> TritonInfoSec News
Home / Mar 17, 2026 / Story
0
#6 SecurityWeek general March 16, 2026 at 12:28 UTC

Threat Actor Targeting VPN Users in New Credential Theft Campaign

By Ionut Arghire

AI Summary

The Storm-2561 threat actor is distributing fake VPN clients through SEO poisoning techniques, deploying trojans to steal login credentials from users seeking VPN services. The campaign targets users searching for legitimate VPN solutions, compromising their authentication data through malicious software disguised as security tools.

Read full article → https://www.securityweek.com/threat-actor-targetin…

Relevance score: 74.0/100

# More from March 17

  1. 1
    GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos The Hacker News
  2. 2
    Stryker attack wiped tens of thousands of devices, no malware needed BleepingComputer
  3. 3
    CISA flags Wing FTP Server flaw as actively exploited in attacks BleepingComputer
  4. 4
    Russia-linked espionage campaign targeting Ukraine using Starlink and charity lures The Record
  5. 5
    China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation SecurityWeek
  6. 7
    UK’s Companies House confirms security flaw exposed business data BleepingComputer
  7. 8
    Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact SecurityWeek
  8. 9
    Security Firm Executive Targeted in Sophisticated Phishing Attack SecurityWeek
  9. 10
    Attackers Abuse LiveChat to Phish Credit Card, Personal Data Dark Reading