SHOW NOTES

Stef Rand, Senior Intelligence Analyst at Red Canary, joins Keith McCammon, Red Canary co-founder and CSO, to preview the February Intelligence Insights Report. Focusing on the top threats observed in January 2026, Stef takes a closer look at RMM tools ScreenConnect and NetSupport Manager which topped the list due to widespread malicious abuse.

The session introduces two new threats debuting in third place: ClearFake and PS1Bot. Clearfake is a complex JavaScript-based attack cluster that compromises websites to deliver malware through fake captcha prompts and malicious copy-paste operations, while PS1Bot is a modular PowerShell-based info stealer distributed through SEO poisoning campaigns.

The briefing also notes the disappearance of ‘JustAskJacky’ from the top ten, suggesting improved industry detection capabilities. The presenters provide detailed technical analysis of attack chains, detection strategies, and remediation recommendations, emphasizing the continued effectiveness of PowerShell-based attacks and the importance of user education around malicious copy-paste techniques.

Timestamps:

• 00:47 – Welcome to SecOps Weekly!
• 01:04 – February Intelligence Insights: The top 10 threats
• 05:08 – ScreenConnect and NetSupport Manager
• 07:03 – PS1Bot debuts on the list
• 12:28 – ClearFake delivers malware
• 28:39 – How to testing across your environment