UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help des...

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

In this article 1. A wide range of tax-themed campaigns 2. How to protect users and organization against tax-themed campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise During tax season, threat actors reliably take advantage of the urgency and familiarity of...

Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware

A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks...

Signed malware impersonating workplace apps deploys RMM backdoors

In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor. The campaigns used workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. Phishing emails directed users to download malicious...

Signed malware impersonating workplace apps deploys RMM backdoors

In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor. The campaigns used workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. Phishing emails directed users to download malicious...

Grafana security vulnerabilities

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability, where the dashboard’s permission API...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon version 24.10.0 up to and including version 24.10.5, version 24.04.0 ...

How attackers use real IT tools to take over your computer

A new wave of attacks is exploiting legitimate Remote Monitoring and Management RMM tools like LogMeIn Resolve formerly GoToResolve and PDQ Connect to remotely control victims’ systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support progra...

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management RMM software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according t...

EUVD-2024-3294

Malicious code in bioql PyPI...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana that stems from a dashboard...

CVE-2023-51700

Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting...

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Cisco Talos identified a spam campaign targeting Brazilian users with commercial remote monitoring and management RMM tools since at least January 2025. Talos observed the use of PDQ Connect and N-able remote access tools in this campaign. The spam message uses the Brazilian electronic invoice...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. Centreon suffers from a security vulnerability that originates from SQL injection and could lead to...

Linux Distros Unpatched Vulnerability : CVE-2024-49974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the numb...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: metallb-fips, thanos, prometheus-postgres-exporter, secrets-store-csi-driver, cfssl, thanos-operator-fips, bank-vaults-fips, vexctl, neuvector-scanner, vault-csi-provider, aws-load-balancer-controller-fips, extism, cri-tools, grpc-health-probe, croc,...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cri-o / keda / kube-vip-cloud-provider / kured / moby-engine / node-problem-detector (CVE-2022-21698)

The version of application-gateway-kubernetes-ingress / cri-o / keda / kube-vip-cloud-provider / kured / moby-engine / node-problem-detector installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-21698...

Centreon SQL Injection Vulnerability (CNVD-2025-03203)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. An SQL injection vulnerability exists in Centreon centreon-web, which stems from the application's lack...

GHSA-W32M-9786-JP63 vulnerabilities

Vulnerabilities for packages: metallb-fips, thanos, prometheus-postgres-exporter, amazon-k8s-cni, secrets-store-csi-driver, malcontent, cfssl, thanos-operator-fips, bank-vaults-fips, request-1279-14, neuvector-scanner, crossplane-fips, vexctl, opentofu, cilium-envoy, spiffe-helper,...