Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 13 Apr 2026 | |
| Written by Gabi Gerber | |
| Attacks & Threats |
| Hacking Topics, Security Operation Center |
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025.
The large-scale exploitation campaign has been codenamed FrostArmada by Lumen's Black Lotus Labs, with Microsoft describing it as an effort to exploit vulnerable home and small office (SOHO) internet devices to hijack DNS traffic and enable passive collection of network data.
"Their technique modified DNS settings on compromised routers to hijack local network traffic to capture and exfiltrate authentication credentials," Black Lotus Labs said in a report shared with The Hacker News. More here
The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. More...
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's bei… More...
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strik… More...
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Wi… More...
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to ne… More...
The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. More...
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's bei… More...
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strik… More...
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Wi… More...
Attackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to ne… More...
