Our latest Trellix Endpoint Detection and Response with Forensics (EDRF) threat detection content release is now available, covering the landscape from December 2025. This release strengthens your defenses with 50+ new detections and 165+ rule enhancements across Windows, Linux, and macOS.
Key threat coverage:
- Supply chain attacks: New defenses against the Shai Hulud npm campaign and compromised developer accounts.
- APT activity: Targeted detection for Bloody Wolf, Silver Fox (ValleyRat), and RomCom utilizing SocGholish.
- Malware & C2: Enhanced visibility into Discord C2 activity and the AppleProcesshub stealer.
These updates are compatible with all EDR and EDRF client versions. There is no action required.
For more details and a complete list of the changes, see the Knowledge Base article Trellix EDR with Forensics Threat Detection Content Release – January 2026.
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.