{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigcqbzmxcqe2hgxyftpzhetk3bmpzksquppqn2l2n35bq4xsgpuvi",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mfrvqsc3znx2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifzpgzwv3taauqyg63gtk5of7kzg5tzwoqpnibzfboh3teydjrhve"
    },
    "mimeType": "image/jpeg",
    "size": 90824
  },
  "path": "/cortex-xdr-live-terminal-abuse-lets-hackers-use-edr-for-stealthy-c2-control/",
  "publishedAt": "2026-02-26T10:03:43.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Cortex XDR Live Terminal Abuse Lets Hackers Use EDR for Stealthy C2 Control",
    "VPN Central"
  ],
  "textContent": "]Hackers can hijack Palo Alto Networks’ Cortex XDR Live Terminal feature for command-and-control communications. The trusted EDR tool runs attacker commands without detection. InfoGuard Labs states: “No command signing allows WebSocket redirection to attacker servers.” Live Terminal lets admins run PowerShell, Python, file ops remotely via WebSocket to Palo Alto cloud. Attackers exploit missing validation. […]\n\nThe post Cortex XDR Live Terminal Abuse Lets Hackers Use EDR for Stealthy C2 Control appeared first on VPN Central.",
  "title": "Cortex XDR Live Terminal Abuse Lets Hackers Use EDR for Stealthy C2 Control"
}