-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Search results for ManageEngine RMM Tool | Breaking Cybersecurity News | The Hacker News

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

Jun 23, 2026 Malware / Social Engineering
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp Web across Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, Australia, Russia, and Vietnam. The highest concentration of victims has been reported in Malaysia. "The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment," security researcher Fareed Radzi said . "Once executed, the VBScript initiates a multi-stage infection chain that ultimately results in the installation of legitimate Remote Monitoring and Management (RMM) software, enabling remote access to the victim's system." It's suspected that the threat actor behind the operation ma...
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Feb 09, 2026 Vulnerability / Endpoint Security
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently disclosed flaws (CVE-2025-40551, CVSS score: 9.8, and CVE-2025-40536, CVSS score: 8.1), or a previously patched vulnerability (CVE-2025-26399, CVSS score: 9.8). "Since the attacks occurred in December 2025 and on machines vulnerable to both the old and new set of CVEs at the same time, we cannot reliably confirm the exact CVE used to gain an initial foothold," the company said in a report published last week. While CVE-2025-40536 is a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality, CVE-2025-...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources