#rdp — Public Fediverse posts

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows ... Continued 👉 #rdpserver #vpsplatform #vpsservers #remotedesktopprotocol #vpsguide #microsoftremotedesktop #windowsserver

4 Steps to Easily Access RDP R...

It feels smart to add Remote Desktop and Hyper-V VM Connect commands to my Windows Terminal profile list.

#PowerShell #WindowsTerminal #RDP #HyperV

It feels smart to add Remote Desktop and Hyper-V VM Connect commands to my Windows Terminal profile list.

#PowerShell #WindowsTerminal #RDP #HyperV

It feels smart to add Remote Desktop and Hyper-V VM Connect commands to my Windows Terminal profile list.

#PowerShell #WindowsTerminal #RDP #HyperV

It feels smart to add Remote Desktop and Hyper-V VM Connect commands to my Windows Terminal profile list.

#PowerShell #WindowsTerminal #RDP #HyperV

It feels smart to add Remote Desktop and Hyper-V VM Connect commands to my Windows Terminal profile list.

#PowerShell #WindowsTerminal #RDP #HyperV

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

Pulse ID: 6a105530af26afbd3752ab81
Pulse Link: https://otx.alienvault.com/pulse/6a105530af26afbd3752ab81
Pulse Author: AlienVault
Created: 2026-05-22 13:08:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

Pulse ID: 6a105530af26afbd3752ab81
Pulse Link: https://otx.alienvault.com/pulse/6a105530af26afbd3752ab81
Pulse Author: AlienVault
Created: 2026-05-22 13:08:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

Pulse ID: 6a105530af26afbd3752ab81
Pulse Link: https://otx.alienvault.com/pulse/6a105530af26afbd3752ab81
Pulse Author: AlienVault
Created: 2026-05-22 13:08:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

Pulse ID: 6a105530af26afbd3752ab81
Pulse Link: https://otx.alienvault.com/pulse/6a105530af26afbd3752ab81
Pulse Author: AlienVault
Created: 2026-05-22 13:08:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

Pulse ID: 6a105530af26afbd3752ab81
Pulse Link: https://otx.alienvault.com/pulse/6a105530af26afbd3752ab81
Pulse Author: AlienVault
Created: 2026-05-22 13:08:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

In the spirit of trying new things, I'm running Fedora 44 Workstation (i.e. Gnome50) on my laptop... whilst I run the KDE spin on my desktop.

I've noticed that setting up remote login on both is really easy... and using the default RDP viewer in KDE I can simply connect to my laptop... great.

However, trying to connect from my laptop to my desktop isn't working. (Firewalls have been configured, thanks).

Using the "Connections" app just fails to connect but never stops trying. I downloaded RustConn and that gives me an error telling me that it's spawned an external viewer (it hasn't) as the RDP server isn't compatible.

I can, however, connect to my desktop just fine from a Windows VM with the "Windows App" 🤢

Anyone have helpful suggestions?

#rdp #kde #gnome #fedora #linux

In the spirit of trying new things, I'm running Fedora 44 Workstation (i.e. Gnome50) on my laptop... whilst I run the KDE spin on my desktop.

I've noticed that setting up remote login on both is really easy... and using the default RDP viewer in KDE I can simply connect to my laptop... great.

However, trying to connect from my laptop to my desktop isn't working. (Firewalls have been configured, thanks).

Using the "Connections" app just fails to connect but never stops trying. I downloaded RustConn and that gives me an error telling me that it's spawned an external viewer (it hasn't) as the RDP server isn't compatible.

I can, however, connect to my desktop just fine from a Windows VM with the "Windows App" 🤢

Anyone have helpful suggestions?

#rdp #kde #gnome #fedora #linux

In the spirit of trying new things, I'm running Fedora 44 Workstation (i.e. Gnome50) on my laptop... whilst I run the KDE spin on my desktop.

I've noticed that setting up remote login on both is really easy... and using the default RDP viewer in KDE I can simply connect to my laptop... great.

However, trying to connect from my laptop to my desktop isn't working. (Firewalls have been configured, thanks).

Using the "Connections" app just fails to connect but never stops trying. I downloaded RustConn and that gives me an error telling me that it's spawned an external viewer (it hasn't) as the RDP server isn't compatible.

I can, however, connect to my desktop just fine from a Windows VM with the "Windows App" 🤢

Anyone have helpful suggestions?

#rdp #kde #gnome #fedora #linux

In the spirit of trying new things, I'm running Fedora 44 Workstation (i.e. Gnome50) on my laptop... whilst I run the KDE spin on my desktop.

I've noticed that setting up remote login on both is really easy... and using the default RDP viewer in KDE I can simply connect to my laptop... great.

However, trying to connect from my laptop to my desktop isn't working. (Firewalls have been configured, thanks).

Using the "Connections" app just fails to connect but never stops trying. I downloaded RustConn and that gives me an error telling me that it's spawned an external viewer (it hasn't) as the RDP server isn't compatible.

I can, however, connect to my desktop just fine from a Windows VM with the "Windows App" 🤢

Anyone have helpful suggestions?

#rdp #kde #gnome #fedora #linux

In the spirit of trying new things, I'm running Fedora 44 Workstation (i.e. Gnome50) on my laptop... whilst I run the KDE spin on my desktop.

I've noticed that setting up remote login on both is really easy... and using the default RDP viewer in KDE I can simply connect to my laptop... great.

However, trying to connect from my laptop to my desktop isn't working. (Firewalls have been configured, thanks).

Using the "Connections" app just fails to connect but never stops trying. I downloaded RustConn and that gives me an error telling me that it's spawned an external viewer (it hasn't) as the RDP server isn't compatible.

I can, however, connect to my desktop just fine from a Windows VM with the "Windows App" 🤢

Anyone have helpful suggestions?

#rdp #kde #gnome #fedora #linux

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows ... Continued 👉 #remotedesktopprotocol #rdpserver #windowsserver #vpsservers #microsoftremotedesktop #vpsguide #vpsplatform

4 Steps to Easily Access RDP R...

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #windowsserver #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsservers #vpsplatform

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #windowsserver #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsservers #vpsplatform

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #windowsserver #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsservers #vpsplatform

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign

A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...

Pulse ID: 6a0f8f3596d6a5268e168a10
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f3596d6a5268e168a10
Pulse Author: AlienVault
Created: 2026-05-21 23:03:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #InfoSec #IoT #OTX #OpenThreatExchange #RAT #RDP #RemoteAccessTrojan #Russia #Telegram #Trojan #Word #Wordpress #bot #cryptocurrency #AlienVault

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign

A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...

Pulse ID: 6a0f8f3596d6a5268e168a10
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f3596d6a5268e168a10
Pulse Author: AlienVault
Created: 2026-05-21 23:03:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #InfoSec #IoT #OTX #OpenThreatExchange #RAT #RDP #RemoteAccessTrojan #Russia #Telegram #Trojan #Word #Wordpress #bot #cryptocurrency #AlienVault

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign

A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...

Pulse ID: 6a0f8f3596d6a5268e168a10
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f3596d6a5268e168a10
Pulse Author: AlienVault
Created: 2026-05-21 23:03:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #InfoSec #IoT #OTX #OpenThreatExchange #RAT #RDP #RemoteAccessTrojan #Russia #Telegram #Trojan #Word #Wordpress #bot #cryptocurrency #AlienVault

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign

A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...

Pulse ID: 6a0f8f3596d6a5268e168a10
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f3596d6a5268e168a10
Pulse Author: AlienVault
Created: 2026-05-21 23:03:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #InfoSec #IoT #OTX #OpenThreatExchange #RAT #RDP #RemoteAccessTrojan #Russia #Telegram #Trojan #Word #Wordpress #bot #cryptocurrency #AlienVault

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign

A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...

Pulse ID: 6a0f8f3596d6a5268e168a10
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f3596d6a5268e168a10
Pulse Author: AlienVault
Created: 2026-05-21 23:03:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #InfoSec #IoT #OTX #OpenThreatExchange #RAT #RDP #RemoteAccessTrojan #Russia #Telegram #Trojan #Word #Wordpress #bot #cryptocurrency #AlienVault

Gnome Remote Desktop with Ubuntu 26.04 and MacOSX Tahoe 26.5 and Windows App 11.35 (2947) #rdp

https://askubuntu.com/q/1567029/612

Gnome Remote Desktop with Ubuntu 26.04 and MacOSX Tahoe 26.5 and Windows App 11.35 (2947) #rdp

https://askubuntu.com/q/1567029/612

Gnome Remote Desktop with Ubuntu 26.04 and MacOSX Tahoe 26.5 and Windows App 11.35 (2947) #rdp

https://askubuntu.com/q/1567029/612

Gnome Remote Desktop with Ubuntu 26.04 and MacOSX Tahoe 26.5 and Windows App 11.35 (2947) #rdp

https://askubuntu.com/q/1567029/612

Gnome Remote Desktop with Ubuntu 26.04 and MacOSX Tahoe 26.5 and Windows App 11.35 (2947) #rdp

https://askubuntu.com/q/1567029/612

9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsplatform #windowsserver #vpsservers

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsplatform #windowsserver #vpsservers

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsplatform #windowsserver #vpsservers

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsplatform #windowsserver #vpsservers

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows ... Continued 👉 #vpsguide #vpsservers #rdpserver #vpsplatform #remotedesktopprotocol #windowsserver #microsoftremotedesktop

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #vpsguide #microsoftremotedesktop #vpsservers #vpsplatform #remotedesktopprotocol #windowsserver #rdpserver

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #vpsguide #microsoftremotedesktop #vpsservers #vpsplatform #remotedesktopprotocol #windowsserver #rdpserver

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #vpsguide #microsoftremotedesktop #vpsservers #vpsplatform #remotedesktopprotocol #windowsserver #rdpserver

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault