Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation disrupted FrostArmada, a campaign linked to Russia’s APT28 that compromised SOHO routers, changed DNS settings, and intercepted Microsoft login traffic to steal credentials and OAuth tokens. At its peak in December 2025, the campaign had infected about 18,000 devices across 120 countries, and the case is a useful reminder that unmanaged edge devices can become a quiet path into much larger organizations.
Massachusetts hospital turning ambulances away after cyberattack
Signature Healthcare in Massachusetts said a cyberattack affected many of its information systems, forcing it to turn away ambulances and rely on downtime procedures while recovery work continues. Emergency walk-ins and surgeries are still being handled, but the incident shows again how quickly a hospital intrusion can spill over into patient care operations even before attribution or full scope are known.
Critical ShareFile Flaws Lead to Unauthenticated RCE
Researchers say two critical ShareFile flaws can be chained to bypass authentication and achieve remote code execution by abusing Storage Zone configuration and file upload functionality. One of the bugs, CVE-2026-2699, can expose administrative configuration access without authentication, and the reported abuse path could let an attacker exfiltrate files by redirecting storage to infrastructure they control.
Flatpak 1.16.4 fixes sandbox escape and three other security flaws
Flatpak 1.16.4 fixes four security issues, including CVE-2026-34078, a complete sandbox escape that can lead to host file access and code execution in the host context. For Linux environments that rely on Flatpak for application isolation, this is the kind of update that deserves prompt attention because it cuts directly against the boundary the platform is supposed to enforce.
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
German authorities say they have identified Daniil Maksimovich Shchukin as “UNKN,” the alleged leader behind the GandCrab and REvil ransomware groups, and linked him to at least 130 acts of sabotage and extortion in Germany. The naming is notable because it shows law enforcement is still building public attribution and financial cases against major ransomware operators years after the most visible campaigns peaked.
The post InfoSec News Nuggets 04/08/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
