Microsoft says a cybercriminal group it tracks as Storm-2561 is running a credential theft campaign that uses fake VPN clients pushed through search engine optimization poisoning, luring users who search for trusted enterprise software into downloading trojanized installers instead of real tools. Microsoft Defender Experts identified the activity in mid-January 2026, and the company says […] The post Microsoft Tracks Storm-2561 In Fake VPN Client Credential Theft Scheme appeared first on Cyber Security News.