In mid-January 2026, Microsoft Defender Experts uncovered a credential theft operation orchestrated by the financially motivated threat actor Storm-2561. Active since May 2025, this group relies heavily on search engine optimization (SEO) poisoning to distribute malware. By pushing malicious websites to the top of search results for popular enterprise virtual private network (VPN) software, attackers […] The post SEO Poisoning Campaign Uses Signed Trojans To Harvest VPN Credentials appeared first on Cyber Security News.