What's Happening?
A phishing campaign named SeasonalInvite has been targeting Windows and macOS users by using fake electronic greeting cards to deliver remote monitoring and management (RMM) software. The campaign, active since January 2026, uses calendar-themed lures
to trick users into downloading legitimate but maliciously used RMM tools like ConnectWise ScreenConnect and Kaseya. These tools bypass standard security checks due to their valid signatures. The phishing pages show signs of AI generation, indicating the use of large language models to create diverse variants of the scam.
Why It's Important?
This phishing campaign highlights the evolving tactics of cybercriminals who are increasingly leveraging AI to enhance the sophistication and effectiveness of their attacks. By using legitimate software tools, the attackers can bypass traditional security measures, posing significant risks to individuals and organizations. The campaign underscores the importance of robust cybersecurity practices, including employee training, enhanced email filtering, and maintaining an approved inventory of RMM tools to prevent unauthorized installations.
What's Next?
Organizations are likely to strengthen their cybersecurity protocols in response to this campaign, focusing on improving detection and response capabilities. Cybersecurity firms may develop new tools and strategies to counteract AI-generated phishing attacks. Additionally, there may be increased collaboration between tech companies and security experts to address vulnerabilities in RMM software and prevent similar exploits in the future.













