May 27, 2025 DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers Ransomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network Security OperationsThreat Research
April 01, 2025 Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365. Security OperationsThreat Research
December 13, 2022 Signed driver malware moves up the software trust chain The criminals signed their AV-killer malware, closely related to one known as BURNTCIGAR, with a legitimate WHCP certificate Security OperationsThreat Research
