AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence AI chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the...

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Defender Experts identified an active cryptojacking campaign in which malicious download sites are surfaced not only through traditional search engine poisoning, but also through A...

ConnectWise ScreenConnect 23.9.7 - Authentication Bypass

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. id: CVE-2024-1709 info: name: ConnectWise ScreenConnect 23.9.7 -...

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management RMM software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUSHELPER , has impacted over 80...

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems...

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own...

ConnectWise ScreenConnect < 26.1 Authentication Bypass

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 26.1. It is, therefore, affected by an authentication bypass vulnerability: - A condition in ScreenConnect may allow an actor with access to server-level cryptographic material...

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

EUVD-2026-12574

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

CVE-2026-3564

CVE-2026-3564 affects ConnectWise ScreenConnect. A condition in ScreenConnect may allow an attacker who already has access to server‑level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. Red Hat, EUVD, NVD, and CVE...

CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

VulnCheck KEV: CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application developed by ConnectWise. There is a security vulnerability in ConnectWise ScreenConnect, which arises from the possibility that participants with server-level authentication encryption materials may gain unauthorized...

PT-2026-25901

FOR ON-PREMISE INSTALLATIONS ONLY Straight from ISAO. No changes or additions. Summary: ConnectWise disclosed a new high-severity vulnerability in ScreenConnect on March 17, 2026, tracked as CVE-2026-3564 with a CVSS score of 9.0. The vulnerability relates to how server-level cryptographic materi...

Signed malware impersonating workplace apps deploys RMM backdoors

In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor. The campaigns used workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. Phishing emails directed users to download malicious...