Timeline
CVE-2023-50224
TP-Link WR841N router vulnerability exploited by APT28 to rewrite DNS settings and steal Microsoft 365 credentials.
10 of 10 entries (10 events, 0 interactions)
Filters
#415 May
Exchange repeats the CISA deadline-before-patch trap
Cybersecurity: Threats and Defences#413 May
Mentioned in: Patch Tuesday clean streak hides out-of-band KEVs
Cybersecurity: Threats and Defences#411 May
UNC6780 takes Cisco AI Defense source code
Cybersecurity: Threats and Defences#37 May
Added to KEV on 7 May with 10 May deadline, confirmed limited exploitation in the wild
Cybersecurity: Threats and Defences: Ivanti EPMM logs fourth KEV zero-day since 2023#330 Apr
Disclosed by WatchTowr Labs and added to KEV on 30 April with 3 May deadline
Cybersecurity: Threats and Defences: cPanel zero-day ran 65 days before patch; Sorry ransomware active#224 Apr
FIRESTARTER implant survives every Cisco firewall patch
Cybersecurity: Threats and Defences#224 Apr
Mentioned in: Federal agency stayed compromised six months
Cybersecurity: Threats and Defences#319 Apr
Mentioned in: KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and Defences#17 Apr
Enabled APT28 to extract router credentials and modify DNS settings on TP-Link WR841N devices
Cybersecurity: Threats and Defences: GRU hijacks home routers for M365 logins#128 Mar