New GhostTree Attack Causing EDR Products to Hang and Leave Files Unscanned

📅 21 May 2026 at 04:16 UTC📰 Cyber Security NewsView original source ↗

A novel evasion technique called GhostTree, which exploits NTFS junctions to create recursive directory loops. Uncovered by Varonis Threat Labs, this method traps Endpoint Detection and Response (EDR) scanners in infinite paths, causing them to hang and ignore malicious payloads. NTFS junctions function as advanced shortcuts that redirect applications from one directory to another seamlessly. […] The post New GhostTree Attack Causing EDR Products to Hang and Leave Files Unscanned appeared first on Cyber Security News.

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed