Russia Hacked Routers to Steal Microsoft Office Tokens
Russian GRU-linked group Forest Blizzard exploited vulnerabilities in over 18,000 outdated SOHO routers to hijack DNS settings and intercept Microsoft Office OAuth tokens. The campaign required no malware, instead redirecting traffic through attacker‑controlled DNS servers to perform man‑in‑the‑middle attacks on TLS connections. Microsoft identified more than 200 organizations and 5,000 consumer devices affected, while the U.S. FCC announced a ban on foreign‑made consumer routers citing national‑security risks.
Who Is the Kimwolf Botmaster “Dort”?
KrebsOnSecurity identified the individual behind the Kimwolf botnet as a teenager from Canada using the handle "Dort" and aliases like CPacket and M1CE. Public OSINT links the persona to a GitHub account, multiple cyber‑crime forum registrations, and a history of...
Please Don’t Feed the Scattered Lapsus ShinyHunters
The Scattered Lapsus ShinyHunters (SLSH) extortion gang blends data theft with aggressive personal harassment, including swatting, DDoS attacks, and media pressure. Operating through chaotic Telegram channels linked to The Com cyber‑crime network, they target executives via phone‑based phishing and MFA...
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration’s 2025‑2026 policy agenda has dramatically reshaped U.S. cyber, privacy and law‑enforcement priorities. New directives such as NSPM‑7 and a FBI cash‑reward program broaden the definition of domestic terrorism to include political dissent, while travel‑screening rules force tourists...
Most Parked Domains Now Serving Malicious Content
Researchers at Infoblox discovered that more than 90% of parked domains now redirect visitors to scams, malware, or unwanted software. The malicious redirects are triggered primarily for users on residential IP addresses, while VPN traffic often receives a harmless parking...
