BrianKrebs5d ago

New, from me: Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

Show threadPatrick Cotter4d ago
@briankrebs Brian, your Forest Blizzard report is my reality. Case SIR23252176: I’m an NY small biz owner with 10yrs of data held by a thief. MS admits the theft but leaves a 'bot' in charge. Between token-theft & today's #BlueHammer zero-day, 'you own nothing' is a professional liability. Manually rescuing 3TB of data now to keep my clients safe. #Microsoft #SmallBusiness #Infosec
Show threadBrianKrebs4d ago
@Patrick_Cotter Wow, I thought my day was bad. Sorry to hear that dude.
Show threadPatrick Cotter4d ago
@briankrebs Appreciate that, Brian. It’s been a surreal day of building beehives(literally) to stay sane while manually rescuing 3TB of data at 48MB/s. If a pro like you thinks it’s a mess, maybe MS will finally listen to the human in the loop. Certified mail goes to their legal team tomorrow. Case SIR23252176 for anyone at Redmond actually reading this. Though doubts remain high.
Show threadAndreas K4d ago

@Patrick_Cotter
Why should MS listen? It's peachy for them. They have a captive customer audience, their performance is literally irrelevant for sales.

The moment people like you start jumping ship en masse they might wake up, but almost certainly not with better products, probably with better fences.
@briankrebs

Show threadRobert [KJ5ELX] 4d ago

@yacc143 @Patrick_Cotter @briankrebs

You have to be a fortune 100 to receive priority "oh shit our bad" service from Microsoft.

Show threadPatrick Cotter

@FuturisticRobert @yacc143 @briankrebs

You're not wrong, Robert. As stated I am compressing and rescuing 3TB of data manually because I don't have a Fortune 100 support contract to override a confirmed theft. It shouldn't take a journalist like Brian Krebs and a formal legal notice to get a human in the loop, but here we are. Rescuing the data first, mailing Redmond second. Which by the way I have notarized and mailed.

Apr 8 at 7:03pmWeb
Show threadRobert [KJ5ELX] 4d ago

@Patrick_Cotter @yacc143 @briankrebs

You have my sympathy.

Heck, the company I work for is not a small one by any measure and we have problems with Microsoft's support, and the fact that every technical call turns into a sales call.

Effective security shouldn't be a SKU.