Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

Fake enterprise VPN downloads used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...
The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.

VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report

Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN ...
CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.
Bleeping Computer

Latest Pulse Secure news

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by ...
WRAL

Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and ...

For months, hackers with suspected ties to China have exploited a popular workplace tool to break into government agencies, defense companies and financial institutions in the US and Europe, according ...
HHS

Pulse Connect Secure VPNs Still Under Attack

Two China-linked threat groups are still exploiting unpatched flaws in Ivanti's Pulse Connect Secure VPN products, using additional malware variants to support cyberespionage, FireEye's Mandiant ...