SentinelOne's AI-Powered EDR Blocks CPU-Z Watering Hole Attack

On April 9, 2026, threat actors compromised the official CPUID domain (cpuid.com) at the API level, redirecting legitimate download requests for the CPU-Z utility to attacker-controlled infrastructure. The watering hole attack persisted for approximately 19 hours, serving malware through the site’s official download button. Users accessing the compromised domain were exposed to malicious payloads, though those navigating directly to the site received legitimate files. SentinelOne’s AI-powered EDR autonomously detected and blocked the attack without requiring prior signatures or updates. No specific malware family, CVE ID, or victim count was disclosed in the report.