From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect

A newly discovered loader called SILENTCONNECT is being used in active campaigns to silently install ScreenConnect, a remote monitoring and management tool, on victim machines. The infection chain begins with users being redirected to a Cloudflare Turnstile CAPTCHA page disguised as a digital invitation. Upon clicking, a VBScript file is downloaded, which retrieves and executes C# source code in memory using PowerShell. SILENTCONNECT employs various evasion techniques, including PEB masquerading and UAC bypass. The campaigns leverage trusted hosting providers like Google Drive and Cloudflare, and abuse living-off-the-land binaries. The loader has been active since March 2025 and poses a significant threat due to its stealthy nature and effectiveness.

Pulse ID: 69bbd761dff7b64814123d3f
Pulse Link: https://otx.alienvault.com/pulse/69bbd761dff7b64814123d3f
Pulse Author: AlienVault
Created: 2026-03-19 11:00:49

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CAPTCHA #Cloud #CyberSecurity #Google #InfoSec #Mac #OTX #OpenThreatExchange #PowerShell #RCE #Rust #ScreenConnect #VBS #bot #AlienVault

...das #VBS als Sicherheitsrisiko 🫣

- Valeriya Novodvorskaya bezeichnete Putin (schon vor 2013, als der Bube in Moskau 'studierte') als Monster
- 2014 wurde die Krim überfallen
- usw., usw.

#CH #Politik #Landesverteidigung #Verrat

https://www.srf.ch/news/schweiz/heikle-russlandnaehe-appenzell-ausserrhoden-heuert-umstrittenen-ex-oberstleutnant-an

Cloud Atlas: Analysis of Phishing Campaign and VBShower Backdoor

Pulse ID: 699d3e7bfa78fc758cbaebfd
Pulse Link: https://otx.alienvault.com/pulse/699d3e7bfa78fc758cbaebfd
Pulse Author: Tr1sa111
Created: 2026-02-24 06:00:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CloudAtlas #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Phishing #VBS #bot #Tr1sa111

Cloud Atlas: Analysis of Phishing Campaign and VBShower Backdoor

The article analyzes a phishing campaign by the Cloud Atlas APT group targeting Russian organizations. It details five successful attacks on the same system over time, using malicious Microsoft Office documents to deliver the VBShower backdoor. The attackers used alternate data streams to hide malicious code and maintained persistence through registry modifications. The analysis covers the evolution of the attack chain, including the use of VBCloud malware and various command and control servers. Despite prolonged access, no evidence of lateral movement was found. The report concludes that Cloud Atlas continues to be active, using consistent tactics and tools.

Pulse ID: 699c2539b33fbe17058937b3
Pulse Link: https://otx.alienvault.com/pulse/699c2539b33fbe17058937b3
Pulse Author: AlienVault
Created: 2026-02-23 10:00:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CloudAtlas #CyberSecurity #ICS #InfoSec #Malware #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #Russia #VBS #bot #AlienVault

Engaged Buddhism: Vietnam Sangha Reports Charitable Impact Totaling US$82.3 Million in 2025

🔗 Read more: https://tinyurl.com/bp5ssdb4

#Buddhism #Vietnam #EngagedBuddhism #Charity #Compassion #VBS #HoChiMinh #Sangha