Trellix Confirms Source Code Breach With Unauthorized Repository Access

Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter...

DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense

DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense By Maulik Maheta and Chao Sun · April 14, 2026 Executive summary A DCSync attack is one of the most formidable techniques an adversary can deploy after gaining a foothold in an Active Directory AD environmen...

The Ghost SPN Attack: Catching Stealthy Kerberoasting Before It's Too Late Using Trellix NDR

The Ghost SPN Attack: Catching Stealthy Kerberoasting Before It's Too Late Using Trellix NDR By Maulik Maheta and Henry Bernabe · March 23, 2026 Executive summary As organizations adopt an identity-first security posture, adversaries are increasingly exploiting the "identity fabric” using...

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

EUVD-2025-208089

A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory...

CVE-2025-14963

CVE-2025-14963 involves the Trellix HX Agent driver file fekern.sys. The vulnerability enables a local user to obtain elevated privileges by leveraging a Bring Your Own Vulnerable Driver (BYOVD) to access the lsass.exe memory. The description notes that the vulnerable driver installed in a system...

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

Trellix Endpoint Security HX 安全漏洞

Trellix Endpoint Security HX is a endpoint detection and response software developed by the American company Trellix. There is a security vulnerability in Trellix Endpoint Security HX, which stems from a flaw in the fekern.sys driver file, potentially leading to privilege escalation...

PT-2026-21777

Name of the Vulnerable Software and Affected Versions Trellix HX Agent affected versions not specified Description A security issue exists in the Trellix HX Agent driver file fekern.sys that could allow a local user to gain elevated system privileges. Exploitation involved leveraging a Bring Your...

When SPNs Go Rogue: Detection and Remediation with Trellix NDR

When SPNs Go Rogue: Detection and Remediation with Trellix NDR By Maulik Maheta and Henry Bernabe · February 10, 2026 Executive summary Service Principal Names SPNs are essential for Kerberos authentication in Active Directory AD, but misconfigurations, such as assigning SPNs to standard user...

The Unfriending Truth: How to Spot a Facebook Phishing Scam Before It's Too Late

The Unfriending Truth: How to Spot a Facebook Phishing Scam Before It's Too Late By Mark Joseph Marti · January 12, 2026 Introduction As one of the world's largest social media platforms, with over 3 billion active users, Facebook is a frequent target for phishing scams. Hackers aim to hijack use...

The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR

The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR By Maulik Maheta and Chao Sun · December 17, 2025 Executive summary DCShadow is a covert post-exploitation technique that enables an attacker to impersonate a domain controller and make unauthorized,...

Silent Domain Hijack: Detecting DCSync with Trellix NDR

Silent Domain Hijack: Uncovering the DCSync Attack and Detecting with Trellix NDR By Maulik Maheta and Chao Sun · December 10, 2025 Executive summary DCSync is one of the most powerful and stealthy techniques an attacker can use once they have gained access to an Active Directory AD environment...

How Trellix Helix detects AS-REP Roasting in Active Directory

How Trellix Helix detects AS-REP Roasting in Active Directory By Adithya Chandra and Maulik Maheta · November 13, 2025 Executive Summary Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory AD accounts with Kerberos preauthentication disabled, a...

EUVD-2022-43199

Malicious code in bioql PyPI...

EUVD-2023-12963

Malicious code in bioql PyPI...

EUVD-2024-44425

Malicious code in bioql PyPI...

EUVD-2022-42727

Malicious code in bioql PyPI...