NRG Networks Inc.

On April 7, 2026 , international law enforcement agencies—working with Microsoft and private-sector researchers— disrupted a large-scale DNS hijacking operation that was actively stealing Microsoft 365 credentials by manipulating internet routers worldwide. [bleepingcomputer.com] The campaign, tracked as FrostArmada , was linked to APT28 (also known as Fancy Bear , Forest Blizzard , or STRONTIUM ), a Russia-backed cyber‑espionage group associated with GRU military unit 26165. [bleepingcomputer.com] , [ncsc.gov.uk] Authorities involved in the takedown included: The FBI The U.S. Department of Justice The Polish government Microsoft and Lumen’s Black Lotus Labs Together, they dismantled key attacker-controlled infrastructure used to redirect traffic and steal credentials. [bleepingcomputer.com] How the attack worked (in plain English) This was not phishing email spam . Instead, attackers compromised routers at the network edge , mainly: MikroTik TP‑Link Some Fortinet and Nethesis fi...

  Microsoft experienced a major Exchange Online outage that prevented many users from accessing: Their mailboxes Calendars Outlook on the web Outlook desktop Mobile clients (Exchange ActiveSync) The issue was acknowledged by Microsoft at 06:42 AM UTC and tracked under EX1253275 in the Microsoft 365 admin center. Scope of the Outage According to multiple reports: All major Exchange Online connection protocols were affected. Users saw errors accessing Office.com , which temporarily displayed “Something went wrong.” A separate outage also impacted Microsoft 365 Copilot web sign‑in and Copilot web clients (e.g., office.com/chat). Cause of the Problem Microsoft reported: A section of service infrastructure was not processing traffic efficiently. The root cause involved supporting network infrastructure , leading to service degradation across Exchange Online. Engineers implemented configuration changes to mitigate the impact. Is It Fixed? partially . Microsoft stated the outage ha...

  Windows 11 (25H2, 24H2, and LTSC 2024) that Microsoft released on March 13–14, 2026 to fix critical RRAS remote code execution vulnerabilities . It installs without requiring a reboot on systems that support hotpatching. What KB5084597 Addresses Microsoft issued this update to patch three RRAS (Routing and Remote Access Service) management tool vulnerabilities : CVE‑2026‑25172 — RRAS RCE CVE‑2026‑25173 — RRAS RCE CVE‑2026‑26111 — RRAS RCE These flaws stem from an integer overflow/wraparound condition. If an administrator’s RRAS management tool connects to a malicious remote server , an attacker could: Disrupt the RRAS management tool Execute code on the administrator’s device This makes the vulnerabilities particularly dangerous in enterprise environments where RRAS is used for VPN, NAT, routing, and site‑to‑site connectivity. Why This Update Is Out‑of‑Band Microsoft released KB5084597 outside the normal Patch Tuesday cycle because the vulnerabilities are cons...

  Microsoft has patched a critical Active Directory Domain Services (AD DS) vulnerability (CVE‑2026‑25177) that allows attackers with minimal privileges to escalate to full SYSTEM access. The flaw, rated 8.8 CVSS, affects Windows Server environments and was fixed in the March 2026 Patch Tuesday update. How the Exploit Works Unicode manipulation : Attackers use hidden Unicode characters to create duplicate SPNs or UPNs . Kerberos confusion : When a client requests a Kerberos ticket for a duplicate SPN, the domain controller issues a ticket encrypted with the wrong key. Fallback risk : This can trigger NTLM fallback (if enabled) or cause denial-of-service . Privilege escalation : With SPN write access, attackers can escalate to SYSTEM without touching the target server directly. Affected Systems Windows Server 2012 → Server 2025 Windows 10 and 11 (if acting as domain controllers) Any AD DS deployment with Kerberos and NTLM enabled Security Implications Domain-wide compro...

  Phishing‑resistant Windows sign‑ins via Entra passkeys Microsoft is adding passkey support for Microsoft Entra on Windows devices, enabling passwordless, phishing‑resistant authentication using Windows Hello (face, fingerprint, or PIN). Public preview rollout: mid‑March → late April 2026 Government clouds (GCC, GCC High, DoD): mid‑April → mid‑May 2026 This is part of Microsoft’s broader push to make all accounts passwordless by default , reducing credential‑theft attack surfaces. How Entra Passkeys Work Device‑bound, cryptographic, and non‑transmittable Passkeys are: Generated and stored locally in the Windows Hello secure container Bound to the device (not synced across machines) Unlocked via biometrics or PIN Never transmitted over the network , making them resistant to phishing, replay, and credential‑stealing malware Each Entra account registers its own passkey per device , and multiple accounts can coexist on one machine. Why This Matters for Unmanaged De...

  It turns out the AI Security new information security bot decided to break free and call it a day, sorry for the delay in news alerts off. It will be back. -Corerouter

  Notepad++ update service was compromised Multiple independent security investigations confirm that Notepad++’s update infrastructure was hijacked between June and December 2025 . This was a supply-chain attack originating from a compromise at the hosting‑provider level , not from Notepad++’s code. What exactly was compromised? 1. Update traffic was intercepted and redirected Attackers manipulated the update endpoint ( getDownloadUrl.php ) so that some users requesting updates were silently redirected to malicious servers serving tampered executables . 2. It was targeted , not widespread All sources emphasize that only specific users were affected, likely in an espionage‑focused campaign , not a mass malware distribution effort. 3. Hosting provider compromise, not a Notepad++ bug The attackers gained access to the shared hosting environment , losing direct access in September 2025 but maintaining stolen internal service credentials through December 2, 2025. Attribution: Likely...