Skip to content
A threat actor tracked as Storm-2561 has been targeting VPN users in a new credential theft campaign, Microsoft reports. Active since at least May 2025, Storm-2561 is known for using search engine optimization (SEO) poisoning for malware distribution and for impersonating popular software vendors to attract victims to malicious websites. The newly observed campaign started in mid-January, aimed at...