FILTERING BY: CLEAR FILTER

Evaluating Offensive AI Capabilities via the FrontierCyber Benchmark

The rapid proliferation of offensive AI, evidenced by over 70 new tools in 18 months, has rendered traditional "in-band" safety guardrails obsolete, with adaptive attacks achieving >90% breach rates. The FrontierCyber benchmark shifts evaluation from textual responses to action-based outcomes to mitigate "memorization bias." Concurrent developments include RedAmon for automated kill-chain orchestration and WasmForge for EDR evasion via WebAssembly. To counter these, researchers are deploying out-of-band deterministic policy enforcement (Progent) and Context-Conditioned Delta Steering (CC-Delta) using Sparse Autoencoders (SAEs) to neutralize jailbreaks and indirect prompt injections.

Rhysida, Interlock, and The Gentlemen: Modular Supply Chain Targeting VMware ESXi

Rhysida and Interlock ransomware operations have shifted to a modular supply chain model, leveraging Initial Access Brokers (IABs) and specialized crypter services to target VMware ESXi hypervisors. By employing the "GentleKiller" framework—an EDR-terminating toolset targeting over 400 security processes across 48 products—affiliates (including Storm-2697) disable guest-level defenses before deploying Go-based, self-propagating encryptors. This strategy enables the mass encryption of multiple virtual machines simultaneously at the virtualization layer, utilizing per-file ephemeral key encryption to maximize operational paralysis and extortion leverage.

Aur0ra Ransomware: The Evolution of Stealth via In-Place Encryption and EDR Evasion

Aur0ra represents a fundamental shift in ransomware methodology, moving away from noisy "Copy-Encrypt-Delete-Rename" workflows toward a highly stealthy "In-Place Encryption" model. This strategic pivot specifically targets the behavioral detection logic of modern EDR and XDR platforms, significantly increasing the Mean Time to Detect (MTTD) for enterprise security teams.


LINK COPIED TO CLIPBOARD