ScreenConnect
-
Microsoft says AI chatbot recommendations were used to steer users to cryptojacking sites
Microsoft said it blocked a cryptojacking campaign that used AI chatbot recommendations and search poisoning to steer users to fake software downloads, with more than 150 malicious domains identified and ScreenConnect used to deploy miners.
-
Phishing campaign used RMM software to hit more than 80 organizations
A phishing campaign has targeted more than 80 organizations since at least April 2025, using legitimate remote monitoring tools to maintain access after victims opened fake Social Security Administration emails.
-
Phishing campaign lures LastPass and Bitwarden users to install remote-access tools
A phishing campaign impersonating LastPass and Bitwarden is distributing a binary that installs the Syncro RMM agent and deploys ScreenConnect for remote access, researchers reported; LastPass says it was not breached and users are advised to ignore unsolicited alerts and verify notices on official channels.
-
Nation-State Actor Breaches ConnectWise Customers’ ScreenConnect Instances
ConnectWise has disclosed that a nation-state actor compromised the ScreenConnect cloud instances of some customers, exploiting a vulnerability before a critical patch was implemented. The company is investigating the breach with the help of forensic experts.
-
ConnectWise Reports Cyber Attack Linked to Nation-State Actors
ConnectWise has disclosed a cyber attack likely orchestrated by a nation-state actor, affecting some ScreenConnect customers. The firm is investigating the breach with the help of Google Mandiant while assuring customers of enhanced security measures.
