Rclone

Attackers are abusing the legitimate file synchronization tool rclone, often renamed to masquerade as legitimate software, to exfiltrate data to cloud storage or remote endpoints.

Rclone is vulnerable to an unauthenticated options/set vulnerability that allows runtime authentication bypass, potentially leading to sensitive operations and command execution by setting `rc.NoAuth=true` on reachable RC servers started without global HTTP authentication.