--- title: "Trellix Source Breach, MOVEit Auth Bypass, DAEMON Trojan Attack | DMARC Report" description: "A quick roundup of the biggest cybersecurity stories of the week, from a massive breach at an edtech giant to supply chain attacks hitting AI developers." image: "https://dmarcreport.com/og/blog/trellix-source-breach-moveit-auth-bypass-daemon-trojan-attack.png" canonical: "https://dmarcreport.com/blog/trellix-source-breach-moveit-auth-bypass-daemon-trojan-attack/" --- Quick Answer A quick roundup of the biggest cybersecurity stories of the week, from a massive breach at an edtech giant to supply chain attacks hitting AI developers, critical vulnerabilities in widely used platforms, and a landmark ransomware sentencing. In an ironic twist, cybersecurity firm Trellix disclosed a data breach after attackers gained access to a portion of its source code repository. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Ftrellix-source-breach-moveit-auth-bypass-daemon-trojan-attack%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Trellix%20Source%20Breach%2C%20MOVEit%20Auth%20Bypass%2C%20DAEMON%20Trojan%20Attack&url=undefined%2Fblog%2Ftrellix-source-breach-moveit-auth-bypass-daemon-trojan-attack%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Ftrellix-source-breach-moveit-auth-bypass-daemon-trojan-attack%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Ftrellix-source-breach-moveit-auth-bypass-daemon-trojan-attack%2F&title=Trellix%20Source%20Breach%2C%20MOVEit%20Auth%20Bypass%2C%20DAEMON%20Trojan%20Attack "Share on Reddit") [ ](mailto:?subject=Trellix%20Source%20Breach%2C%20MOVEit%20Auth%20Bypass%2C%20DAEMON%20Trojan%20Attack&body=Check out this article: undefined%2Fblog%2Ftrellix-source-breach-moveit-auth-bypass-daemon-trojan-attack%2F "Share via Email") ![cybersecurity news](https://media.mailhop.org/dmarcreport/images/2026/05/gmail-dmarc-9801.jpg) _A quick roundup of the biggest cybersecurity stories of the week, from a massive breach at an edtech giant to supply chain attacks hitting AI developers, critical vulnerabilities in widely used platforms, and a landmark ransomware sentencing._ ## Cybersecurity Firm Trellix Has Its Own Source Code Stolen In an ironic twist, cybersecurity firm Trellix disclosed a [data breach](https://www.bleepingcomputer.com/news/security/trellix-discloses-data-breach-after-source-code-repository-hack/) after attackers gained access to a portion of its source code repository. Trellix serves over **50,000 business** and government customers worldwide and protects more than **200 million endpoints**. Trellix stated it has found no evidence that its source code release or distribution process was affected, or that its [source code](https://thehackernews.com/2026/05/trellix-confirms-source-code-breach.html) has been exploited. The company immediately began working with leading forensic experts and has notified [law enforcement](https://www.rasmussen.edu/degrees/justice-studies/blog/what-is-law-enforcement/). The timing suggests the breach may be related to a major supply chain attack targeting various open source applications to gain access to numerous companies. _When a security vendor’s own code is targeted, the downstream risk to customers is significant, attackers with access to that code can study the product’s logic and engineer bypasses._ This incident is a stark reminder that even cybersecurity companies must apply the same **zero-trust principles** they recommend to their clients. ![Vendor Zero Trust ](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-check-4836.jpg) ## MOVEit Is Back: Critical Authentication Bypass Threatens 1,400+ Exposed Instances **Progress Software** has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in [MOVEit Automation](https://www.helpnetsecurity.com/2026/05/04/critical-moveit-automation-auth-bypass-vulnerability-fixed-cve-2026-4670/). _Exploitation could lead to unauthorized access, administrative control, and data exposure._ [Remote threat actors](https://cybersecuritynews.com/threat-actors-leverage-several-rmm-tools/) can exploit the flaw without any privileges on the targeted systems in [low-complexity attacks](https://www.bankinfosecurity.com/hackers-increasingly-prefer-fast-low-complexity-attacks-a-30787) that do not require user interaction. More than 1,400 MOVEit Automation instances are exposed online, and over a dozen are linked to **U.S. state and local government agencies**. The vulnerabilities were reported privately by Airbus researchers, and upgrading to a patched release using the full installer is the only way to remediate the issue, as the system will experience an outage during the upgrade. Given that the [Cl0p ransomware gang](https://www.teiss.co.uk/news/cl0p-ransomware-gang-claims-cyberattack-on-hilton-alleged-breach-unconfirmed-17005) exploited a 2023 MOVEit zero-day to compromise over **2,100 organizations**, security teams must treat this as an emergency, not a routine update. ## DAEMON Tools Trojanized in Sophisticated Chinese-Linked Supply Chain Attack Kaspersky describes the [DAEMON Tools](https://cybersecuritynews.com/daemon-tools-software-hacked/) supply-chain attack as a sufficiently sophisticated compromise that evaded detection for almost one month. _The attack is ongoing, and trojanized software includes DAEMON Tools versions from 12.5.0.2421 through 12.5.0.2434._ These compromised installers are notably signed with valid digital certificates belonging to the software’s developer, [AVB Disc Soft](https://company.lursoft.lv/en/avb-disc-soft/42803001647). Thousands of infection attempts have been recorded across more than **100 countries**, though attackers focused their post-compromise activity on high-value targets in government, scientific, manufacturing, and retail sectors in Russia, Belarus, and Thailand. The payload establishes persistence and a backdoor on system startup, while also deploying an advanced RAT called QUIC RAT that can [inject malicious code](https://cybersecuritynews.com/graycharlie-injects-malicious-javascript/) into legitimate processes to evade detection. Any organization with DAEMON Tools installed should immediately audit systems for unusual activity occurring on or after **April 8, 2026**. ## PyTorch Lightning Supply Chain Attack: 11 Million Monthly Downloads Poisoned ![PyTorch Malware Impact ](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-lookup-2579.jpg) A malicious version of the [PyTorch Lightning](https://securityboulevard.com/2026/05/backdoored-pytorch-lightning-package-drops-credential-stealer/) deep learning framework was published to PyPI on April 30, 2026, containing a hidden execution chain that silently downloads and executes a credential-stealing payload. PyTorch Lightning has over **11 million** monthly downloads. The payload, detected by Microsoft Defender as “ShaiWorm,” is an [information-stealing malware](https://www.bitdefender.com/en-us/blog/hotforsecurity/operation-endgame-disrupts-rhadamanthys-information-stealing-malware) that targets .env files, [API keys](https://tradersunion.com/news/market-voices/show/1942057-api-key-security-risks/), secrets, GitHub tokens, and data stored in Chrome, Firefox, and Brave browsers. It also interacts with cloud service APIs across AWS, Azure, and GCP to steal credentials and **supports arbitrary system** command execution. Lightning AI quickly warned users about the risk, advising anyone who used version 2.6.3 to rotate all credentials and secrets immediately. The malicious release was removed and replaced with a safe version. **AI and machine learning** libraries are an increasingly attractive attack surface, developers with broad cloud access who routinely pull package updates represent a high-value target for supply chain attackers. ## RMM Tools Weaponized in VENOMOUS#HELPER Phishing Campaign Hitting 80+ Organisations A sophisticated phishing campaign has been uncovered, leveraging legitimate [Remote Monitoring and Management (RMM) software](https://www.techtarget.com/searchitchannel/definition/RMM-software-remote-monitoring-and-management-software) to evade detection. The campaign, codenamed VENOMOUS#HELPER has impacted over **80 organizations**, most of which are in the U.S. Attackers used legitimate RMM software to establish persistence and **bypass traditional security controls**, allowing threat actors to blend in with normal IT activity and making detection and remediation far more challenging. The campaign is assessed to be financially motivated, with overlaps pointing to an Initial Access Broker or ransomware precursor operation. _Security teams should audit all RMM tools in use across their environments, enforce application allow-listing, and alert employees that legitimate IT helpdesks will never request remote access through unsolicited messages or emails._ ## Lotus Wiper Malware Deployed Against Venezuela’s Energy Sector A destructive cyberattack using the Lotus Wiper malware targeted energy firms and utilities in Venezuela. Discovered on **April 29, 2026**, the attack aimed to disrupt operations by wiping critical systems. This incident is part of a broader trend of [wiper malware](https://therecord.media/hackers-venezuela-wiper-malware-oil) being used for sabotage rather than financial gain, particularly against critical infrastructure in **geopolitically sensitive regions**. Unlike ransomware attacks where data can potentially be recovered after paying, wiper malware permanently destroys data with no recovery path. The energy sector has become an increasingly popular target for destructive attacks, given its direct impact on national infrastructure and [civilian populations](https://casebook.icrc.org/a%5Fto%5Fz/glossary/civilian-population). _Operators of critical infrastructure must maintain air-gapped, offline backups and regularly test their incident response and recovery procedures_. ## Microsoft Exposes Large-Scale Credential Theft Campaign Targeting 35,000 Users in 26 Countries ![Phishing Scale Heatmap](https://media.mailhop.org/dmarcreport/images/2026/05/what-is-dmarc-4826.jpg) Microsoft has disclosed details of a large-scale [credential theft campaign](https://gbhackers.com/qlnx-targets-developers-in-supply-chain/) observed between **April 14 and 16, 2026**, targeting more than 35,000 users across over **13,000 organizations** in 26 countries, with 92% of targets located in the U.S. _The majority of phishing emails were directed against healthcare and life sciences, financial services, professional services, and technology sectors_. The campaign used code of conduct-themed lures combined with legitimate email services to direct victims to attacker-controlled domains designed to steal authentication tokens. The use of legitimate email services to deliver phishing content is a growing trend specifically designed to defeat reputation-based filtering. Organisations must deploy advanced [email authentication](/blog/a-basic-guide-to-email-authentication-for-legal-professionals/) including [DMARC](/), [DKIM](/dmarc-fundamentals/what-is-dkim/), and [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), and train employees to be suspicious of any link requesting sign-in credentials, even if the sending email address appears legitimate. ## North Korea-Linked Actors Steal 76% of All Cryptocurrency Taken in 2026 A new analysis revealed that **76% of all cryptocurrency** stolen in 2026 has been traced to [North Korean threat actors](https://decrypt.co/366241/north-korean-hackers-stolen-6-billion-crypto-trm), with billions of dollars in losses attributed to these campaigns. The findings have prompted renewed calls for international cooperation and enhanced security measures in the crypto sector. A North Korea-linked threat actor also launched a [social engineering campaign](https://www.cybersecuritydive.com/news/iran-threat-group-false-flag-social-engineering/819454/) this week specifically targeting Web3 company executives to gain access to **cryptocurrency wallets**, using tailored phishing and social engineering tactics against founders and top executives. The scale of North Korea’s crypto theft operations now represents a significant geopolitical and financial threat. Cryptocurrency firms and Web3 executives should implement **hardware security keys for account access**, restrict wallet signing permissions to multi-party approval workflows, and maintain extreme vigilance against social engineering attempts posing as investment or partnership inquiries. ![Crypto Theft Attribution](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-record-1793.jpg) ## France Titres Government Data Breach Exposes Citizen Records France Titres, the [French government agency](https://www.techradar.com/pro/security/french-government-agency-admits-data-breach-as-hacker-alleges-up-to-19-million-sensitive-records-stolen-breach-may-have-exposed-data-from-individual-and-professional-accounts) responsible for issuing and **managing administrative documents**, disclosed a significant data breach this week. The breach was confirmed after a threat actor claimed responsibility for stealing citizen data. The agency is currently investigating the breach and has notified affected individuals and relevant authorities. _Government identity agencies hold some of the most sensitive personal data imaginable, passport records, identity card information, and address details_. A breach at such an entity creates significant risk of **identity fraud and targeted phishing** for years to come. Citizens whose data may have been exposed should monitor their credit and identity closely and remain alert for phishing attempts that reference their personal details to appear credible. ## Vect 2.0 Ransomware Behaves as a Wiper Due to Coding Flaw A new variant of the [Vect 2.0 ransomware](https://cyberpress.org/vect-2-0-multi-platform-attacks/) has been **observed acting** as a wiper due to a design error. Instead of encrypting files for ransom, the malware irreversibly destroys data, leaving victims with no recovery options. This shift from extortion to destruction underscores the evolving threat landscape. Whether intentional sabotage or an accidental bug, the outcome for victims is equally devastating. _This variant highlights that relying on paying a ransom as a recovery strategy is never a safe assumption, organisations must maintain tested, offline backups and have a rehearsed recovery plan that does not depend on attacker cooperation._ ## Two US Cybersecurity Professionals Sentenced to Prison for BlackCat Ransomware Attacks The [U.S. Department of Justice](https://www.ebsco.com/research-starters/politics-and-government/us-justice-department) announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating [BlackCat ransomware attacks](https://securityaffairs.com/186446/cyber-crime/two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case.html) in 2023._Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims located throughout the U.S._ This case is a significant reminder that cybersecurity expertise is no defence against prosecution when it is applied criminally. Law enforcement is increasingly focused on **identifying and prosecuting** individuals who use professional skills to facilitate ransomware, even when they serve as intermediaries or technical operators rather than leaders of the criminal enterprise. ## PhantomCore Exploits TrueConf Video Conferencing Software to Breach Russian Networks A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running [TrueConf](https://www.securityweek.com/trueconf-zero-day-exploited-in-asian-government-attacks/) video conferencing software in Russia since September 2025\. The exploitation of video conferencing and collaboration platforms has become a persistent attack vector, particularly in the context of geopolitical conflict. This incident is a reminder that **collaboration tools**, especially those deployed at scale across an organisation, represent a significant attack surface. Administrators must ensure these platforms are patched promptly and access is restricted through [multi-factor authentication](https://www.onelogin.com/learn/what-is-mfa) and network segmentation. ## Amazon SES Increasingly Abused to Send Sophisticated Phishing Emails Kaspersky reports that the [Amazon Simple Email Service (SES)](https://www.google.com/search?q=Amazon+Simple+Email+Service+%28SES%29&rlz=1C1RXQR%5Fen-GBIN1074IN1074&oq=Amazon+Simple+Email+Service+%28SES%29+&gs%5Flcrp=EgZjaHJvbWUyDAgAEEUYORiABBiiBDIICAEQABgWGB4yDQgCEAAYhgMYgAQYigUyDQgDEAAYhgMYgAQYigUyBwgEEAAY7wUyCggFEAAYogQYiQXSAQgxNjE1ajBqN6gCALACAA&sourceid=chrome&ie=UTF-8) is being increasingly abused to send convincing phishing emails that can **bypass standard security filters** and render reputation-based blocks ineffective. SES is a legitimate, trusted email delivery service used by thousands of businesses, which is precisely why attackers are exploiting it. Because emails sent via SES originate from Amazon’s infrastructure, they often pass IP reputation checks that would otherwise block malicious senders. Organisations should ensure their [email security](/blog/why-email-security-matters-and-how-to-get-it-right/) goes beyond **reputation-based filtering** and incorporates content inspection, anomalous link detection, and robust DMARC enforcement to catch emails that abuse legitimate cloud platforms. ## Ukrainian Police Bust Roblox Account Hacking Ring That Stole 610,000 Accounts ![Session Cookie Hijacking ](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-generator-1756.jpg) Ukrainian law enforcement arrested three individuals on April 29, 2026, following an investigation into a [cybercriminal](https://incyber.org/en/article/united-states-amounts-stolen-by-cybercriminals-up-33/) operation that compromised more than [610,000 Roblox gaming accounts](https://cipherssecurity.com/ukraine-arrests-roblox-account-hijacking-ring/) between October 2025 and January 2026\. The operation was run out of Lviv by a 19-year-old organiser who recruited two accomplices. Rather than cracking passwords, the attackers deployed malicious software that harvested browser session cookies, allowing them to authenticate to victim accounts without needing credentials, a technique that bypasses passwords, SMS OTPs, and many 2FA implementations. _The hackers included at least 357 high-value “elite” accounts in their haul, making around $225,000 from selling access to them._ The accounts were sold on a Russian website and in closed **online communities**. This case is a reminder that session cookie theft is a growing and underappreciated threat. Browser-based session hijacking can bypass even MFA, making it critical to regularly terminate unused sessions and use isolated browser profiles for **high-value accounts**. ![Global Cyber Threat Report: May 2026 Intelligence Briefing](https://media.mailhop.org/dmarcreport/images/2026/05/dmarc-analyzer-6312.jpg) ## Critical cPanel Vulnerability Actively Exploited Against Government and MSP Networks A critical flaw in cPanel and [WebHost Manager (WHM)](https://www.scalahosting.com/kb/what-is-whm-web-host-manager/) has come under active exploitation in the wild. The vulnerability, tracked as **CVE-2026-41940**, could result in an authentication bypass and allow remote attackers to gain elevated control of the control panel. In some cases, the attacks have led to a complete wipe of entire websites and backups. A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of **managed service providers (MSPs)** and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting this [cPanel vulnerability](https://www.msspalert.com/news/msps-are-among-the-targets-in-spate-of-cpanel-flaw-compromises). [CISA](https://orca.security/glossary/cisa/) has added the bug to its Known Exploited Vulnerabilities catalog and ordered **federal agencies** to patch immediately. Website owners and hosting providers running cPanel must apply the emergency patch without delay. The combination of government targets and MSP victims in this campaign suggests a deliberate effort to compromise multiple downstream customers through a single attack vector. ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ News ](/tags/news/)[ SPF ](/tags/spf/) ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Uncategorized 12m How can I start protecting my G Suite email from phishing with DMARC? Jan 28, 2026 ](/blog/how-to-protect-g-suite-email-from-phishing-using-dmarc/)[ Uncategorized 5m $20M Phishing Bust, Pension Scam Alert, Booking Data Breach Apr 15, 2026 ](/blog/20m-phishing-bust-pension-scam-alert-booking-data-breach/)[ Uncategorized 8m Best CRM Platforms for Email Marketing Success May 12, 2026 ](/blog/best-crm-platforms-for-email-marketing-success/)[ Uncategorized 16m Best DMARC Solutions for Healthcare Organizations in 2026 May 1, 2026 ](/blog/best-dmarc-solutions-for-healthcare-organizations-in-2026/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Trellix Source Breach, MOVEit Auth Bypass, DAEMON Trojan Attack","description":"A quick roundup of the biggest cybersecurity stories of the week, from a massive breach at an edtech giant to supply chain attacks hitting AI developers.","url":"https://dmarcreport.com/blog/trellix-source-breach-moveit-auth-bypass-daemon-trojan-attack/","datePublished":"2026-05-07T16:53:29.000Z","dateModified":"2026-05-07T16:53:33.000Z","dateCreated":"2026-05-07T16:53:29.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/trellix-source-breach-moveit-auth-bypass-daemon-trojan-attack/"},"articleSection":"uncategorized","keywords":"dkim, DMARC, email security, News, SPF","wordCount":2160,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2026/05/gmail-dmarc-9801.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Uncategorized","item":"https://dmarcreport.com/uncategorized/"},{"@type":"ListItem","position":4,"name":"Trellix Source Breach, MOVEit Auth Bypass, DAEMON Trojan Attack","item":"https://dmarcreport.com/blog/trellix-source-breach-moveit-auth-bypass-daemon-trojan-attack/"}]} ```