CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.
SecurityWeek

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 is relying on SEO poisoning to distribute fake VPN clients that install trojans and steal users’ credentials.
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
Medicine Buffalo

UB File Service (UBfs)

The UB File Service is a highly-available file service. The service is accessible via multiple protocols, such as SMB, cifs and nfs. File space is assigned to individuals and to groups for ...
Medicine Buffalo

Duo Two-Step Verification

When using the Duo Mobile app I get a message, "We have detected some security issues with your device that require your attention." What should I do? The Duo app helps keep you safe by suggesting you ...