Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

The Qilin and Warlock ransomware operations are employing a Bring Your Own Vulnerable Driver (BYOVD) technique to disable over 300 Endpoint Detection and Response (EDR) tools. This method uses vulnerable drivers to gain kernel-level access, allowing them to terminate security processes and evade detection, with Qilin being particularly active and Warlock exploiting unpatched Microsoft SharePoint servers.