Ransomware surged in 2025, but the bigger shift was how attacks are happening.

The 2026 MSP Threat Report breaks down how attackers are bypassing traditional defenses, where security gaps are emerging, and what IT Solution Providers can do to reduce risk earlier in the attack lifecycle.

👉 Download the report for free: http://ms.spr.ly/61107vEkLR

#Cybersecurity #MSP #ManagedServices #IT #ConnectWise #AI #Cybersecurity #MSPCommunity #MSPPlatform https://connectwiseadvocacy.sprinklr.com/content/ADVOCACY_205_69f3444047badd57afcee5e4?sourceType=ACCOUNT

CISA Flags Actively Exploited ConnectWise, Windows Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged two major vulnerabilities, including a critical flaw in ConnectWise ScreenConnect and a Microsoft Windows Shell bug, as actively exploited by hackers. These flaws could allow attackers to execute remote code, access confidential data, and compromise critical systems.

https://osintsights.com/cisa-flags-actively-exploited-connectwise-windows-flaws?utm_source=mastodon&utm_medium=social

#Cve20241708 #Cve202632202 #Windows #Connectwise #Screenconnect

CVE Alert: CVE-2024-1708 - ConnectWise - ScreenConnect - https://www.redpacketsecurity.com/cve-alert-cve-2024-1708-connectwise-screenconnect/

#OSINT #ThreatIntel #CyberSecurity #cve-2024-1708 #connectwise #screenconnect

March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day

In March 2026, 31 high-impact vulnerabilities were identified requiring prioritization for remediation, with 29 receiving Very Critical Risk Scores. Affected vendors included Cisco, Microsoft, Google, ConnectWise, and others, with Microsoft and Apple accounting for approximately 32% of vulnerabilities. Notably, the Interlock Ransomware Group exploited CVE-2026-20131, a zero-day deserialization vulnerability in Cisco Secure Firewall Management Center, as early as January 2026 to compromise enterprise networks. The group deployed custom remote access trojans and facilitated ransomware operations through crafted HTTP requests executing arbitrary Java code as root. Additional campaigns involved the DarkSword iOS exploit kit delivering GHOSTKNIFE, GHOSTSABER, and GHOSTBLADE payloads, and the Coruna exploit kit deploying PlasmaLoader malware. Nine vulnerabilities enabled remote code execution across multiple platforms. One vulnerability dated back nine years, emphasizing continued exploitation of legacy unpatched

Pulse ID: 69de0077cbff2dc8d99b17ff
Pulse Link: https://otx.alienvault.com/pulse/69de0077cbff2dc8d99b17ff
Pulse Author: AlienVault
Created: 2026-04-14 08:53:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #ConnectWise #CyberSecurity #Google #HTTP #InfoSec #Java #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RansomWare #RemoteAccessTrojan #RemoteCodeExecution #Trojan #Vulnerability #Word #ZeroDay #bot #iOS #AlienVault

In-Memory Loader Drops ScreenConnect

In February 2026, an attack chain was discovered that utilized a fraudulent Adobe Acrobat Reader download page to deceive victims into installing ConnectWise's ScreenConnect, a legitimate remote access tool exploited for malicious purposes. The attack employs sophisticated evasion techniques including heavy obfuscation, .NET reflection for in-memory payload execution, and dynamic code construction. A VBScript loader initiates the chain by downloading and executing obfuscated PowerShell commands that compile C# code entirely in memory. The loader manipulates the Process Environment Block to masquerade as legitimate Windows processes and abuses auto-elevated COM objects to bypass User Account Control without user prompts. This multi-layered approach successfully evades signature-based defenses and hinders forensic analysis while ultimately deploying ScreenConnect for unauthorized remote access.

Pulse ID: 69d8b1848ae30fd4dab9095d
Pulse Link: https://otx.alienvault.com/pulse/69d8b1848ae30fd4dab9095d
Pulse Author: AlienVault
Created: 2026-04-10 08:15:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Adobe #ConnectWise #CyberSecurity #InfoSec #NET #OTX #OpenThreatExchange #PowerShell #ScreenConnect #VBS #Windows #bot #AlienVault

#ConnectWise patches new flaw allowing #ScreenConnect hijacking

https://www.bleepingcomputer.com/news/security/connectwise-patches-new-flaw-allowing-screenconnect-hijacking/

#cybersecurity