> TritonInfoSec News
Home / Jun 20, 2026 / Story
0
#8 The Hacker News general June 19, 2026 at 18:33 UTC

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

By [email protected] (The Hacker News)

AI Summary

The Gentlemen ransomware-as-a-service operation distributes a mature EDR-killing framework called GentleKiller to affiliates, which targets approximately 400 distinct security processes to disable defenses before deploying the encryptor. The RaaS incorporates both proprietary and third-party EDR termination tools, reflecting an industrialization of defense evasion capabilities. Security teams should audit which EDR processes are most susceptible to BYOVD or direct termination attacks.

Read full article → https://thehackernews.com/2026/06/the-gentlemen-ra…

Relevance score: 77.0/100

# More from June 20

  1. 1
    CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices The Hacker News
  2. 2
    Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites The Hacker News
  3. 3
    CISA: Splunk Enterprise flaw actively exploited, patch by Sunday BleepingComputer
  4. 4
    Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain The Hacker News
  5. 5
    Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data The Hacker News
  6. 6
    F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution The Hacker News
  7. 7
    Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2 The Hacker News
  8. 9
    Texas govt data breach exposes over 3 million driver’s licenses BleepingComputer
  9. 10
    Critical Command Execution Vulnerability Patched in Cisco ISE SecurityWeek