Elastic Security Labs identified a new .NET loader dubbed SILENTCONNECT, which is distributed via phishing emails and Cloudflare Turnstile CAPTCHA pages. The loader utilizes living-off-the-land binaries, PEB masquerading, and UAC bypass techniques to silently install remote monitoring and management (RMM) tools like ScreenConnect for persistent access.