Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Blog

Byadmblake March 13, 2026

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. “The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques.
“The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients

Blog

WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat…

Read More WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
Blog

Beware the Hidden Risk in Your Entra Environment

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them. All the guest…

Read More Beware the Hidden Risk in Your Entra Environment
Blog

China-Backed Salt Typhoon Hacks US National Guard for Nearly a Year

Between March and December of last year, infamous Chinese state-sponsored APT Salt Typhoon gained access to sensitive US National Guard data.

Read More China-Backed Salt Typhoon Hacks US National Guard for Nearly a Year
Blog

‘CitrixBleed 2’ Shows Signs of Active Exploitation

If exploited, the critical vulnerability allows attackers to maintain access for longer periods of time than the original CitrixBleed flaw, all while remaining undetected.

Read More ‘CitrixBleed 2’ Shows Signs of Active Exploitation
Blog

3 Severe Bugs Patched in Versa’s Concerto Orchestrator

Three zero-days could have allowed an attacker to completely compromise the Concerto application and the host system running it.

Read More 3 Severe Bugs Patched in Versa’s Concerto Orchestrator
Blog

When Brand Loyalty Trumps Data Security

Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life.

Read More When Brand Loyalty Trumps Data Security

Related