bug-bounty484
google314
xss279
microsoft259
facebook219
rce172
apple153
exploit142
malware107
bragging-post102
account-takeover100
cve89
csrf84
privilege-escalation80
authentication-bypass66
stored-xss65
writeup62
phishing57
reflected-xss57
browser55
react54
dos53
ssrf52
access-control50
input-validation49
cloudflare49
cross-site-scripting48
supply-chain47
node47
aws46
docker46
sql-injection45
smart-contract45
ethereum44
web-security43
oauth43
web-application43
defi43
web340
reverse-engineering39
lfi37
burp-suite36
idor36
vulnerability-disclosure35
html-injection33
race-condition33
csp-bypass32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
0
4/10
Microsoft disclosed Storm-2561, a credential theft campaign that uses SEO poisoning to distribute digitally signed trojan VPN clients, tricking users searching for legitimate enterprise software into downloading malicious ZIP files from attacker-controlled websites.
trojan
vpn-client
credential-theft
seo-poisoning
malware-distribution
digital-signature-abuse
social-engineering
threat-actor
Storm-2561
Microsoft
0
5/10
Threat actor Storm-2561 distributes fake VPN clients from major vendors (Ivanti, Cisco, Fortinet, Sophos, Sonicwall, Check Point, WatchGuard) via SEO poisoning to steal enterprise VPN credentials and configuration data. The malware bundle includes the Hyrax infostealer, creates persistence via RunOnce registry keys, and displays fake login interfaces before redirecting users to legitimate vendor sites to avoid detection.
phishing
seo-poisoning
credential-theft
infostealer
malware
vpn
fake-installer
social-engineering
persistence
registry-manipulation
digital-certificate-abuse
c2-infrastructure
ivanti
cisco
fortinet
sophos
sonicwall
check-point
watchguard
Storm-2561
Hyrax
Pulse.exe
dwmapi.dll
inspector.dll
connectionsstore.dat
Taiyuan Lihua Near Information Technology Co., Ltd.
Microsoft
GitHub
Windows Defender
SmartScreen