Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack

On April 9, 2026, CPUID's download API was compromised to distribute a signed, trojanized CPU-Z installer delivering STX RAT via a reflective in-memory loader; the campaign affected 150+ confirmed victims (targeting IT/professional users), used persistence (registry Run key, scheduled task, MSBuild proj files), reused C2 infrastructure (supp0v3.com and 147.45.178.61) seen in prior campaigns, and was detected by behavioral EDR indicators (anomalous API resolution, RWX allocations, process injection) which enabled rapid containment.