Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

And then they send victims to the legit VPN download to hide their tracks A group of cybercriminals tracked as Storm-2561 is ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.

If the VMware Printer is not working inside your virtual machine, change the Connection Protocol, reinstall the View Agent or ...

What looks like a legit VPN download could be a trap, as SEO poisoning is being used to steal corporate logins.

Storm-2561 is relying on SEO poisoning to distribute fake VPN clients that install trojans and steal users’ credentials.

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.

Attackers exploit FortiGate vulnerabilities to steal LDAP credentials and breach networks, enabling AD access and malware deployment.

The latest example is detailed by researchers at Aryaka, who this week described a campaign by an unnamed threat actor who is distributing resumés containing a malicious ISO file to HR departments. It ...

Throughout early 2026, SentinelOne’s Digital Forensics & Incident Response (DFIR) team has responded to several incidents where FortiGate Next-Generation Firewall (NGFW) appliances have been ...