VulnHub

Real-time Cybersecurity News

New ‘BlackSanta’ EDR killer spotted targeting HR departments

BleepingComputer
Actively Exploited
Malware

Overview

A Russian-speaking threat actor has been targeting human resource departments for over a year with a new type of malware called BlackSanta. This malware is designed to bypass endpoint detection and response (EDR) systems, making it particularly dangerous for organizations. The attackers are specifically focusing on HR departments, which often hold sensitive personal information and can be gateways to larger corporate networks. The presence of BlackSanta poses a significant risk, as it could allow attackers to steal valuable data or infiltrate other areas of a company's operations. Companies should be vigilant and ensure their security measures are up to date to protect against these sophisticated attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Human resource departments, EDR systems
  • Action Required: Organizations should enhance their EDR capabilities and conduct regular security audits to identify potential vulnerabilities.
  • Timeline: Ongoing since over a year

Original Article Summary

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. [...]

Impact

Human resource departments, EDR systems

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since over a year

Remediation

Organizations should enhance their EDR capabilities and conduct regular security audits to identify potential vulnerabilities. Employee training on recognizing phishing attempts and other social engineering tactics is also recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

The Hacker News

A new cyber campaign has emerged, targeting cryptocurrency firms through deceptive recruitment tactics and custom malware designed for macOS systems. Researchers from Wiz have identified this threat actor, known as JINX-0164, which employs social engineering to lure victims into downloading malicious software. The malware is tailored to exploit continuous integration and continuous deployment (CI/CD) infrastructures, increasing the risk of digital asset theft for affected organizations. As cryptocurrency firms often handle significant amounts of valuable digital assets, these attacks could lead to substantial financial losses and damage to their reputations. Companies in the crypto space need to be vigilant and enhance their security measures to protect against these sophisticated threats.

May 28, 2026

19.6 Billion Files Are Sitting Open on the Internet. No Password Required

Security Affairs

A recent study by Mysterium VPN revealed that an astonishing 19.6 billion files are publicly accessible on the internet due to misconfigured cloud storage buckets. Among these files, there are around 685,000 credential files and nearly 1 million database dumps. This situation exposes sensitive information and undermines the common belief that data stored with companies is secure. The findings raise significant concerns about data privacy and security, emphasizing that many organizations may not be adequately protecting their data. It’s crucial for companies to review their cloud configurations to prevent unauthorized access to sensitive information.

May 28, 2026

Police arrest suspect in Ajax football club hack that exposed 300,000 fan records

Help Net Security

A 35-year-old man from Buren, Netherlands, has been arrested by the Dutch National Police for hacking into AFC Ajax's computer systems. The investigation began after the football club discovered that its systems had been accessed without authorization, leading to the exposure of personal records for approximately 300,000 fans. The suspect is believed to have gained unauthorized access multiple times. This incident raises concerns about the security of fan data in sports organizations and the potential risks associated with such breaches. As data privacy becomes increasingly important, this case underscores the need for sports clubs to enhance their cybersecurity measures to protect sensitive information.

May 28, 2026

Nordic CISOs Handle Rising Cyber Threats Remarkably Well

darkreading

Despite the growing concerns around cybersecurity, a recent survey of Chief Information Security Officers (CISOs) in northern Europe found that most are not experiencing a significant increase in cyberattacks compared to two years ago. This suggests that while the threat of cyber incidents remains, the situation for many organizations has stabilized. The findings indicate that companies have likely adapted their defenses and strategies against potential attacks, even with the rise of artificial intelligence in cyber operations. Understanding this trend is important for businesses as it helps inform their security postures and resource allocations. Overall, the report provides a snapshot of the current state of cybersecurity in northern Europe, demonstrating resilience in the face of evolving threats.

May 28, 2026

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Securelist

Recent research has uncovered a long-running cybercrime operation targeting fans of pirated books, movies, and TV shows. In 2026, experts identified new websites associated with this gang, attracting tens of millions of visitors. These sites have been linked to malware distribution, including a Remote Access Trojan (RAT) that allows attackers to control infected devices. This situation poses significant risks for users who access these pirated materials, as they may unknowingly download harmful software. It's crucial for consumers to be aware of these dangers and consider the security implications of engaging with pirated content.

May 28, 2026

FBI warns law firms of in-person data theft by Silent Ransom Group

SCM feed for Latest

The FBI has issued a warning to law firms about a new tactic being used by the Silent Ransom Group (SRG) to steal sensitive data. These attackers are impersonating IT support staff and reaching out to victims through phone calls or phishing emails, aiming to gain access to their systems via remote desktop sessions. This method is particularly concerning for law firms, which often handle confidential information. If successful, these attacks could lead to significant data breaches, putting client information at risk. The FBI emphasizes the need for firms to be vigilant and to verify the identity of anyone requesting remote access to their systems.

May 27, 2026