APT28 Exploits SOHO Routers for DNS Hijacking and Token Theft — The Hacker News

APT28, a Russia-linked threat actor, is actively exploiting vulnerabilities in older SOHO routers to conduct a global DNS hijacking campaign. This operation aims to intercept and steal Microsoft Office tokens, leveraging known router vulnerabilities. Security teams should prioritize patching affected router models and monitor network traffic for signs of DNS manipulation to mitigate potential breaches.

Storm-1175 Rapidly Deploys Medusa Ransomware via Zero-Days — Dark Reading

Storm-1175, a China-linked threat group, is exploiting zero-day vulnerabilities to deploy Medusa ransomware at high velocity. This campaign targets systems using N-day and zero-day vulnerabilities, emphasizing the need for immediate patching and monitoring for IOCs related to Medusa ransomware. Security teams should stay alert to threat intelligence updates and apply patches swiftly to reduce exposure.

Docker CVE-2026-34040: Authorization Bypass Risk — The Hacker News

A high-severity vulnerability (CVE-2026-34040) has been disclosed in Docker Engine, allowing attackers to bypass authorization and gain host access. This flaw affects Docker installations using default configurations, posing a significant risk of unauthorized access. Security teams should immediately apply the available patches and review Docker configurations to ensure robust access controls are in place.

• Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins [BleepingComputer]
• Hackers exploit critical flaw in Ninja Forms WordPress plugin [BleepingComputer]
• US warns of Iranian hackers targeting critical infrastructure [BleepingComputer]
• Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed [The Hacker News]
• Fortinet修复FortiClient EMS零日漏洞遭黑客攻击 - Sohu [Google News Security (CN)]