ReliaQuest
-
Hackers bypass SonicWall VPN MFA after incomplete patching
Threat actors bypassed MFA on SonicWall Gen6 SSL-VPN appliances in attacks between February and March, exploiting a flaw that stayed open on devices that were updated but not fully remediated, according to a ReliaQuest analysis.
-
LinkedIn messages used to deliver RAT via DLL sideloading
A LinkedIn phishing campaign delivers a WinRAR SFX that sideloads a malicious DLL and installs a Python interpreter which runs Base64 in-memory shellcode to deploy a remote access trojan and exfiltrate data.
-
Silver Fox uses fake Microsoft Teams installers in false-flag ValleyRAT campaign
Security researchers report that the Silver Fox group has run an SEO poisoning campaign since November 2025 that uses fake Microsoft Teams installers to deliver ValleyRAT to organisations in China; technical analysis from ReliaQuest and Nextron Systems details layered infection chains, false-flag indicators and the use of vulnerable drivers.
-
ReliaQuest: Chinese-linked group converted ArcGIS server into long-term backdoor
ReliaQuest reported that a state-linked group known as Flax Typhoon modified an ArcGIS Java extension into a web shell, implanted it in backups and used it to run discovery, deploy a SoftEther-based VPN bridge and maintain access for over a year.
