---
title: "Miasma Hits RedHat, Active VPN Exploitation, Signal Backup Phishing | DMARC Report"
description: "Cybersecurity roundup: Red Hat Miasma attack, GlobalProtect VPN exploits, Signal phishing, botnet takedown, data breaches, and active CVEs."
image: "https://dmarcreport.com/og/blog/miasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing.png"
canonical: "https://dmarcreport.com/blog/miasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing/"
---

Quick Answer

Cybersecurity threats surged this week with the Red Hat Miasma supply-chain attack, active VPN exploits, Signal phishing scams, and major data leaks. Organizations should patch systems, rotate credentials, and strengthen phishing defenses immediately.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fmiasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Miasma%20Hits%20RedHat%2C%20Active%20VPN%20Exploitation%2C%20Signal%20Backup%20Phishing&url=undefined%2Fblog%2Fmiasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fmiasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fmiasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing%2F&title=Miasma%20Hits%20RedHat%2C%20Active%20VPN%20Exploitation%2C%20Signal%20Backup%20Phishing "Share on Reddit") [ ](mailto:?subject=Miasma%20Hits%20RedHat%2C%20Active%20VPN%20Exploitation%2C%20Signal%20Backup%20Phishing&body=Check out this article: undefined%2Fblog%2Fmiasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing%2F "Share via Email") 

![Cybersecurity News](https://media.mailhop.org/dmarcreport/gmail-dmarc-9311-1780489455189.jpg) 

## Red Hat npm Packages Hit by “Miasma” Supply Chain Attack

In one of the most technically alarming stories of the week, a significant [supply chain attack](https://cybersecuritynews.com/red-hat-cloud-services-npm-packages/) on June 1, 2026, targeted over 30 official packages under the @redhat-cloud-services npm scope. The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family — a sophisticated credential-stealing worm previously linked to [threat actor](https://www.csoonline.com/article/4066008/government-shutdown-deepens-us-cyber-risk-exposing-networks-to-threat-actors.html) group TeamPCP. This was not a [typosquatting campaign](https://www.malwarebytes.com/blog/threat-intel/2022/10/large-typosquatting-campaign-delivers-tech-support-scams). The attackers hijacked a legitimate, trusted npm namespace and published backdoored versions of widely-used frontend components, **API clients**, and developer tooling.

Investigation revealed that at least 32 package releases contained unauthorized modifications. These packages cumulatively average approximately **80,000 weekly** downloads.

_The malware enumerates repositories the token can write to, reads workflow files via GraphQL, and commits a malicious workflow so that the commit appears as a verified, signed change_. It also checks for endpoint protection from CrowdStrike, SentinelOne, and [Carbon Black](https://chemanager-online.com/en/news/orion-plans-to-shut-down-carbon-black-plants) before commencing its malicious actions.

Any developer or organization that installed affected @redhat-cloud-services package versions on or after June 1 should immediately treat all GitHub tokens, npm tokens, and cloud credentials as compromised.

## Palo Alto Networks GlobalProtect VPN Actively Exploited — Patch Now

Hackers began exploiting **CVE-2026-0257**, a high-severity authentication bypass [vulnerability in Palo Alto Networks](https://www.securityweek.com/recent-palo-alto-networks-vulnerability-exploited-for-weeks/) PAN-OS GlobalProtect, just four days after public disclosure. The security defect allows attackers to bypass restrictions and establish VPN connections to **vulnerable appliances**. Palo Alto Networks released fixes for the bug on May 13, and on Friday updated its advisory to warn that threat actors are actively exploiting the flaw in the wild.![Dmarc Check 6703](https://media.mailhop.org/dmarcreport/dmarc-check-6703-1780485599142.jpg)The threat actor successfully exploited CVE-2026-0257 across multiple environments, probing the authentication bypass using forged cookies. In eight out of ten cases, the cookies were accepted without a full [VPN](https://www.bleepingcomputer.com/news/security/globalprotect-vpn-portals-probed-with-23-million-scan-sessions/) session being established.

**CISA** added the vulnerability to its [Known Exploited Vulnerabilities catalog](https://www.armosec.io/glossary/known-exploited-vulnerabilities-catalog-kev/). Organizations running Palo Alto firewalls with [GlobalProtect portal](https://www.bleepingcomputer.com/news/security/globalprotect-vpn-portals-probed-with-23-million-scan-sessions/) or gateway enabled should apply patches immediately and check for signs of unauthorized **VPN connections**.

## Signal Users Targeted in Sophisticated Backup-Stealing Phishing Campaign

Hackers are targeting Signal users in an attempt to steal their chat backups as part of a new hacking campaign. _In this particular case, the hackers are pretending to be Signal’s support team to exploit the target’s trust in the app and the organization behind it._

The scheme, first reported in **late May 2026**, impersonates “Signal Support” with fraudulent messages warning of imminent data loss due to a fabricated “sync issue.” Victims receive direct messages from an unverified account labeled “Signal Support,” urging them to act quickly to **avoid permanent data loss**.

Journalist Josh Rogin noted that several [anti-Chinese](https://hrf.org/program/chinese-communist-party-disruption-initiative/) [Communist Party](https://hrf.org/program/chinese-communist-party-disruption-initiative/) activists received this malicious message. _The director at Access Now’s Digital Security Helpline confirmed that two additional people shared similar messages — and neither was a Chinese activist — suggesting the campaign could be more widespread, targeting journalists, dissidents, and human rights defenders_.

Signal has clarified that it will never reach out to users first and will never ask for a registration code, PIN, or [recovery key](https://www.task-note.com/glossary/recovery-key). Any such message is malicious. Users should enable **additional security measures** and ignore any unsolicited contact claiming to be from Signal Support.

## Fake UK Visa Portal Leaks 100,000 Passports and Selfies

![Dmarc Analyzer 1970](https://media.mailhop.org/dmarcreport/dmarc-analyzer-1970-1780485648065.jpg)A website named “[UK Visa Portal](https://www.techradar.com/pro/security/uk-visa-portal-website-leaks-thousands-of-user-passport-data-and-photos-online)” publicly exposed its users’ crucial information, including passport pages and photographs. _Primary passport pages exposing full names, passport numbers, nationalities, dates of birth, places of birth, and issue and expiry dates were included in the leak, but accompanying documents also provided home addresses, contact numbers, and email addresses._ TechCrunch reports at least **100,000 documents** were available without restrictions, and as of May 26, 2026, the issue had still not been addressed.

The exposed files were stored in an [AWS S3 bucket](https://www.techtarget.com/searchaws/definition/AWS-bucket). Rather than fixing the issue, the company reportedly sent attorneys in response to disclosure attempts.

Critically, this is not an official **UK government** website. The site requires applicants to upload sensitive documents and pay a fee, giving it an air of legitimacy. Anyone who used this service should remain alert to targeted phishing and identity fraud attempts using their exposed passport details.

## Trump Mobile Confirms Customer Data Exposure

_Phone provider Trump Mobile confirmed that it was exposing customers’ names, email addresses, mailing addresses, cell numbers, and order identifiers to the open internet._ The company said the exposure was linked to a **third-party platform provider** that supports “certain Trump Mobile operations,” and that no breach of [Trump Mobile’s network](https://techcrunch.com/2026/05/22/trump-mobile-confirms-it-exposed-customers-personal-data-including-phone-numbers-and-home-addresses/), systems, or infrastructure had occurred.

The incident was characterized as a [data leak](https://informationsecuritybuzz.com/leak-hsbc-customer-data-bank-denies-breach/) rather than a targeted hack, involving an open data exposure that allows unauthorized access to a company database. The security flaw was brought to light by independent researchers who confirmed that their own personal information was accessible online after purchasing the company’s flagship hardware.

The Trump Mobile case highlights a recurring and dangerous pattern: companies placing excessive trust in third-party providers without adequate contractual **security obligations or vendor monitoring**.

## ChatGPT Vulnerability “ChatGPhish” Used to Launch Prompt Injection Phishing Attacks

[Cybersecurity](https://dmarcreport.com/blog/email-security-meets-cybersecurity-understanding-the-role-of-dmarc-reports/) researchers disclosed details of a vulnerability in OpenAI ChatGPT that leverages the AI assistant’s implicit trust in Markdown links and images to trigger [prompt injections](https://thecyberexpress.com/chatgphish-prompt-injection-vulnerability/) and open the door to [phishing attacks](https://www.msspalert.com/brief/novel-usps-spoofing-phishing-attack-relies-on-malicious-pdfs). The technique has been codenamed ChatGPhish by Permiso Security. “The chatgpt.com response renderer trusts Markdown links and Markdown image URLs that originated from a third-party page the assistant has just summarized. It auto-fetches those images and surfaces those links as live, clickable elements inside the trusted assistant UI,” **security researcher Andi Ahmeti** said.

This is a particularly insidious vulnerability because the phishing content is delivered through a trusted, **AI-generated interface** — making it far more convincing than a traditional suspicious link. Users relying on ChatGPT to summarize documents or web pages should be aware that summarized content could be weaponized to inject [malicious links](https://news.cgtn.com/news/2026-04-21/China-rejects-malicious-link-after-US-ship-seizure-in-Strait-of-Hormuz-1MwxusG6d4A/p.html) into their AI sessions.![Dmarc Check 6307](https://media.mailhop.org/dmarcreport/dmarc-check-6307-1780485687416.jpg)Cybersecurity experts stress that implementing [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://dmarcreport.com/what-is-spf/) is essential to **prevent email spoofing**, phishing attacks, and domain impersonation.

## Dutch Police Dismantle 17-Million-Device Botnet Linked to Asocks Proxy Service

On May 28, 2026, the **NCSC Netherlands** announced that a joint operation with [Dutch police took a major botnet offline](https://www.neuracybintel.com/articles/dutch-police-and-ncsc-disrupt-17-million-device-botnet-running-through-netherlands-based-servers). Investigators identified 200 servers used to host and control the botnet infrastructure, all located in the Netherlands. The police seized several servers from a hosting provider, which then took the botnet offline after it was determined that the infrastructure was being used for criminal activity. According to the NCSC, the botnet consisted of at least **17 million infected devices**, which were being remotely controlled to carry out [cyberattacks](https://www.aljazeera.com/news/2026/3/11/iran-linked-hackers-hit-medical-giant-stryker-in-retaliatory-cyberattack) including spam, phishing, online fraud, and distributed denial-of-service attacks.

Dutch media outlet **NL Times reported** that the disrupted infrastructure was linked to Asocks, a commercial residential and mobile proxy service. _The victim devices — ranging from routers and IoT gadgets to Android-based devices — were converted into anonymization infrastructure, fraud tooling, and spam relays, often without the device owner ever knowing._

This takedown is one of the largest botnet disruptions by device count in recent history, but highlights how cheap [IoT devices](https://www.techtarget.com/iotagenda/definition/IoT-device) and weak default configurations continue to fuel global cybercrime ecosystems.

## FBI Warns of FIFA World Cup 2026 Phishing Campaign Exploding in Scale

The [FBI is warning of fake websites impersonating FIFA](https://www.click2houston.com/news/local/2026/05/28/ever-heard-of-typo-squatting-fbi-warns-of-fake-fifa-websites-targeting-fans-ahead-of-2026-world-cup/) ahead of the 2026 World Cup, designed to steal personal and financial information, sell fake tickets and hospitality packages, and push other tournament-related fraud.![Gmail Dmarc 1527](https://media.mailhop.org/dmarcreport/gmail-dmarc-1527-1780485739790.jpg)What began as a cluster of [79 malicious domains](https://gbhackers.com/world-cup-phishing-surge/) has evolved into a distributed phishing ecosystem spanning 222 domains mapped to **203 unique IP addresses** — nearly tripling the domain footprint and increasing hosting infrastructure by more than 14-fold. Follow-up analysis shows that 206 of the 222 identified domains are currently active, and 52 new domains were registered between April 1 and April 17, 2026, indicating that the campaign is accelerating as the tournament approaches.

Football fans planning to attend the **2026 FIFA World Cup** should only purchase tickets through the official FIFA website, verify all communications through official channels, and avoid clicking on links received through email or social media promoting deals, hospitality packages, or exclusive access.

## FortiClient EMS Vulnerability CVE-2026-35616 Actively Exploited to Steal Credentials

Hackers are exploiting an authentication bypass vulnerability tracked as **CVE-2026-35616** in FortiClient [Enterprise Management Server (EMS)](https://www.helpnetsecurity.com/2026/05/31/week-in-review-infostealer-dropped-via-forticlient-ems-flaw-exploited-trend-micro-apex-one-flaw/) to deliver an undocumented credential stealer called EKZ. _CISA added the flaw to its Known Exploited Vulnerabilities catalog alongside several other actively exploited vulnerabilities this week, including flaws in Daemon Tools, TanStack, and Nx Console._

The [EKZ credential stealer](https://www.technadu.com/forticlient-ems-exploited-via-cve-2026-35616-for-ekz-infostealer-deployment/628498/) is particularly concerning because it targets enterprise environments where FortiClient is commonly deployed for **endpoint security** and VPN management. Organizations using FortiClient EMS should apply available patches immediately, audit all recent authentication logs for signs of unauthorized activity, and rotate any potentially compromised credentials.

## Signal Backup Phishing Campaign Specifically Targeting Dissidents and Journalists

Building further on the Signal phishing story, the attack specifically targeted journalists, anti-Chinese Communist Party activists, human rights defenders, and **civil society groups**. The attack vector was Signal’s own in-app messaging system, meaning the phishing messages arrive inside the encrypted app itself — giving them a degree of legitimacy that email-based phishing cannot achieve.

_The targeting of high-risk individuals — journalists and dissidents who rely on Signal specifically for its security guarantees — makes this campaign especially dangerous._ Security researchers at Access Now’s Digital Security Helpline are actively tracking the campaign and assisting affected individuals.

## Hotel Reservation Hijack Scams Targeting Travelers Across 350+ Properties

![Dmarc Report 3901](https://media.mailhop.org/dmarcreport/dmarc-report-3901-1780485772179.jpg)Researchers at Gen (the company behind Norton) have identified a growing scam trend they call the Reservation Hijack scam. [Cybercriminals](https://therecord.media/cybercriminals-impersonate-city-officials-permit-payments) use real hotel booking details to appear legitimate — contacting victims in the context of a real trip, with details that match an actual booking, including the hotel name, travel dates, and payment details. In advanced cases, attackers first compromise hotel systems to access **trusted communication channels** that make their scams even more convincing.

Customer data from more than 350 hotels around the world may have been accessed as part of realistic [reservation-hijacking scams](https://us.norton.com/blog/online-scams/reservation-hijacking-scam).

Together, the 350 compromised properties have a maximum guest capacity of around **82,000 people** at any one time. Applying a conservative **50% occupancy rate** and an average stay of 2.5 nights, that translates to an estimated six million guest stays per year where reservation data could potentially be exposed.

_Travellers should be deeply suspicious of any payment requests or “re-confirmation” requests arriving via email or messaging platforms that reference their bookings — even when those requests appear to reference real reservation details._

## Linux CIFSwitch Vulnerability Allows Low-Privileged Users to Gain Root Access

A newly discovered local privilege escalation vulnerability dubbed “CIFSwitch” in the Linux kernel could allow attackers to forge [CIFS authentication](https://techdocs.f5.com/kb/en-us/products/arx/manuals/product/arx-cli-reference-6-3-0/ntlm.html) key descriptions, abuse the kernel’s key request mechanism, and gain root privileges on vulnerable systems. Proof-of-concept exploit code has already been released, significantly raising the urgency for **Linux administrators** to apply the relevant kernel patches.

Local privilege escalation vulnerabilities are particularly dangerous in **cloud environments** and shared infrastructure, where a compromised low-privilege account can quickly become full system compromise. Linux administrators should review their kernel versions and apply updates as a matter of priority.

## 7-Eleven Data Breach — 185,000 Customers Affected

[7-Eleven disclosed a data breach](https://www.teiss.co.uk/news/7-eleven-data-breach-exposes-personal-information-of-more-than-185000-individuals-17563) affecting about **185,000 people**, exposing personal information in a major retail incident. _ShinyHunters have been connected to this incident as well, adding 7-Eleven to an already extensive list of victims that includes Charter, Carnival, Odido, Canvas, and SoundCloud — all hit within a short window of time, suggesting the group is operating at an unprecedented pace of activity in 2026._ ![What Is Dmarc 3510](https://media.mailhop.org/dmarcreport/what-is-dmarc-3510-1780485576765.jpg)

## Miasma Malware Establishes Persistence via Claude Code and Visual Studio Code

In a remarkable detail to emerge from the Red Hat npm supply chain attack, the Miasma malware establishes persistence by injecting a SessionStart hook into Anthropic Claude Code and a tasks.json with “runOn”: “folderOpen” for [Microsoft Visual Studio Code](https://www.infosecurity-magazine.com/news/github-confirms-breach-vs-code/) projects, so that the malware re-executes every time developers open their projects.

This is a novel and highly targeted persistence mechanism specifically designed to affect **professional developers** using popular AI coding assistants and [IDEs](https://en.wikipedia.org/wiki/Integrated%5Fdevelopment%5Fenvironment). Developers who installed any of the affected @redhat-cloud-services packages should immediately audit their Claude Code and VS Code configurations for unauthorized modifications.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/signup?plan=free) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Advanced 2m  25 practical reasons every MSP should add a pricing estimator to their website  Jan 15, 2026 ](/blog/25-reasons-every-msp-should-add-pricing-estimator-to-website/)[  Advanced  Blockchain and Email Security: Exploring the Future of Trusted Digital Communication  Jun 15, 2026 ](/blog/blockchain-email-security-future-trusted-digital-communication-explained/)[  Advanced 6m  How to Use DMARC Check APIs for Automated Domain Verification  Apr 7, 2026 ](/blog/dmarc-check-api-automated-dmarc-verification-guide/)[  Advanced  DMARC Configuration Checklist For Secure Email Delivery  May 19, 2026 ](/blog/dmarc-configuration-checklist-for-secure-email-delivery/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Miasma Hits RedHat, Active VPN Exploitation, Signal Backup Phishing","description":"Cybersecurity roundup: Red Hat Miasma attack, GlobalProtect VPN exploits, Signal phishing, botnet takedown, data breaches, and active CVEs.","url":"https://dmarcreport.com/blog/miasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing/","datePublished":"2026-06-03T00:00:00.000Z","dateModified":"2026-06-03T00:00:00.000Z","dateCreated":"2026-06-03T00:00:00.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/miasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing/"},"articleSection":"advanced","keywords":"","image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/gmail-dmarc-9311-1780489455189.jpg","caption":"Cybersecurity News"},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Advanced","item":"https://dmarcreport.com/advanced/"},{"@type":"ListItem","position":4,"name":"Miasma Hits RedHat, Active VPN Exploitation, Signal Backup Phishing","item":"https://dmarcreport.com/blog/miasma-hits-redhat-active-vpn-exploitation-signal-backup-phishing/"}]}
```