1. What happened?
On 8 September 2025, between 10:26 AM and 12:14 PM EST, a third-party service used by TechSmith was altered to inject a malicious script into portions of our site. The issue was identified and removed quickly.
2. Who was affected?
Exposure was limited (fewer than 3,000 visitors globally), but it is possible some users visiting our site within that timeframe may have accessed the affected content.
3. What should you do?
We recommend reviewing endpoint protection logs for the following indicators of compromise (IOCs):
File: C:\Users\<username>\AppData\Roaming\TimeTracker\tracker.exe
SHA256: 2f3d0c15f1c90c5e004377293eaac02d441eb18b59a944b2f2b6201bb36f0d63
Persistence: startup entry and scheduled task modifications
Ensure endpoint protection is up to date and monitor for unusual activity.
4. Is the issue resolved?
Yes. The malicious script was removed on 8 September 2025 at 12:14 PM EST. TechSmith has dismantled the issue and continues to monitor for related activity.