Threats Tagged 'rmm tools'
View all threats tagged with 'rmm tools'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'rmm tools'
Click on any threat for detailed analysis and mitigation recommendations
One Misconfigured Server, Three Active Campaigns: Full exposure of three AiTM Phishing Operators 0 A misconfigured Python HTTP server on a Budapest VPS exposed the full operational infrastructure of three distinct AiTM phishing operators: codemado (Egyptian), saroula01, and mail-argenta (Nigerian). The exposed data included phishing configurations, credential logs, remote management tool installers, combolists, and Telegram session files. These operators used customized Evilginx forks and AI-assisted development to build MFA-bypass phishing infrastructure targeting primarily Microsoft 365 accounts. The campaigns were active from at least January 2025 through May 2026 and involved OAuth Device Code Flow attacks and other sophisticated phishing techniques. Join the discussion | AlienVault OTX General | 07/13/2026, 10:36:53 UTC Added: 07/13/2026, 11:03:04 UTC |
PHISH ALERT: From a Simple Phishing Email to a Full Attack Arsenal: The Evolution of "ClickFix" 0 A sophisticated phishing campaign leverages evolved ClickFix techniques to bypass modern endpoint security through victim-assisted execution. Targets receive emails with urgent OneDrive document lures containing malicious ZIP attachments. The attack uses LNK shortcuts that redirect victims to landing pages, silently injecting PowerShell commands into their clipboard. Through social engineering, victims are tricked into manually executing commands via Win+R, circumventing traditional security filters. The campaign employs DNS TXT records for payload staging, avoiding HTTP detection. The threat infrastructure hosts multiple malicious components including obfuscated scripts, fake MSI installers masquerading as legitimate software like ConnectWise, and ISO images with spyware for persistent access. This represents a shift toward long-game tactics focused on establishing full post-compromise environmental control. Join the discussion | AlienVault OTX General | 06/23/2026, 12:11:53 UTC Added: 06/23/2026, 19:09:14 UTC |
Showing 1 to 2 of 2 results