Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'rmm tools'

View all threats tagged with 'rmm tools'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: rmm tools

Threats Tagged 'rmm tools'

Click on any threat for detailed analysis and mitigation recommendations

One Misconfigured Server, Three Active Campaigns: Full exposure of three AiTM Phishing Operators
0

A misconfigured Python HTTP server on a Budapest VPS exposed the full operational infrastructure of three distinct AiTM phishing operators: codemado (Egyptian), saroula01, and mail-argenta (Nigerian). The exposed data included phishing configurations, credential logs, remote management tool installers, combolists, and Telegram session files. These operators used customized Evilginx forks and AI-assisted development to build MFA-bypass phishing infrastructure targeting primarily Microsoft 365 accounts. The campaigns were active from at least January 2025 through May 2026 and involved OAuth Device Code Flow attacks and other sophisticated phishing techniques.

Join the discussion
PHISH ALERT: From a Simple Phishing Email to a Full Attack Arsenal: The Evolution of "ClickFix"
0

A sophisticated phishing campaign leverages evolved ClickFix techniques to bypass modern endpoint security through victim-assisted execution. Targets receive emails with urgent OneDrive document lures containing malicious ZIP attachments. The attack uses LNK shortcuts that redirect victims to landing pages, silently injecting PowerShell commands into their clipboard. Through social engineering, victims are tricked into manually executing commands via Win+R, circumventing traditional security filters. The campaign employs DNS TXT records for payload staging, avoiding HTTP detection. The threat infrastructure hosts multiple malicious components including obfuscated scripts, fake MSI installers masquerading as legitimate software like ConnectWise, and ISO images with spyware for persistent access. This represents a shift toward long-game tactics focused on establishing full post-compromise environmental control.

Join the discussion

Showing 1 to 2 of 2 results

Filters:Tag: rmm tools
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses