#troll — Public Fediverse posts

https://www.reuters.com/legal/government/tennessee-republicans-pass-new-map-erasing-majority-black-us-house-district-2026-05-07/

#tennessee #black #maga #voting #troll #psyop

ᴮᵉⁿ ᴿᵒʸᶜᵉVOTE IN THE PRIMARIES @[email protected] · 2026-05-11 · 14:15 UTC

#Tennessee removes its #black #US House district in #Memphis

#MAGA goons celebrate

"It's rigged why vote"

On the contrary people not #voting got us here as much as MAGA

Getting out of this means many things. But voting is a small effort compared to the other efforts so voices against voting are inauthentic or #troll #psyop

#Hungary had as bad or worse manipulations against #democracy, and look what Hungarians delivered

Are you angry? Do you want to fix this?

https://www.reuters.com/legal/government/tennessee-republicans-pass-new-map-erasing-majority-black-us-house-district-2026-05-07/

#tennessee #black #maga #voting #troll #psyop

ᴮᵉⁿ ᴿᵒʸᶜᵉVOTE IN THE PRIMARIES @[email protected] · 2026-05-11 · 14:15 UTC

#Tennessee removes its #black #US House district in #Memphis

#MAGA goons celebrate

"It's rigged why vote"

On the contrary people not #voting got us here as much as MAGA

Getting out of this means many things. But voting is a small effort compared to the other efforts so voices against voting are inauthentic or #troll #psyop

#Hungary had as bad or worse manipulations against #democracy, and look what Hungarians delivered

Are you angry? Do you want to fix this?

https://www.reuters.com/legal/government/tennessee-republicans-pass-new-map-erasing-majority-black-us-house-district-2026-05-07/

#tennessee #black #maga #voting #troll #psyop

ᴮᵉⁿ ᴿᵒʸᶜᵉVOTE IN THE PRIMARIES @[email protected] · 2026-05-11 · 14:15 UTC

#Tennessee removes its #black #US House district in #Memphis

#MAGA goons celebrate

"It's rigged why vote"

On the contrary people not #voting got us here as much as MAGA

Getting out of this means many things. But voting is a small effort compared to the other efforts so voices against voting are inauthentic or #troll #psyop

#Hungary had as bad or worse manipulations against #democracy, and look what Hungarians delivered

Are you angry? Do you want to fix this?

https://www.reuters.com/legal/government/tennessee-republicans-pass-new-map-erasing-majority-black-us-house-district-2026-05-07/

#tennessee #black #maga #voting #troll #psyop

OTX Bot @[email protected] · 2026-05-11 · 10:08 UTC

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

#asia #backdoor #credentialharvesting #cybersecurity #datatheft #government

OTX Bot @[email protected] · 2026-05-11 · 10:08 UTC

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

#asia #backdoor #credentialharvesting #cybersecurity #datatheft #government

OTX Bot @[email protected] · 2026-05-11 · 10:08 UTC

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

#asia #backdoor #credentialharvesting #cybersecurity #datatheft #government

OTX Bot @[email protected] · 2026-05-11 · 10:08 UTC

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

#alienvault #bot #wordpress #word #vulnerability #troll

OTX Bot @[email protected] · 2026-05-11 · 10:08 UTC

Mysterious hacker organization operating secretly for 6 years is exploiting critical cPanel vulnerability to deploy backdoor trojans

A previously unknown threat group designated Mr_Rot13 has been exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM, to compromise Linux servers globally. Active since at least 2020, the group deploys a Go-based payload installer that plants SSH keys, PHP webshells, malicious JavaScript for credential harvesting, and a cross-platform remote access tool called Filemanager. Stolen data is exfiltrated to attacker-controlled Telegram channels and command servers. The group has maintained operational security for six years with extremely low detection rates. Attack infrastructure includes domains registered as early as 2020, with over 2,000 attacking IP addresses observed worldwide. The campaign primarily targets cPanel installations and WordPress systems, with confirmed compromise of Southeast Asian government and military entities resulting in 4.37GB of sensitive data theft.

Pulse ID: 6a01847e13b4074a8d4b6381
Pulse Link: https://otx.alienvault.com/pulse/6a01847e13b4074a8d4b6381
Pulse Author: AlienVault
Created: 2026-05-11 07:25:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #CredentialHarvesting #CyberSecurity #DataTheft #Government #InfoSec #Java #JavaScript #Linux #Military #OTX #OpenThreatExchange #PHP #RAT #RDP #SSH #Telegram #Trojan #Troll #Vulnerability #Word #Wordpress #bot #AlienVault

#asia #backdoor #credentialharvesting #cybersecurity #datatheft #government

OTX Bot @[email protected] · 2026-05-11 · 10:03 UTC

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

#browser #cloud #cybersecurity #endpoint #google #infosec

OTX Bot @[email protected] · 2026-05-11 · 10:03 UTC

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

#browser #cloud #cybersecurity #endpoint #google #infosec

OTX Bot @[email protected] · 2026-05-11 · 10:03 UTC

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

#browser #cloud #cybersecurity #endpoint #google #infosec

OTX Bot @[email protected] · 2026-05-11 · 10:03 UTC

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

#alienvault #bot #word #troll #rust #rat

OTX Bot @[email protected] · 2026-05-11 · 10:03 UTC

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

#browser #cloud #cybersecurity #endpoint #google #infosec

OTX Bot @[email protected] · 2026-05-11 · 10:02 UTC

OPERATION SILENTCANVAS: JPEG BASED MULTISTAGE POWERSHELL INTRUSION

A sophisticated multi-stage intrusion campaign was identified leveraging a weaponized PowerShell payload disguised as a JPEG image file (sysupdate.jpeg) to deploy a trojanized ConnectWise ScreenConnect instance for covert remote access. The attack likely originates through social engineering techniques including phishing emails or malicious attachments. Upon execution, the malware establishes a staging environment, retrieves additional payloads from attacker-controlled infrastructure, and dynamically compiles a custom launcher using Microsoft's legitimate .NET compiler (csc.exe) to evade detection. The intrusion abuses ComputerDefaults.exe and a malicious ms-settings registry hijack to perform a fileless UAC bypass and obtain elevated privileges. Once elevated, the malware deploys a persistent service masquerading as OneDriveServers and launches a modified ScreenConnect framework capable of credential interception, remote command execution, surveillance operations, SYSTEM-level execution, encrypted command...

Pulse ID: 6a008382641183db3b20fef5
Pulse Link: https://otx.alienvault.com/pulse/6a008382641183db3b20fef5
Pulse Author: AlienVault
Created: 2026-05-10 13:09:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ConnectWise #CyberSecurity #EDR #Email #InfoSec #Malware #Microsoft #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RCE #RemoteCommandExecution #ScreenConnect #SocialEngineering #Trojan #Troll #bot #AlienVault

#connectwise #cybersecurity #edr #email #infosec #malware

OTX Bot @[email protected] · 2026-05-11 · 10:02 UTC

OPERATION SILENTCANVAS: JPEG BASED MULTISTAGE POWERSHELL INTRUSION

A sophisticated multi-stage intrusion campaign was identified leveraging a weaponized PowerShell payload disguised as a JPEG image file (sysupdate.jpeg) to deploy a trojanized ConnectWise ScreenConnect instance for covert remote access. The attack likely originates through social engineering techniques including phishing emails or malicious attachments. Upon execution, the malware establishes a staging environment, retrieves additional payloads from attacker-controlled infrastructure, and dynamically compiles a custom launcher using Microsoft's legitimate .NET compiler (csc.exe) to evade detection. The intrusion abuses ComputerDefaults.exe and a malicious ms-settings registry hijack to perform a fileless UAC bypass and obtain elevated privileges. Once elevated, the malware deploys a persistent service masquerading as OneDriveServers and launches a modified ScreenConnect framework capable of credential interception, remote command execution, surveillance operations, SYSTEM-level execution, encrypted command...

Pulse ID: 6a008382641183db3b20fef5
Pulse Link: https://otx.alienvault.com/pulse/6a008382641183db3b20fef5
Pulse Author: AlienVault
Created: 2026-05-10 13:09:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ConnectWise #CyberSecurity #EDR #Email #InfoSec #Malware #Microsoft #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RCE #RemoteCommandExecution #ScreenConnect #SocialEngineering #Trojan #Troll #bot #AlienVault

#connectwise #cybersecurity #edr #email #infosec #malware

OTX Bot @[email protected] · 2026-05-11 · 10:02 UTC

OPERATION SILENTCANVAS: JPEG BASED MULTISTAGE POWERSHELL INTRUSION

A sophisticated multi-stage intrusion campaign was identified leveraging a weaponized PowerShell payload disguised as a JPEG image file (sysupdate.jpeg) to deploy a trojanized ConnectWise ScreenConnect instance for covert remote access. The attack likely originates through social engineering techniques including phishing emails or malicious attachments. Upon execution, the malware establishes a staging environment, retrieves additional payloads from attacker-controlled infrastructure, and dynamically compiles a custom launcher using Microsoft's legitimate .NET compiler (csc.exe) to evade detection. The intrusion abuses ComputerDefaults.exe and a malicious ms-settings registry hijack to perform a fileless UAC bypass and obtain elevated privileges. Once elevated, the malware deploys a persistent service masquerading as OneDriveServers and launches a modified ScreenConnect framework capable of credential interception, remote command execution, surveillance operations, SYSTEM-level execution, encrypted command...

Pulse ID: 6a008382641183db3b20fef5
Pulse Link: https://otx.alienvault.com/pulse/6a008382641183db3b20fef5
Pulse Author: AlienVault
Created: 2026-05-10 13:09:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ConnectWise #CyberSecurity #EDR #Email #InfoSec #Malware #Microsoft #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RCE #RemoteCommandExecution #ScreenConnect #SocialEngineering #Trojan #Troll #bot #AlienVault

#connectwise #cybersecurity #edr #email #infosec #malware

OTX Bot @[email protected] · 2026-05-11 · 10:02 UTC

OPERATION SILENTCANVAS: JPEG BASED MULTISTAGE POWERSHELL INTRUSION

A sophisticated multi-stage intrusion campaign was identified leveraging a weaponized PowerShell payload disguised as a JPEG image file (sysupdate.jpeg) to deploy a trojanized ConnectWise ScreenConnect instance for covert remote access. The attack likely originates through social engineering techniques including phishing emails or malicious attachments. Upon execution, the malware establishes a staging environment, retrieves additional payloads from attacker-controlled infrastructure, and dynamically compiles a custom launcher using Microsoft's legitimate .NET compiler (csc.exe) to evade detection. The intrusion abuses ComputerDefaults.exe and a malicious ms-settings registry hijack to perform a fileless UAC bypass and obtain elevated privileges. Once elevated, the malware deploys a persistent service masquerading as OneDriveServers and launches a modified ScreenConnect framework capable of credential interception, remote command execution, surveillance operations, SYSTEM-level execution, encrypted command...

Pulse ID: 6a008382641183db3b20fef5
Pulse Link: https://otx.alienvault.com/pulse/6a008382641183db3b20fef5
Pulse Author: AlienVault
Created: 2026-05-10 13:09:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ConnectWise #CyberSecurity #EDR #Email #InfoSec #Malware #Microsoft #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RCE #RemoteCommandExecution #ScreenConnect #SocialEngineering #Trojan #Troll #bot #AlienVault

#alienvault #bot #troll #trojan #socialengineering #screenconnect

OTX Bot @[email protected] · 2026-05-11 · 10:02 UTC

OPERATION SILENTCANVAS: JPEG BASED MULTISTAGE POWERSHELL INTRUSION

A sophisticated multi-stage intrusion campaign was identified leveraging a weaponized PowerShell payload disguised as a JPEG image file (sysupdate.jpeg) to deploy a trojanized ConnectWise ScreenConnect instance for covert remote access. The attack likely originates through social engineering techniques including phishing emails or malicious attachments. Upon execution, the malware establishes a staging environment, retrieves additional payloads from attacker-controlled infrastructure, and dynamically compiles a custom launcher using Microsoft's legitimate .NET compiler (csc.exe) to evade detection. The intrusion abuses ComputerDefaults.exe and a malicious ms-settings registry hijack to perform a fileless UAC bypass and obtain elevated privileges. Once elevated, the malware deploys a persistent service masquerading as OneDriveServers and launches a modified ScreenConnect framework capable of credential interception, remote command execution, surveillance operations, SYSTEM-level execution, encrypted command...

Pulse ID: 6a008382641183db3b20fef5
Pulse Link: https://otx.alienvault.com/pulse/6a008382641183db3b20fef5
Pulse Author: AlienVault
Created: 2026-05-10 13:09:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ConnectWise #CyberSecurity #EDR #Email #InfoSec #Malware #Microsoft #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RCE #RemoteCommandExecution #ScreenConnect #SocialEngineering #Trojan #Troll #bot #AlienVault

#connectwise #cybersecurity #edr #email #infosec #malware

GLOBAL Visibility aéPiot - by aePiot.ro @[email protected] · 2026-05-11 · 06:19 UTC

#TROLL #SATELLITE www.perplexity.ai/search/new?q... www.paypal.com/donate?busin...

Perplexity

#troll #satellite

GLOBAL Visibility aéPiot - by aePiot.ro @[email protected] · 2026-05-11 · 06:19 UTC

#TROLL #SATELLITE www.perplexity.ai/search/new?q... www.paypal.com/donate?busin...

Perplexity

#troll #satellite

UnformedWorlds @[email protected] · 2026-05-10 · 11:18 UTC

#SilentSunday #nature #photography #troll #ent #treant #tree #NoAI

#silentsunday #nature #photography #troll #ent #treant

UnformedWorlds @[email protected] · 2026-05-10 · 11:18 UTC

#SilentSunday #nature #photography #troll #ent #treant #tree #NoAI

#silentsunday #nature #photography #troll #ent #treant

UnformedWorlds @[email protected] · 2026-05-10 · 11:18 UTC

#SilentSunday #nature #photography #troll #ent #treant #tree #NoAI

#silentsunday #nature #photography #troll #ent #treant

UnformedWorlds @[email protected] · 2026-05-10 · 11:18 UTC

#SilentSunday #nature #photography #troll #ent #treant #tree #NoAI

#noai #tree #treant #ent #troll #photography

UnformedWorlds @[email protected] · 2026-05-10 · 11:18 UTC

#SilentSunday #nature #photography #troll #ent #treant #tree #NoAI

#silentsunday #nature #photography #troll #ent #treant

JanR @[email protected] · 2026-05-09 · 17:59 UTC

Opvallend dat ik vandaag al meerdere accounts ben tegengekomen, en daarna heb gerapporteerd, geblokkeerd of genegeerd, die vandaag heel veel berichten hebben geplaatst ter meerdere glorie van Rusland, Putin etc. en die tekeer gaan tegen Ukraine en de NATO.
Heeft Vladimir een nieuwe trollenfabriek geopend of zo ?

Afbeelding is stukje van site waar veelvuldig naar verwezen wordt of geciteerd wordt.
(Ik gun ze het bezoek niet, dus heb de url weggeknipt)

JanR @[email protected] · 2026-05-09 · 17:59 UTC

Opvallend dat ik vandaag al meerdere accounts ben tegengekomen, en daarna heb gerapporteerd, geblokkeerd of genegeerd, die vandaag heel veel berichten hebben geplaatst ter meerdere glorie van Rusland, Putin etc. en die tekeer gaan tegen Ukraine en de NATO.
Heeft Vladimir een nieuwe trollenfabriek geopend of zo ?

Afbeelding is stukje van site waar veelvuldig naar verwezen wordt of geciteerd wordt.
(Ik gun ze het bezoek niet, dus heb de url weggeknipt)

JanR @[email protected] · 2026-05-09 · 17:59 UTC

Opvallend dat ik vandaag al meerdere accounts ben tegengekomen, en daarna heb gerapporteerd, geblokkeerd of genegeerd, die vandaag heel veel berichten hebben geplaatst ter meerdere glorie van Rusland, Putin etc. en die tekeer gaan tegen Ukraine en de NATO.
Heeft Vladimir een nieuwe trollenfabriek geopend of zo ?

Afbeelding is stukje van site waar veelvuldig naar verwezen wordt of geciteerd wordt.
(Ik gun ze het bezoek niet, dus heb de url weggeknipt)

JanR @[email protected] · 2026-05-09 · 17:59 UTC

Opvallend dat ik vandaag al meerdere accounts ben tegengekomen, en daarna heb gerapporteerd, geblokkeerd of genegeerd, die vandaag heel veel berichten hebben geplaatst ter meerdere glorie van Rusland, Putin etc. en die tekeer gaan tegen Ukraine en de NATO.
Heeft Vladimir een nieuwe trollenfabriek geopend of zo ?

Afbeelding is stukje van site waar veelvuldig naar verwezen wordt of geciteerd wordt.
(Ik gun ze het bezoek niet, dus heb de url weggeknipt)

#troll #nato #ukraine #putin #russia

JanR @[email protected] · 2026-05-09 · 17:59 UTC

Opvallend dat ik vandaag al meerdere accounts ben tegengekomen, en daarna heb gerapporteerd, geblokkeerd of genegeerd, die vandaag heel veel berichten hebben geplaatst ter meerdere glorie van Rusland, Putin etc. en die tekeer gaan tegen Ukraine en de NATO.
Heeft Vladimir een nieuwe trollenfabriek geopend of zo ?

Afbeelding is stukje van site waar veelvuldig naar verwezen wordt of geciteerd wordt.
(Ik gun ze het bezoek niet, dus heb de url weggeknipt)

JanR @[email protected] · 2026-05-09 · 15:11 UTC

Russische(?) trol.
Actief sinds gisteren.
Gerapporteerd en geblokkeerd.
Geef ze alstublieft niet de mogelijkheid om hun rotzooi hier te spuien.

Russian(?) troll.
Active since yesterday.
Reported and blocked
Please don't give them the opportunity to spew their trash here.

JanR @[email protected] · 2026-05-09 · 15:11 UTC

Russische(?) trol.
Actief sinds gisteren.
Gerapporteerd en geblokkeerd.
Geef ze alstublieft niet de mogelijkheid om hun rotzooi hier te spuien.

Russian(?) troll.
Active since yesterday.
Reported and blocked
Please don't give them the opportunity to spew their trash here.

JanR @[email protected] · 2026-05-09 · 15:11 UTC

Russische(?) trol.
Actief sinds gisteren.
Gerapporteerd en geblokkeerd.
Geef ze alstublieft niet de mogelijkheid om hun rotzooi hier te spuien.

Russian(?) troll.
Active since yesterday.
Reported and blocked
Please don't give them the opportunity to spew their trash here.

JanR @[email protected] · 2026-05-09 · 15:11 UTC

Russische(?) trol.
Actief sinds gisteren.
Gerapporteerd en geblokkeerd.
Geef ze alstublieft niet de mogelijkheid om hun rotzooi hier te spuien.

Russian(?) troll.
Active since yesterday.
Reported and blocked
Please don't give them the opportunity to spew their trash here.

#usa #ukraine #russia #troll

JanR @[email protected] · 2026-05-09 · 15:11 UTC

Russische(?) trol.
Actief sinds gisteren.
Gerapporteerd en geblokkeerd.
Geef ze alstublieft niet de mogelijkheid om hun rotzooi hier te spuien.

Russian(?) troll.
Active since yesterday.
Reported and blocked
Please don't give them the opportunity to spew their trash here.

ɘigɘnstil @[email protected] · 2026-05-09 · 12:43 UTC

#barfußpark #beelitz #woodart #troll

ɘigɘnstil @[email protected] · 2026-05-09 · 12:43 UTC

#barfußpark #beelitz #woodart #troll

ɘigɘnstil @[email protected] · 2026-05-09 · 12:43 UTC

#barfußpark #beelitz #woodart #troll

ɘigɘnstil @[email protected] · 2026-05-09 · 12:43 UTC

#troll #woodart #beelitz #barfußpark

ɘigɘnstil @[email protected] · 2026-05-09 · 12:43 UTC