TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

A Russian-speaking threat actor is targeting corporate HR teams with fake job applications delivered as ISO disk images hosted on legitimate cloud storage. Once opened, the ISO mounts and executes hidden commands that unpack malware concealed inside an image file. The campaign's standout component, dubbed 'BlackSanta,' is an EDR killer that uses the Bring Your Own Vulnerable Driver (BYOVD) technique to load legitimate but flawed kernel drivers, gaining deep system access to disable antivirus, EDR agents, and Microsoft Defender. With defenses neutralized, the malware exfiltrates sensitive files and cryptocurrency artifacts over encrypted channels. Aryaka researchers highlight that HR workflows—where staff routinely download files from strangers under time pressure—have become an increasingly attractive attack vector that organizations should defend with the same rigor as finance and IT systems.

Fake job applications pack malware that disables EDR