Endpoint

• BlackSanta: The EDR Killer Coming in Through the HR Inbox March 11, 2026

  Aryaka Threat Labs has documented a year-long campaign by a Russian-speaking threat actor using fake CVs to deploy BlackSanta, an EDR killer that uses a vulnerable kernel driver to blind endpoint security before exfiltrating data from HR systems.