Pulse Secure A.I CyberSecurity Scoring
Pulse Secure
Company Information
Website:http://pulsesecure.net/
Employees number:121
Number of followers:19,199
NAICS:51125
Industry Type:Computer Networking Products
Homepage:pulsesecure.net
Pulse Secure Risk Score (AI oriented)
Between 600 and 649
Pulse SecureComputer Networking Products
Updated:
03/04/2026
03/04/2026
643/1000
Poor
Caa
Pulse Secure Global Score (TPRM)
xxxx
Pulse SecureComputer Networking Products
Score locked

Pulse SecurePoor
Current Score
643Caa (POOR)
01000
2 incidents
-21 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
650
JUNE 2026
649
MAY 2026
647
APRIL 2026
646
MARCH 2026
642
FEBRUARY 2026
641
JANUARY 2026
658
Cyber Attack
15 Jan 2026 • Pulse Secure
Fortinet, Ivanti, Sophos and Pulse Secure: Storm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise Credentials
Storm-2561 Exploits SEO Poisoning and Fake VPN Installers in Credential Theft Campaign
637
CRITICAL-21
PULSOPFORIVA1773404773
Storm-2561 Exploits SEO Poisoning and Fake VPN Installers in Credential Theft Campaign
Since May 2025, the financially motivated threat actor Storm-2561 has been conducting a credential theft campaign targeting enterprise VPN users by abusing SEO poisoning and trojanized VPN installers. The group leverages fake, code-signed software to harvest VPN credentials and configuration data, exploiting trust in search results and legitimate security certificates.
In mid-January 2026, Microsoft Defender Experts identified a renewed campaign where Storm-2561 manipulated search engine results to direct victims to spoofed VPN download sites, such as vpn-fortinet[.]com and ivanti-vpn[.]org. These domains mimicked well-known VPN vendors, including Fortinet, Pulse Secure, and Ivanti, before redirecting users to a now-removed malicious GitHub repository hosting a ZIP file (VPN-CLIENT.zip) containing a trojanized MSI installer.
The installer, disguised as a legitimate VPN client, deployed signed malware components including Pulse.exe, dwmapi.dll, and inspector.dll under a path imitating a real Pulse Secure installation (%CommonFiles%\Pulse Secure). The dwmapi.dll acted as an in-memory loader, executing shellcode to load inspector.dll, a variant of the Hyrax information stealer. This malware targeted stored VPN credentials and configuration data from C:\ProgramData\Pulse Secure\ConnectionStore\connectionstore.dat, exfiltrating them to a command-and-control server at 194.76.226[.]93:8080.
A key tactic in this campaign was the abuse of a legitimate code-signing certificate issued to Taiyuan Lihua Near Information Technology Co., Ltd., which was later revoked. The signed MSI and DLLs bypassed Windows security warnings and evaded detection by some security tools, lending the malware a false appearance of legitimacy. Additional signed samples, including Sophos-Connect-Client.exe and GlobalProtect-VPN.exe, indicated a broader distribution effort under the same certificate.
The fake VPN client displayed a realistic GUI mimicking Pulse Secure, prompting users for credentials before exfiltrating them and displaying a fake error message. To avoid suspicion, the malware sometimes redirected victims to the official vendor site, ensuring they ultimately installed a legitimate VPN leaving no immediate signs of compromise. Persistence was maintained via the Windows RunOnce registry key, ensuring the malware executed at reboot.
Microsoft Defender Antivirus detects the payloads as Trojan:Win32/Malgent and TrojanSpy:Win64/Hyrax, while Defender for Endpoint can block active infections and flag unusual VPN process execution. The campaign highlights Storm-2561’s reliance on SEO manipulation, brand impersonation, and code-signing abuse to monetize stolen credentials.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
657
NOVEMBER 2025
655
OCTOBER 2025
653
SEPTEMBER 2025
651
AUGUST 2025
649
APRIL 2025
752
Ransomware
10 Apr 2025 • Pulse Secure
Ivanti Connect Secure
Ivanti Connect Secure Ransomware Attack
640
CRITICAL-112
PUL707041025
In the first quarter of 2025, Ivanti Connect Secure suffered a significant ransomware attack. Threat actors targeted the company with a zero-day exploit purchased for $200,000, resulting in unauthorized remote code execution. The attack led to sensitive data exfiltration and resulted in leak site posts threatening to disclose the information if the ransom was not paid. The attack demonstrated the financial maturity of the ransomware groups, showing their ability to reinvest in sophisticated tools to perpetrate more advanced attacks. Ivanti Connect Secure experienced substantial data compromise, reputational damage, and financial implications due to the breach. This incident underscores the urgent need for enhanced cyber defenses and proactive security measures.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Pulse Secure ??
What was Pulse Secure's A.I Rankiteo Cyber Score in June 2026 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in May 2026 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in April 2026 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in March 2026 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in February 2026 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in January 2026 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in December 2025 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in November 2025 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in October 2025 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in September 2025 ??
What was Pulse Secure's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Pulse Secure's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Pulse Secure ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Pulse Secure's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?