VulnHub

Real-time Cybersecurity News

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

The Hacker News
Actively Exploited
Update

Overview

APT28, a Russian state-linked hacking group, has been exploiting vulnerabilities in MikroTik and TP-Link routers as part of a global cyber espionage campaign. Since at least May 2025, the group has targeted these routers to change their settings, effectively turning them into tools for malicious activities. This campaign raises significant concerns for users of these devices, as it can lead to unauthorized access to sensitive information and potential data breaches. The exploitation highlights the importance of securing home and small office routers, which are often overlooked in cybersecurity discussions. Users are urged to update their firmware and review their router settings to prevent unauthorized access.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: MikroTik routers, TP-Link routers
  • Action Required: Users should update their router firmware to the latest version and review security settings to ensure they are configured correctly.
  • Timeline: Ongoing since May 2025

Original Article Summary

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025. The large-scale exploitation campaign has been codenamed

Impact

MikroTik routers, TP-Link routers

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since May 2025

Remediation

Users should update their router firmware to the latest version and review security settings to ensure they are configured correctly.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Update.

Read Original Article

Related Coverage

Voxbeam fined $4.5M by FCC over robocall case

SCM feed for Latest

Voxbeam Telecommunications, a major U.S. voice service provider, has been fined $4.5 million by the Federal Communications Commission (FCC) for mishandling call traffic. The FCC found that Voxbeam accepted suspicious call traffic from a foreign provider without proper authorization. This incident raises concerns about the integrity of telecommunications networks and the potential for abuse through unauthorized call traffic. The fine serves as a reminder for voice service providers to ensure compliance with regulations designed to combat robocalls and protect consumers. As the issue of robocalls continues to plague many Americans, this action by the FCC aims to strengthen enforcement against companies that contribute to the problem.

Apr 7, 2026

Malicious PyPI package enables Claude prompt, data compromise

SCM feed for Latest

A malicious package named 'hermes-px' has been found on PyPI, posing as an AI inference proxy tool compatible with OpenAI. This package was used by attackers to compromise the internal AI endpoint of a Tunisian university. Once inside, they were able to exfiltrate sensitive data, including prompts and conversations from Anthropic's Claude AI. This incident raises concerns about the security of third-party packages and the potential for serious data breaches if similar tactics are employed elsewhere. Users and developers need to be vigilant about the origins of the code they use to avoid falling victim to such attacks.

Apr 7, 2026

FBI: Americans lost a record $21 billion to cybercrime last year

BleepingComputer

According to the FBI, Americans lost nearly $21 billion to cyber-enabled crimes in the past year. The report identifies investment scams, business email compromise, tech support fraud, and data breaches as the primary drivers of these losses. This staggering amount reflects the growing sophistication of cybercriminals and the vulnerabilities that individuals and businesses face. Victims range from everyday citizens to large organizations, all of whom are at risk of falling prey to these types of scams. The increasing financial impact of cybercrime emphasizes the need for better awareness and protective measures to safeguard against such threats.

Apr 7, 2026

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

Security Affairs

A serious vulnerability in Flowise, identified as CVE-2025-59528, is currently being exploited by attackers to execute malicious code remotely. This flaw, which has a CVSS score of 10, arises from insufficient validation of user-supplied JavaScript, allowing unauthorized access to systems and file systems. Organizations using Flowise are at risk, as this vulnerability can lead to significant security breaches. The exploitation of such vulnerabilities can result in data theft, system compromise, and other malicious activities. It's essential for users and administrators to be aware of this issue and take appropriate action to protect their systems.

Apr 7, 2026

Grafana Patches AI Bug That Could Have Leaked User Data

darkreading

Grafana has patched a significant vulnerability that could have allowed attackers to exploit artificial intelligence features on their platform. By embedding harmful instructions in a webpage controlled by the attacker, the AI could interpret these commands as legitimate requests, potentially leading to the exposure of sensitive user data. This issue raises concerns for organizations using Grafana, as it highlights the risks associated with AI integrations in web applications. Users are advised to update their Grafana installations to safeguard against this vulnerability, which could have serious implications for data security if left unaddressed.

Apr 7, 2026

Cybercrime losses break the $20 billion mark

Help Net Security

Cybercrime is becoming an increasingly costly issue, with losses from online crime surpassing $20 billion in 2025, according to the FBI’s Internet Crime Complaint Center (IC3). This marks a significant 26% increase from the previous year, driven largely by fraud, which accounted for about 85% of the total losses. The report indicates that over one million complaints were filed, with cyber-enabled fraud alone resulting in nearly $17.7 billion in damages. The rise in these financial losses points to a growing vulnerability among individuals and businesses, emphasizing the urgent need for improved cybersecurity measures. As online crime continues to evolve, both users and organizations must remain vigilant to protect themselves from these threats.

Apr 7, 2026