[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:10-domain-could-have-handed-hackers-25k-endpoints-including-in-ot-and-gov-networ-mo1m7ov2":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":15,"article_ids":16,"ioc_summary":18,"source_urls":19,"status":21,"expires_at":22,"created_at":23,"updated_at":24,"articles":25},"e7d1ac26-6da8-4d3f-a7eb-fd9481da0d4c","$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks","10-domain-could-have-handed-hackers-25k-endpoints-including-in-ot-and-gov-networ-mo1m7ov2","Malware signed by Dragon Boss Solutions infected 25,000+ endpoints across 124 countries, including 221 universities, 41 OT\u002Fcritical infrastructure networks, 35 government entities, and multiple Fortune 500 companies. The malware disables AV, persists via scheduled tasks and WMI, and relies on an unregistered update domain (chromsterabrowser[.]com) that any actor could register for ~$10 to push arbitrary code. If that domain was registered by an attacker, all 25k endpoints became remote code execution targets.","critical","advisory",[],[13,14],"Dragon Boss Solutions","Huntress","Immediately hunt for chromsterabrowser[.]com DNS requests and connections in your network logs. If found, assume compromise: isolate endpoints, capture memory, and scan for AV disablement, scheduled tasks, and WMI event subscriptions. Query all signed binaries from Dragon Boss Solutions for presence and execution.",[17],"4f3a5d25-b2be-4612-8ccd-e2b16bae0466",null,[20],"https:\u002F\u002Fwww.securityweek.com\u002F10-domain-could-have-handed-hackers-25k-endpoints-including-in-ot-and-gov-networks\u002F","archived","2026-04-18T15:09:14.202+00:00","2026-04-16T15:09:22.990533+00:00","2026-04-18T17:08:26.815278+00:00",[26],{"id":17,"title":6,"url":20}]