Threat Research

    Qilin Affiliates Spear-Phish MSP ScreenConnect Admin, Targeting Customers Downstream

    In late January 2025, a Managed Service Provider (MSP) administrator received a convincing phishing email disguised as an authentication alert for their ScreenConnect Remote Monitoring and Management (RMM) tool....
    4/11/2025  0
    Read More »

    CVE-2024-1708 - ScreenConnect Path Traversal Exploitation - Security

    This detection identifies file modifications to ASPX and ASHX files in the root of the App_Extensions directory, which can be exploited through the ZipSlip vulnerability in versions before 23.9.8. This occurs during the exploitation of CVE-2024-1708....
    1/31/2025  0
    Read More »

    ScreenConnect User Database Modification - Security

    The "ScreenConnect User Database Modification - Security" detects changes to the temporary XML user database file, which may indicate local user modifications in the ScreenConnect server....
    1/9/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.