EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

New intrusion techniques exploit trusted tools and social engineering for persistence and compromise

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-13 11:42 UTCUpdated 2026-05-13 14:44 UTC
rss
cveexploitsmalwarethreat_actorsincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
ClickFix finds a backup plan in PySoxy proxy chains
CSO Online · News · csoonline.com · 2026-05-13 11:42 UTC
limited source diversity in top sources
View all evidence
Overview

Recent investigations reveal attackers leveraging social engineering and trusted enterprise tools to establish persistent access and escalate privileges.

Entities
ReliaQuestRapid7ClickFixPySoxyModeloRATAnna Širokova
Score total
0.96
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • Recent April 2026 incidents demonstrate novel combinations of techniques for stealthy persistence.
  • The use of open-source proxy tools like PySoxy in active intrusions is a new development.
  • Rapid exploitation of collaboration platforms underscores urgent need for enhanced security controls.
Why it matters
  • Attackers exploit trusted enterprise tools and social engineering to bypass traditional defenses.
  • Collaboration platforms like Microsoft Teams are increasingly targeted as attack vectors.
  • Understanding these tactics aids in improving detection and response strategies.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • ClickFix social engineering technique combined with PySoxy proxy chains enables encrypted dual-channel persistence without common malware
  • Attackers used a fake IT support account on Microsoft Teams to deliver a Python payload leading to domain compromise via credential theft and lateral movement
How sources frame it
  • ReliaQuest Researchers: neutral
  • Rapid7 Analysts: neutral
This briefing highlights emerging attacker techniques combining social engineering with proxy tools and collaboration platforms to maintain persistence and escalate privileges.
All evidence
All evidence
ClickFix finds a backup plan in PySoxy proxy chains
CSO Online · csoonline.com · 2026-05-13 11:42 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • Rapid7 Blog (1)
  • CSO Online (1)
Top origin domains (this list)
  • rapid7.com (1)
  • csoonline.com (1)