Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

New Social Security Scam Emails Use Fake Tax Documents to Hijack PCs

A new phishing campaign is targeting thousands in the US by posing as the Social Security Administration. Learn how scammers use fake 2025/2026 tax statements and Datto RMM software to hijack computers and steal data, as shared with Hackread.com...

EUVD-2015-9098

Malware in sbrugna...

EUVD-2017-7858

Malware in sbrugna...

EUVD-2015-2191

Malware in sbrugna...

EUVD-2017-7857

Malware in sbrugna...

EUVD-2015-9099

Malware in sbrugna...

EUVD-2015-9097

Malware in sbrugna...

CVE-2015-9254

Datto ALTO and SIRIS devices have a default VNC password...

CVE-2017-16673

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified...

CVE-2015-9255

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory...

CVE-2015-9256

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default...

CVE-2017-16674

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...

CVE-2015-9255

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory...

Remote code execution

Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts...

Default credentials

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default...

CVE-2015-9254

Datto ALTO and SIRIS devices have a default VNC password...

Directory traversal

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory...

Default credentials

Datto ALTO and SIRIS devices have a default VNC password...

CVE-2015-2081

Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts...