Hackers Exploit Cortex XDR Live Terminal for C2 Communications

Hackers are exploiting the Cortex XDR Live Terminal feature to establish covert command-and-control (C2) channels, repurposing a security tool into a backdoor. This abuse leverages the tool’s trusted communications and remote execution capabilities, allowing attackers to blend malicious activity with legitimate traffic.

Edward Kiledjian @ekiledjian