IN this edition, DomainTools Investigations sheds light on a sustained, infrastructure-based disinformation operation dubbed the Doppelgänger / RRN ecosystem, with activity tracked from 2022 through 2026. The analysis portrays a coordinated network that mimics Western outlets using domain lookalikes, typo variants and alternate extensions, anchored to a central hub of RRN domains to propagate narratives.
Security Snacks then details a Microsoft 365 credential harvesting campaign that leverages Cloudflare to delay detection, employing anti-detection techniques such as Cloudflare human verification and fake “404 Not Found” pages to route targets away from security tools.
The newsletter also reports an exposure of a TLS private key for Qihoo 360’s Security Claw AI platform, noting that a wildcard certificate tied to \*.myclaw.360[.]cn could enable impersonation if trusted and unrevoked, with evidence pointing to the key being present in an installer package. Another SecuritySnack describes a Chrome extension, “ChatGPT Ad Blocker”, which masquerades as ad‑blocking software but exfiltrates users’ ChatGPT conversation data via a webhook to a private Discord channel. The piece concludes with reading recommendations and a note on upcoming events.