VulnHub

Real-time Cybersecurity News

Russian hackers hijack internet traffic using vulnerable routers

Help Net Security
Actively Exploited

Overview

The UK’s National Cyber Security Centre (NCSC) has issued a warning about the Russian cyber group APT28, which is reportedly hijacking internet traffic by compromising vulnerable routers. The attackers manipulate DHCP and DNS settings to redirect user traffic through their own servers, allowing them to spy on victims. This activity is linked to the GRU's Military Intelligence Unit 26165. Organizations and individuals using susceptible routers may be at risk, making it crucial for them to secure their devices against such exploits. The ongoing activity highlights the need for constant vigilance in network security, especially when it comes to maintaining router configurations.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Vulnerable routers, particularly those with weak security configurations.
  • Action Required: Users should secure their router configurations, update firmware to the latest versions, and implement strong passwords.
  • Timeline: Ongoing since 2024

Original Article Summary

The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic through servers they control. “We assess that APT28 is almost certainly the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Centre (GTsSS) Military Intelligence Unit 26165.” said NCSC. Since 2024, APT28 … More → The post Russian hackers hijack internet traffic using vulnerable routers appeared first on Help Net Security.

Impact

Vulnerable routers, particularly those with weak security configurations.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2024

Remediation

Users should secure their router configurations, update firmware to the latest versions, and implement strong passwords. Specific patches or configurations were not mentioned.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning

Hackread – Cybersecurity News, Data Breaches, AI and More

Cybercriminals are exploiting search engine optimization (SEO) techniques to direct developers to fake installer sites for popular tools like Gemini and Claude. These counterfeit sites are designed to deliver fileless malware, which can operate without traditional files on the disk, making detection more challenging. Once infected, developers risk having sensitive data stolen, which could lead to significant security breaches. This is particularly concerning given the reliance on these tools in development environments. Developers and companies need to be vigilant about where they download software to avoid falling victim to these malicious schemes.

May 26, 2026

Critical vulnerability in Universal Robots' PolyScope OS allows remote command execution

SCM feed for Latest

A serious vulnerability in Universal Robots' PolyScope operating system has been identified, allowing potential attackers to execute commands remotely. This flaw, tracked as CVE-2026-8153, has a high severity rating of 9.8, indicating a significant risk. It affects all versions of PolyScope software prior to 5.25.1, which means any users operating older versions are at risk. The ability for remote command execution could enable unauthorized access to connected systems, posing a threat to operational security. Users and organizations utilizing Universal Robots' systems need to take immediate action to update their software to the latest version to mitigate this risk.

May 26, 2026

Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike

SCM feed for Latest

A zero-day vulnerability identified as CVE-2026-5426 has been discovered in a Japanese Learning Management System (LMS). This security flaw arises from the use of hard-coded ASP.NET machine keys, which attackers can exploit to deploy Cobalt Strike, a popular penetration testing tool that can also be used for malicious purposes. The exploitation of this vulnerability poses significant risks to educational institutions and organizations using the LMS, potentially allowing unauthorized access to sensitive information and systems. Users of the affected LMS should take immediate steps to secure their systems to prevent potential intrusions.

May 26, 2026

Zero-click attack hijacks WhatsApp accounts on iOS 16

SCM feed for Latest

A new zero-click attack has been discovered that targets WhatsApp accounts on devices running iOS 16. This attack takes advantage of vulnerabilities in the ImageIO framework, specifically identified as CVE-2025-43300, and potentially CVE-2025-55177. By exploiting these flaws, attackers can gain unauthorized access to WhatsApp sessions without any user interaction. This is particularly concerning for users of iOS 16, as it opens the door for unauthorized access to private messages and data. Users should remain vigilant and consider updating their devices as soon as patches are available to mitigate this risk.

May 26, 2026

Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month

Hackread – Cybersecurity News, Data Breaches, AI and More

Anthropic's Claude Mythos AI has reportedly identified over 10,000 software vulnerabilities in just one month, with a notable number of these flaws found in open-source code. This discovery raises significant concerns for developers and organizations relying on open-source software, as these vulnerabilities could be exploited by malicious actors if not addressed promptly. The identified flaws range from minor issues to critical vulnerabilities, potentially affecting a wide array of software applications. This highlights the importance of continuous security assessments and the need for developers to prioritize vulnerability management in their software supply chains. With software vulnerabilities being a common entry point for cyberattacks, organizations should take immediate action to patch any flaws identified by AI tools like Claude Mythos.

May 26, 2026

Anthropic: Mythos finds more than 10,000 software flaws in first month

CyberScoop

Anthropic's new tool, Mythos, has identified over 10,000 software flaws in its first month of operation. This impressive figure indicates a tenfold increase in the rate of bug discovery among some partnered organizations. However, there is a concerning trend of a growing gap between identifying these flaws and actually fixing them, which could leave systems vulnerable. The findings suggest that while many companies are becoming more aware of their software vulnerabilities, they may not be equipped to address them promptly. This situation highlights the ongoing challenges in software security and the need for effective remediation strategies to protect against potential exploitation.

May 26, 2026