sensitive methods to unload or disable security agents with minimal forensic traces. Vendors including CrowdStrike and Kandji have issued fixes and mitigations, while XM Cyber released a scanner and will present findings at Black Hat.
read more →

AI-built ransomware toolkit automates EDR evasion

🛡️ A threat actor used an AI-assisted ransomware toolkit to automate Active Directory discovery and iterate EDR evasion techniques. Researchers found Cursor and Claude Opus agents used for coding, analysis, testing, and checking public research for bypass methods, with some malware tested against Sophos, CrowdStrike, and Microsoft EDR products. Sophos determined the workflow was human-directed, while AI accelerated development, producing numerous payload modules and mapping techniques to MITRE ATT&CK.
read more →

AI-assisted toolkit used to evade EDR defenses

🔍 Sophos X-Ops uncovered a lab where a threat actor used AI coding tools to develop and test malware aimed at evading EDR products. The files and Git repository showed Python scripts—many partially AI-generated—used to build and iterate evasion modules against vendors including Sophos, CrowdStrike and Microsoft. Humans retained control of the workflow, using AI to accelerate building, testing and refinement while operating inside an AI-native environment.
read more →

Researchers Disrupt Glassworm's Resilient Botnet C2

🛡️ CrowdStrike, Google, and The Shadowserver Foundation coordinated to disrupt the Glassworm botnet by simultaneously takedown of four resilient C2 channels. The threat abused Solana blockchain memo fields, the BitTorrent DHT, Google Calendar events, and traditional VPS-hosted servers to persist and evade mitigation. Active campaigns targeted developers via malicious OpenVSX and VS Code extensions and later poisoned GitHub and npm artifacts. Infected hosts now beacon to a CrowdStrike-controlled IP and YARA rules have been published to detect compromise.
read more →

Coordinated Takedown Disrupts GlassWorm C2 Channels

🛡️ CrowdStrike, together with Google and the Shadowserver Foundation, announced the simultaneous disruption of all command-and-control channels used by GlassWorm, a persistent campaign that has targeted software developers since early 2025. The operators trojanized VS Code extensions and poisoned npm and Python packages to deliver a data-theft framework capable of credential harvesting and system profiling. Multiple resilient C2 resolution layers were used — Solana memo fields, BitTorrent DHT, Google Calendar events, and commercial VPS hosts — all of which were neutralized in the coordinated action. CrowdStrike attributes the activity to likely Russia-based cybercriminals and warns about the severe risk posed by supply chain compromises to developer ecosystems.
read more →

CrowdStrike Named Leader in Gartner Cyberthreat Intelligence

🔒 CrowdStrike was named a Leader in the inaugural 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies and ranked furthest to the right for Completeness of Vision. The company emphasizes its AI-native Falcon platform and Threat AI agents — including Malware Analysis and Hunt agents — to deliver tailored, actionable intelligence at decision points. It highlights telemetry from trillions of daily events and multiple integration paths to operationalize intelligence.
read more →

CrowdStrike Launches Falcon OverWatch for Defender

🔍 CrowdStrike has introduced Falcon OverWatch for Defender, a managed threat-hunting service that brings continuous, expert-led hunting to Microsoft Defender environments without replacing existing endpoint protections. Running a lightweight Falcon sensor alongside Microsoft Defender, the offering combines human hunters, deep adversary intelligence, and AI-driven analytics to surface stealthy post‑exploit activity and escalate high-confidence threats. It promises AI-powered analysis at scale—up to 6.2 trillion events per day—broad visibility across millions of endpoints, and operationalized hunting patterns to improve detection and response across customers.
read more →

CrowdStrike Technical Risk Assessments: Exposure Patterns

🔍 CrowdStrike Professional Services' Technical Risk Assessments (TRAs) analyze hundreds of production environments annually to surface common exposure patterns, including unmanaged assets, overlooked credential paths, and the rise of shadow AI. Assessments combine external attack surface enumeration, vulnerability and identity hygiene reviews, and hands-on validation to produce prioritized remediation recommendations. Findings stress that having the right tools is insufficient without operational discipline, clear ownership, and continuous validation to reduce breach likelihood.
read more →

AI-Driven Vulnerability Discovery and Defensive Response

🤖 In the latest Adversary Universe podcast, CrowdStrike leaders discuss how AI is accelerating vulnerability discovery and could produce a rapid surge of new flaws — a potential 'vuln-pocalypse'. They urge prioritizing remediation based on active exploitation and prevalence in environments. CrowdStrike recommends leveraging AI for agentic red teaming, vulnerability scanning, and crowdsourced telemetry to detect post-exploitation behaviors. They point to Project Glasswing and OpenAI's Trusted Access for Cyber as examples of defense-focused collaboration.
read more →

Defending Against SaaS-Focused CORDIAL and SNARKY SPIDERS

🔐 Since October 2025, CrowdStrike's Falcon Shield explains how CORDIAL SPIDER and SNARKY SPIDER execute fast, SaaS-first attacks that bypass endpoint visibility. Through vishing and SSO-themed AiTM pages they capture credentials and session tokens to pivot into IdPs and multiple SaaS apps. Falcon Shield detects anomalous sign-ins, MFA enrollments, notification suppression, and adversary proxy infrastructure to disrupt campaigns.
read more →

CrowdStrike Expands ChatGPT Enterprise Monitoring Now

🔒 CrowdStrike has expanded its integration with ChatGPT Enterprise to deliver deeper audit logging and continuous activity monitoring within Falcon Shield SaaS security. The enhancement ingests OpenAI’s expanded logs to capture authentication events, administrative changes, tool and Codex usage, and conversation-level records across workspaces. By correlating AI activity with identity, device, and SaaS telemetry, the capability aims to detect suspicious behaviors, enforce policy, and support faster investigations. This marks a shift from configuration visibility to operational threat detection for AI-driven workflows.
read more →

Endpoint Detection and Response: A Practical Buyer's Guide

🔒 This buyer's guide explains what Endpoint Detection and Response (EDR) is, which core capabilities to expect, and which vendors and solutions are recommended. It highlights EDR features such as real-time behavioral telemetry, deep investigation tools, centralized analytics, and integrations with SIEM, SOAR, firewalls and other security controls. Vendor profiles include CrowdStrike, Microsoft, Palo Alto, SentinelOne, Sophos and Trend Micro, and four practical questions to ask vendors before purchasing are provided.
read more →

CrowdStrike Named Leader in Frost & Sullivan CNAPP 2026

🔒 CrowdStrike has been named a Leader in Frost & Sullivan’s 2026 Radar for Cloud‑Native Application Protection Platforms, marking the fourth consecutive recognition. Frost & Sullivan evaluated over 30 CNAPP offerings and the top 13 vendors, highlighting CrowdStrike for combining posture management with real‑time detection and response in Falcon Cloud Security. Recent features such as adversary‑informed risk prioritization, Timeline Explorer, and Charlotte AI are cited for accelerating investigation and automated remediation.
read more →

CrowdStrike Adds Real-Time CDR Support for Google Cloud

🔒 CrowdStrike expanded real-time cloud detection and response (CDR) to Google Cloud, ingesting Google Cloud activity into the Falcon Cloud Security detection pipeline. The beta capability analyzes cloud telemetry in real time and integrates with the broader Falcon platform, threat intelligence and CrowdStrike Charlotte AI to accelerate hunting and investigations. The company also added Kubernetes control plane detections for GKE and regional Google Cloud infrastructure support to help meet data residency requirements.
read more →

CrowdStrike Falcon Cloud Security: 264% ROI Realized

🔒 CrowdStrike's Falcon Cloud Security delivered a 264% return on investment over three years, according to a Forrester Total Economic Impact™ study. By unifying cloud posture management and runtime protection on a single platform, organizations gained real-time cross-domain context, runtime controls, and AI-assisted triage that improved detection and response. The study quantified $13.8 million in benefits with payback in under six months and reported reductions in multicloud tooling costs, investigation time, and false positives.
read more →

CrowdStrike Falcon Platform Delivers 441% ROI in 3 Years

🔍 An IDC Business Value study shows organizations that standardized on the CrowdStrike Falcon platform realized a 441% return on investment over three years, with average payback in four months. Interviewed customers reported replacing five tools on average, reducing false positives by 86% (from 33% to 5%), and improving security operations efficiency by 44% after consolidating telemetry and workflows on the unified platform. The study attributes these gains to automated triage, AI-assisted investigation, and reduced alert noise, which together lower operational burden and accelerate response.
read more →

CrowdStrike Shadow AI Visibility Service for Enterprise

🔍 The new CrowdStrike Shadow AI Visibility Service delivers telemetry-based discovery of sanctioned and unsanctioned AI across endpoint, cloud and SaaS environments. Delivered by CrowdStrike experts and powered by the Falcon platform, it produces a comprehensive AI inventory and runtime evidence such as prompts, responses and agent activity. The service identifies visibility gaps, prioritizes findings and provides actionable remediation guidance to reduce exposure. It positions discovery as the foundational phase before adversarial testing and continuous frontier AI readiness scanning.
read more →

Frontier AI Collapses Exploit Window: Defenders' Response

⚠️ As frontier AI accelerates vulnerability discovery and exploit development, the traditional window for patching and mitigation is collapsing and defenders must change how they prioritize risk. CrowdStrike urges a shift from volume-focused vulnerability management to exposure-centric programs that evaluate exploitability, reachability, and attack paths. Recommended actions include continuous inside-out and outside-in validation, enforcing zero standing privileges, operating detection and response at machine speed, and applying AI with deliberate governance. CrowdStrike offers a Frontier AI Readiness and Resilience Service and integrates findings into Falcon to operationalize continuous remediation.
read more →

Supply Chain Cyber Risks: Identifying Hidden Blind Spots

🔎 Supply chain dependencies create hidden cyber blind spots that can cascade into large-scale operational, financial, and reputational damage. Many SMBs underestimate the threat — ESET’s 2026 SMB Cyber Readiness Index shows supply chain attacks rank well below concerns about AI-powered malware. High-profile incidents (3CX, CDK, Change Healthcare, Jaguar Land Rover) and erroneous updates (CrowdStrike) show risk from both malice and error. The author advises mapping third-party dependencies, enforcing vendor cybersecurity standards, and adopting zero trust and continuous monitoring.
read more →

CrowdStrike Joins OpenAI TAC; Introduces GPT-5.4-Cyber

🔐 CrowdStrike has been selected for OpenAI's Trusted Access for Cyber (TAC) program and will integrate the frontier model GPT-5.4-Cyber into its platform. Its multi-model AgentWorks framework enables defenders to choose the best model for each task while applying enterprise-grade governance and real-world threat intelligence. Falcon sensors provide runtime visibility across endpoints, governing AI agents where they execute and helping organizations meet emerging regulatory requirements such as the EU AI Act.
read more →