A financially motivated threat actor tracked as Storm-2561 is running a credential theft campaign that abuses SEO poisoning and fake, signed VPN installers to steal enterprise VPN credentials. Active since May 2025, Storm-2561 continues to exploit user trust in search results, known VPN brands, and code-signing certificates to distribute malware disguised as legitimate remote access […]

The post Storm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.