BrianKrebs1d ago

New, from me: Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

Show threadNeil Craig
@briankrebs This is why we spent so much time and energy to get all of the primary BBC websites on to HTTPS *and* HSTS preloaded. Modern, mainstream web browsers will show a non-bypassable interstitial error page. Problem solved.
1:41pmWeb
Show threadamy3h ago
@tdp_org @briankrebs i was gonna say have we not solved this problem, guess security is too much for ms to bother investing in
Show threadamy3h ago
@tdp_org @briankrebs though i don’t know how they’d serve a cert for the real login page that gets accepted, unless they seriously just serve it over http and browsers let you do stupid shit on that site because no hsts