On Tue, Dec 9, 2025 at 3:27 AM Alessandro Vesely via mailop < [email protected]> wrote:
> > It is worth checking logins, definitely. That's how I discovered a breach > and > prompted the user to change her password ASAP. What is strange is the way > the > intruders behaved. > > Not sure if it's related, but we're also seeing a lot of compromised passwords recently. The attacker will take over an account and use it to try to send out emails to the email groups that the account is subscribed to. Anecdotally, we've had reports that the malware they're trying to spread involves ConnectWise ScreenConnect. The malware links have been served from the anvil.app and replit.app domains. Mark
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
