Tiptoeing to higher privileges
https://www.bleepingcomputer.com/news/security/hackers-breach-avast-antivirus-network-through-insecure-vpn-profile/
Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14.
Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account.