Mastodawn

New, from me: Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

Show thread

Catelli 1d ago

@briankrebs I firmly believe that with Google (and others) forcing TLS validation on everything, and also forcing shorter TLS lifespans has contributed to training people to ignore TLS errors.

Show thread

Andreas K

@Catelli
Yes, OTOH, using http outside localhost is an issue.

It's almost never possible to judge the data that is passed to be harmless in finality without the threat context. And on the internet you literally have to many user to consider guessing.

And it's less Google and let's encrypt here. It seems that Microsoft has problems with is internal processes to keep certificates fresh and thus is miseducating users.
@briankrebs