Category: Uncategorized

CNN
 — 

Buffalo Bills safety Damar Hamlin, who has been cleared to resume football activities, said Tuesday his cardiac arrest during an NFL game in January was caused by commotio cordis.

Hamlin went into cardiac arrest after making a tackle and appearing to be hit with a helmet in his chest during the first quarter of the Bills’ game against the Cincinnati Bengals on January 2.

Commotio cordis can occur when severe trauma to the chest disrupts the heart’s electrical charge and causes dangerous fibrillations.

“I died on national TV in front of the whole world,” Hamlin said in his first session with reporters since the injury. “I lost a bunch of people in my life. I know a bunch of people who lost people in their lives. I know that feeling. That right there is the biggest blessing of it all – for me to still have my people and my people to still have me.”

The 25-year-old has been at the Bills’ practice facility in Orchard Park, New York, participating in voluntary offseason workouts this week, according to the team.

“He is fully cleared,” Bills General Manager Brandon Beane told reporters. “He’s here.”

Hamlin said he was blessed to have a wonderful medical staff who “treat me with the care of their children.”

The safety said his heart is still in the game and he was announcing his comeback to the NFL.

“I just want to show people that fear is a choice. You can keep going at something without having the answers and without knowing what’s at the end of the tunnel,” he said. “You might feel anxious – you might feel any type of way – but you just keep putting that right foot in front of the left one and you keep going. I want to stand for that.”

Beane said that Hamlin had seen three separate specialists over the offseason, who all agreed that the player “is clear to resume full activities just like anyone else who was coming back from an injury.”

“(Hamlin’s) in a great headspace to come back and make his return,” Beane added.

Bills head coach Sean McDermott said the team is happy that Hamlin is back.

“We’re super excited for Damar. He’s moving forward one step at a time here. He’s been cleared from a physical standpoint,” McDermott said.

“We’ll provide all of the mental help we can from a mind, body and spirit standpoint so just happy for him that he’s been able to check some of those boxes to this point and we’re moving forward taking it one day at a time.”

According to the American Heart Association and the American College of Cardiology, if no underlying cardiac abnormalities are discovered through testing, athletes who have been resuscitated from commotio cordis may return to playing.

Hamlin likely went through a lot of tests, including electrocardiograms and echocardiograms, before doctors cleared him to return to training.

“What it basically means a few things. One is that his heart function returned to normal. He has no underlying problems with the anatomy of the heart itself, and he has no underlying electrical problems, so that’s the most important thing – and the way they figured that out over the last three-and-a-half months was to do a lot of tests,” CNN Chief Medical Correspondent Dr. Sanjay Gupta said on “CNN News Central.”

Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect visitors to sites that foist scams and malware.

When Internet users try to visit expired domain names or accidentally navigate to a lookalike “typosquatting” domain, they are typically brought to a placeholder page at a domain parking company that tries to monetize the wayward traffic by displaying links to a number of third-party websites that have paid to have their links shown.

A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time — regardless of whether the visitor clicked on any links at the parked page.

But in a series of experiments over the past few months, researchers at the security firm Infoblox say they discovered the situation is now reversed, and that malicious content is by far the norm now for parked websites.

“In large scale experiments, we found that over 90% of the time, visitors to a parked domain would be directed to illegal content, scams, scareware and anti-virus software subscriptions, or malware, as the ‘click’ was sold from the parking company to advertisers, who often resold that traffic to yet another party,” Infoblox researchers wrote in a paper published today.

Infoblox found parked websites are benign if the visitor arrives at the site using a virtual private network (VPN), or else via a non-residential Internet address. For example, Scotiabank.com customers who accidentally mistype the domain as scotaibank[.]com will see a normal parking page if they’re using a VPN, but will be redirected to a site that tries to foist scams, malware or other unwanted content if coming from a residential IP address. Again, this redirect happens just by visiting the misspelled domain with a mobile device or desktop computer that is using a residential IP address.

According to Infoblox, the person or entity that owns scotaibank[.]com has a portfolio of nearly 3,000 lookalike domains, including gmai[.]com, which demonstrably has been configured with its own mail server for accepting incoming email messages. Meaning, if you send an email to a Gmail user and accidentally omit the “l” from “gmail.com,” that missive doesn’t just disappear into the ether or produce a bounce reply: It goes straight to these scammers. The report notices this domain also has been leveraged in multiple recent business email compromise campaigns, using a lure indicating a failed payment with trojan malware attached.

Infoblox found this particular domain holder (betrayed by a common DNS server — torresdns[.]com) has set up typosquatting domains targeting dozens of top Internet destinations, including Craigslist, YouTube, Google, Wikipedia, Netflix, TripAdvisor, Yahoo, eBay, and Microsoft. A defanged list of these typosquatting domains is available here (the dots in the listed domains have been replaced with commas).

David Brunsdon, a threat researcher at Infoblox, said the parked pages send visitors through a chain of redirects, all while profiling the visitor’s system using IP geolocation, device fingerprinting, and cookies to determine where to redirect domain visitors.

“It was often a chain of redirects — one or two domains outside the parking company — before threat arrives,” Brunsdon said. “Each time in the handoff the device is profiled again and again, before being passed off to a malicious domain or else a decoy page like Amazon.com or Alibaba.com if they decide it’s not worth targeting.”

Brunsdon said domain parking services claim the search results they return on parked pages are designed to be relevant to their parked domains, but that almost none of this displayed content was related to the lookalike domain names they tested.

Infoblox said a different threat actor who owns domaincntrol[.]com — a domain that differs from GoDaddy’s name servers by a single character — has long taken advantage of typos in DNS configurations to drive users to malicious websites. In recent months, however, Infoblox discovered the malicious redirect only happens when the query for the misconfigured domain comes from a visitor who is using Cloudflare’s DNS resolvers (1.1.1.1), and that all other visitors will get a page that refuses to load.

The researchers found that even variations on well-known government domains are being targeted by malicious ad networks.

“When one of our researchers tried to report a crime to the FBI’s Internet Crime Complaint Center (IC3), they accidentally visited ic3[.]org instead of ic3[.]gov,” the report notes. “Their phone was quickly redirected to a false ‘Drive Subscription Expired’ page. They were lucky to receive a scam; based on what we’ve learnt, they could just as easily receive an information stealer or trojan malware.”

The Infoblox report emphasizes that the malicious activity they tracked is not attributed to any known party, noting that the domain parking or advertising platforms named in the study were not implicated in the malvertising they documented.

However, the report concludes that while the parking companies claim to only work with top advertisers, the traffic to these domains was frequently sold to affiliate networks, who often resold the traffic to the point where the final advertiser had no business relationship with the parking companies.

Infoblox also pointed out that recent policy changes by Google may have inadvertently increased the risk to users from direct search abuse. Brunsdon said Google Adsense previously defaulted to allowing their ads to be placed on parked pages, but that in early 2025 Google implemented a default setting that had their customers opt-out by default on presenting ads on parked domains — requiring the person running the ad to voluntarily go into their settings and turn on parking as a location.

CNN
 — 

A 34-year-old man was arrested Tuesday evening in connection with the killings of four people who were found dead earlier in the day at a Bowdoin, Maine, home, authorities said.

The killings appeared to be connected to a series of nearby highway shootings that left three drivers injured – including one critically – shortly after the four bodies were discovered, state police have said.

The man arrested was identified by Maine State Police as Joseph Eaton.

Eaton was taken to Two Bridges Regional Jail and will make an initial court appearance later in the week, state police said in a Tuesday evening news release. State police did not say as of late Tuesday night that he was being held in connection with the highway shootings.

CNN has not yet been able to identify an attorney for Eaton.

“Investigators will be working throughout the night processing multiple scenes and continuing to interview people involved with this incident,” state police said in the news release.

Police have not shared details about a possible motive in the two incidents and did not share details about the four people found dead in the home.

In a statement on Twitter, Maine Gov. Janet Mills said, “Like people across Maine, I am shocked and deeply saddened – acts of violence like we experienced today shake our state and our communities to the core.”

Maine State Police responded Tuesday morning to the Bowdoin home, where they found the four deceased victims inside, state police Lt. Randall Keaten said in a news conference earlier Tuesday.

Shortly after, authorities received reports of several vehicles getting hit by gunfire on I-295 in the area of Yarmouth, which is about 40 minutes from Bowdoin.

Three people were shot while driving and were taken to the hospital, state police said. At least one of those three was in critical condition Tuesday, authorities added.

“We’ve got vehicles that have been hit by straight gunfire all across that we’re getting reports on, so if anybody has holes in their vehicles, please contact us so that we can follow up with that,” Keaten said.

The victims found in the Bowdoin home and the highway shootings are connected, Keaten said, adding there is no threat to the public.

The four bodies were taken to the Office of the Chief Medical Examiner in Augusta where autopsies will determine the manner and cause of death state police said.

Authorities have asked anyone who may have witnessed something or has any information about the Tuesday morning incidents to reach out.

“A lot happened this morning between those two scenes and those are the people that we want to talk to, those people that were impacted by this,” Keaten said, adding authorities were continuing to work on several impacted scenes and gather more information.