Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Pulse Secure

Pulse Secure Vendor Cyber Rating & Cyber Score

pulsesecure.net

Pulse Secure provides easy, comprehensive software-driven Secure Access solutions that provide visibility and seamless, protected connectivity between users, devices, things, and services. Our suites uniquely integrate cloud, mobile, application, and network access to enable hybrid IT in a Zero Trust world. Today, more than 80% of the Fortune 500 and over 20,000 enterprises (and 18M end-points) and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.


Pulse Secure A.I CyberSecurity Scoring

Pulse Secure
Company Information
Website:http://pulsesecure.net/
Employees number:121
Number of followers:19,199
NAICS:51125
Industry Type:Computer Networking Products
Homepage:pulsesecure.net
Pulse Secure Risk Score (AI oriented)
Between 600 and 649
logo
Pulse SecureComputer Networking Products
Updated:
03/04/2026
643/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Pulse Secure Global Score (TPRM)
xxxx
logo
Pulse SecureComputer Networking Products
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Pulse Secure
Pulse SecurePoor
Current Score
643Caa (POOR)
01000
2 incidents
-21 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
650Before Incident
JUNE 2026
649Before Incident
MAY 2026
647Before Incident
APRIL 2026
646Before Incident
MARCH 2026
642Before Incident
FEBRUARY 2026
641Before Incident
JANUARY 2026
658Before Incident
Cyber Attack
15 Jan 2026Pulse Secure
Fortinet, Ivanti, Sophos and Pulse Secure: Storm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise Credentials

Storm-2561 Exploits SEO Poisoning and Fake VPN Installers in Credential Theft Campaign

637After Incident
CRITICAL-21
PULSOPFORIVA1773404773
Storm-2561 Exploits SEO Poisoning and Fake VPN Installers in Credential Theft Campaign Since May 2025, the financially motivated threat actor Storm-2561 has been conducting a credential theft campaign targeting enterprise VPN users by abusing SEO poisoning and trojanized VPN installers. The group leverages fake, code-signed software to harvest VPN credentials and configuration data, exploiting trust in search results and legitimate security certificates. In mid-January 2026, Microsoft Defender Experts identified a renewed campaign where Storm-2561 manipulated search engine results to direct victims to spoofed VPN download sites, such as vpn-fortinet[.]com and ivanti-vpn[.]org. These domains mimicked well-known VPN vendors, including Fortinet, Pulse Secure, and Ivanti, before redirecting users to a now-removed malicious GitHub repository hosting a ZIP file (VPN-CLIENT.zip) containing a trojanized MSI installer. The installer, disguised as a legitimate VPN client, deployed signed malware components including Pulse.exe, dwmapi.dll, and inspector.dll under a path imitating a real Pulse Secure installation (%CommonFiles%\Pulse Secure). The dwmapi.dll acted as an in-memory loader, executing shellcode to load inspector.dll, a variant of the Hyrax information stealer. This malware targeted stored VPN credentials and configuration data from C:\ProgramData\Pulse Secure\ConnectionStore\connectionstore.dat, exfiltrating them to a command-and-control server at 194.76.226[.]93:8080. A key tactic in this campaign was the abuse of a legitimate code-signing certificate issued to Taiyuan Lihua Near Information Technology Co., Ltd., which was later revoked. The signed MSI and DLLs bypassed Windows security warnings and evaded detection by some security tools, lending the malware a false appearance of legitimacy. Additional signed samples, including Sophos-Connect-Client.exe and GlobalProtect-VPN.exe, indicated a broader distribution effort under the same certificate. The fake VPN client displayed a realistic GUI mimicking Pulse Secure, prompting users for credentials before exfiltrating them and displaying a fake error message. To avoid suspicion, the malware sometimes redirected victims to the official vendor site, ensuring they ultimately installed a legitimate VPN leaving no immediate signs of compromise. Persistence was maintained via the Windows RunOnce registry key, ensuring the malware executed at reboot. Microsoft Defender Antivirus detects the payloads as Trojan:Win32/Malgent and TrojanSpy:Win64/Hyrax, while Defender for Endpoint can block active infections and flag unusual VPN process execution. The campaign highlights Storm-2561’s reliance on SEO manipulation, brand impersonation, and code-signing abuse to monetize stolen credentials.
INCIDENT DETAILS -
TYPE
Credential Theft
MOTIVATION
Financial Gain
IMPACT
Data Compromised: VPN credentials and configuration dataSystems Affected: Enterprise VPN usersIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: VPN credentials and configuration dataSensitivity Of Data: Highconnectionstore.datPersonally Identifiable Information: VPN credentials
DECEMBER 2025
657Before Incident
NOVEMBER 2025
655Before Incident
OCTOBER 2025
653Before Incident
SEPTEMBER 2025
651Before Incident
AUGUST 2025
649Before Incident
APRIL 2025
752Before Incident
Ransomware
10 Apr 2025Pulse Secure
Ivanti Connect Secure

Ivanti Connect Secure Ransomware Attack

640After Incident
CRITICAL-112
PUL707041025
In the first quarter of 2025, Ivanti Connect Secure suffered a significant ransomware attack. Threat actors targeted the company with a zero-day exploit purchased for $200,000, resulting in unauthorized remote code execution. The attack led to sensitive data exfiltration and resulted in leak site posts threatening to disclose the information if the ransom was not paid. The attack demonstrated the financial maturity of the ransomware groups, showing their ability to reinvest in sophisticated tools to perpetrate more advanced attacks. Ivanti Connect Secure experienced substantial data compromise, reputational damage, and financial implications due to the breach. This incident underscores the urgent need for enhanced cyber defenses and proactive security measures.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial
IMPACT
Data Compromised: Sensitive dataBrand Reputation Impact: Reputational damage
DATA BREACH
Type Of Data Compromised: Sensitive dataData Exfiltration: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Pulse Secure ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Pulse Secure's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Pulse Secure's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Pulse Secure ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Pulse Secure's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?