screenconnect

Machine-Speed Extortion: How Spider Groups and RMM Abuse Are Owning the Cloud

John Z Black May 4, 2026

Incidents & Breaches #RMM #SaaS #extortion #spider-groups #screenconnect #simplehelp #shinyhunters #adt #supply-chain

Cordial Spider, Snarky Spider, and VENOMOUS#HELPER aren't breaking into cloud environments. They're walking in through the help desk.

Searching for Tax Forms? Malicious Google Ads Want to Kill Your Antivirus First

John Z Black Mar 25, 2026

Threat Intelligence #malvertising #byovd #screenconnect #edr #tax-season #endpoint-security #huntress

A malvertising campaign running since January targets W2 and W9 searchers with a kill chain that disables endpoint security at the kernel level before installing remote access malware. Your antivirus can't stop it once it's running.

The Control-Plane Exposure Problem: ScreenConnect, SharePoint, UniFi, and Magento

John Z Black Mar 20, 2026

Vulnerabilities & Patching #vulnerability-management #screenconnect #sharepoint #unifi #magento #patch-prioritization

Today's critical bugs are not equal. ScreenConnect, SharePoint, UniFi, and Magento all threaten high-leverage control surfaces where one compromise can cascade.