Fake enterprise VPN downloads used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
Threat Post

Thousands of Fortinet VPN Account Credentials Leaked

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. UPDATE: Subsequent reporting and disclosures ...