Energy Sector
- The Energy Sector Has No Time To Wait For The Next Cyberattack
"The energy sector remains a major target for cybercriminals. Beyond disrupting daily routines, a power outage can undermine economic stability and public safety. Rising demand for electricity, fueled by technology and digital growth, only adds to the sector’s vulnerability. A major driver of that demand is artificial intelligence: Goldman Sachs predicts that data center power consumption could rise by 160% by 2030, as AI’s enormous energy appetite strains already fragile grids."
https://www.helpnetsecurity.com/2025/08/26/energy-sector-cyber-risks/
Industrial Sector
- INVT VT-Designer And HMITool
"Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process."
https://www.cisa.gov/news-events/ics-advisories/icsa-25-238-01 - Schneider Electric Modicon M340 Controller And Communication Modules
"Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition."
https://www.cisa.gov/news-events/ics-advisories/icsa-25-238-03
Vulnerabilities
- Citrix Fixes Critical NetScaler RCE Flaw Exploited In Zero-Day Attacks
"Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. The CVE-2025-7775 flaw is a memory overflow bug that can lead to unauthenticated, remote code execution on vulnerable devices. In an advisory released today, Citrix states that this flaw was observed being exploited in attacks on unpatched devices."
https://www.bleepingcomputer.com/news/security/citrix-fixes-critical-netscaler-rce-flaw-exploited-in-zero-day-attacks/
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
https://thehackernews.com/2025/08/citrix-patches-three-netscaler-flaws.html
https://www.darkreading.com/vulnerabilities-threats/citrix-zero-day-under-active-attack
https://www.bankinfosecurity.com/citrix-netscaler-devices-yet-again-under-attack-a-29301
https://cyberscoop.com/citrix-netscaler-zero-day-exploited-august-2025/
https://securityaffairs.com/181567/hacking/citrix-fixed-three-netscaler-flaws-one-of-them-actively-exploited-in-the-wild.html
https://www.helpnetsecurity.com/2025/08/26/netscaler-adc-gateway-zero-day-exploited-by-attackers-cve-2025-7775/ - CISA Adds One Known Exploited Vulnerability To Catalog
"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-7775 Citrix NetScaler Memory Overflow Vulnerability"
https://www.cisa.gov/news-events/alerts/2025/08/26/cisa-adds-one-known-exploited-vulnerability-catalog
Malware
- Underground Ransomware Being Distributed Worldwide, Including In South Korea
"The Underground ransomware gang is launching continuous ransomware attacks against companies in various countries and industries, including South Korea. This post describes the analysis and characteristics of the Underground ransomware."
https://asec.ahnlab.com/en/89835/ - Nearly 2,000 Malicious IPs Probe Microsoft Remote Desktop In Single-Day Surge
"On August 21, GreyNoise observed a sharp surge in scanning against Microsoft Remote Desktop (RDP) services. Nearly 2,000 IPs — the vast majority previously observed and tagged as malicious — simultaneously probed both Microsoft RD Web Access and Microsoft RDP Web Client authentication portals. The wave’s aim was clear: test for timing flaws that reveal valid usernames, laying the groundwork for credential-based intrusions."
https://www.greynoise.io/blog/surge-malicious-ips-probe-microsoft-remote-desktop
https://www.bleepingcomputer.com/news/security/surge-in-coordinated-scans-targets-microsoft-rdp-auth-servers/
https://www.darkreading.com/cyber-risk/malicious-scanning-remote-desktop-services - Hook Version 3: The Banking Trojan With The Most Advanced Capabilities
"Zimperium’s zLabs research team has uncovered a new variant of the Hook Android banking trojan, now featuring some of the most advanced capabilities we’ve seen to date. This version introduces: Ransomware-style overlays that display extortion messages, Fake NFC overlays to trick victims into sharing sensitive data, Lockscreen bypass via deceptive PIN and pattern prompts, Transparent overlays to silently capture user gestures, and Stealthy screen-streaming sessions for real-time monitoring."
https://zimperium.com/blog/hook-version-3-the-banking-trojan-with-the-most-advanced-capabilities
https://thehackernews.com/2025/08/hook-android-trojan-adds-ransomware.html
https://www.darkreading.com/endpoint-security/hook-android-trojan-ransomware-attacks
https://hackread.com/android-hook-malware-variant-locks-devices-ransomware/
https://www.infosecurity-magazine.com/news/android-trojan-expands-ransomware/ - ZipLine Campaign: Advanced Social Engineering Phishing Targets U.S. Manufacturing
"Check Point Research has identified ZipLine as one of the most advanced phishing campaigns of recent years. Instead of sending unsolicited phishing emails, the attackers initiate contact through a company’s “Contact Us” form. This reversal forces the victim to send the first email, making the exchange appear legitimate and bypassing reputation-based filters. Gain a deeper understanding of the ZipLine campaign by reading Check Point Research’s full technical analysis."
https://blog.checkpoint.com/research/zipline-campaign-advanced-social-engineering-phishing-targets-u-s-manufacturing/
https://research.checkpoint.com/2025/zipline-phishing-campaign/
https://thehackernews.com/2025/08/mixshell-malware-delivered-via-contact.html
https://www.theregister.com/2025/08/26/zipline_phishing_campaign/ - Widespread Data Theft Targets Salesforce Instances Via Salesloft Drift
"Google Threat Intelligence Group (GTIG) is issuing an advisory to alert organizations about a widespread data theft campaign, carried out by the actor tracked as UNC6395. Beginning as early as Aug. 8, 2025 through at least Aug. 18, 2025, the actor targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party application. The actor systematically exported large volumes of data from numerous corporate Salesforce instances. GTIG assesses the primary intent of the threat actor is to harvest credentials. After the data was exfiltrated, the actor searched through the data to look for secrets that could be potentially used to compromise victim environments."
https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift
https://www.bleepingcomputer.com/news/security/silk-typhoon-hackers-hijack-network-captive-portals-in-diplomat-attacks/
https://cyberscoop.com/salesforce-salesloft-drift-attack-spree-google/ - Israel National Digital Agency Uncovers Global Cyberattack Campaign “ShadowCaptcha”
"Researchers identified a large-scale campaign leveraging the ClickFix technique and fake Google/Cloudflare CAPTCHA pages, active for at least a year and exploiting hundreds of compromised WordPress sites. The attack combines social engineering, abuse of legitimate tools, and multi-stage malware delivery to steal sensitive data, deploy cryptominers, and even trigger ransomware outbreaks."
https://www.gov.il/en/pages/shadowcaptch-campaign
https://thehackernews.com/2025/08/shadowcaptcha-exploits-wordpress-sites.html - Researchers Flag Code That Uses AI Systems To Carry Out Ransomware Attacks
"Researchers at cybersecurity firm ESET claim to have identified the first piece of AI-powered ransomware in the wild. The malware, called PromptLock, essentially functions as a hard-coded prompt injection attack on a large language model, causing the model to assist in carrying out a ransomware attack. Written in Golang programming code, the malware sends its requests through Ollama, an open-source API for interfacing with large language models, and a local version of an open-weights model (gpt-oss:20b) from OpenAI to execute tasks."
https://cyberscoop.com/prompt-lock-eset-ransomware-research-ai-powered-prompt-injection/
https://www.theregister.com/2025/08/26/first_aipowered_ransomware_spotted_by/
Breaches/Hacks/Leaks
- Salesloft Breached To Steal OAuth Tokens For Salesforce Data-Theft Attacks
"Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. Salesloft's SalesDrift is a third-party platform that connects the Drift AI chat agent with a Salesforce instance, allowing organizations to sync conversations, leads, and support cases into their CRM."
https://www.bleepingcomputer.com/news/security/salesloft-breached-to-steal-oauth-tokens-for-salesforce-data-theft-attacks/ - Healthcare Services Group Data Breach Impacts 624,000
"Healthcare Services Group is notifying over 624,000 individuals that their personal information was stolen in a data breach. The incident, the organization says, was identified on October 7, 2024, and involved unauthorized access to its systems between September 27, 2024, and October 3, 2024. During the timeframe, the hackers copied certain files from the compromised machines, including files containing personal information. The compromised data, Healthcare Services Group says, includes names, Social Security numbers, driver’s license numbers, state identification numbers, financial account details, and credentials."
https://www.securityweek.com/healthcare-services-group-data-breach-impacts-624000/ - Nissan Confirms Design Studio Data Breach Claimed By Qilin Ransomware
"Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI). This came in response to the Qilin ransomware group's claims that they had stolen four terabytes of data from CBI, including 3D vehicle design models, internal reports, financial documents, VR design workflows, and photos. "On August 16, 2025, suspicious access was detected on the data server of Creative Box Inc. (CBI), a company contracted by Nissan for design work," stated a Nissan spokesperson to BleepingComputer."
https://www.bleepingcomputer.com/news/security/nissan-confirms-design-studio-data-breach-claimed-by-qilin-ransomware/
General News
- The Silent Data Leak Crisis In Australia’s Supply Chains
"Australia is experiencing an unprecedented cybercrime epidemic that is reshaping the digital threat landscape. As artificial intelligence becomes more sophisticated and accessible, cybercriminals are leveraging these technologies to launch increasingly sophisticated attacks, while supply chain vulnerabilities continue to expose organizations to devastating data breaches. The statistics paint a sobering picture of a nation under digital siege."
https://cyble.com/blog/australia-supply-chain-vulnerabilities/ - Protecting Farms From Hackers: A Q&A With John Deere’s Deputy CISO
"Agriculture is a connected, software-driven industry where cybersecurity is just as essential as tractors and harvesters. From embedded hardware in smart fleets to defending against advanced persistent threats, protecting the agricultural supply chain requires a layered, collaborative approach. In this Help Net Security interview, Carl Kubalsky, Director and Deputy CISO at John Deere discusses the most pressing security challenges in agriculture, how his team is working with partners and ethical hackers to stay ahead of adversaries, and what priorities will define the next 12-18 months."
https://www.helpnetsecurity.com/2025/08/26/carl-kubalsky-john-deere-smart-agriculture-cybersecurity/ - LLMs At The Edge: Rethinking How IoT Devices Talk And Act
"Anyone who has set up a smart home knows the routine: one app to dim the lights, another to adjust the thermostat, and a voice assistant that only understands exact phrasing. These systems call themselves smart, but in practice they are often rigid and frustrating. A new paper by Alakesh Kalita, IEEE Senior Member, suggests a different path. By combining LLMs with IoT networks at the edge, devices could respond to natural language commands in a way that feels intuitive and coordinated. Instead of managing each device separately, a user could issue one broad command and let the system figure out the details."
https://www.helpnetsecurity.com/2025/08/26/llm-iot-integration/ - CIISec: Most Security Professionals Want Stricter Regulations
"More than two-thirds (69%) of industry professionals have argued that current cybersecurity laws still aren’t strict enough, according to a new survey by the Chartered Institute of Information Security (CIISec). The organization’s annual State of the Security Profession survey is compiled from interviews with CIISec members and the wider security community. Some early findings were shared in a blog post last week by CEO Amanda Finch, who revealed that the report focuses heavily on regulation this year."
https://www.infosecurity-magazine.com/news/ciisec-security-professionals/ - Google To Verify All Android Developers In 4 Countries To Block Malicious Apps
"Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. "Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices," the company said. "This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down.""
https://thehackernews.com/2025/08/google-to-verify-all-android-developers.html
https://android-developers.googleblog.com/2025/08/elevating-android-security.html
https://www.bleepingcomputer.com/news/security/google-to-verify-all-android-devs-to-block-malware-on-google-play/ - The Hidden Risk Of Consumer Devices In The Hybrid Workforce
"The recent addition of D-Link camera and video recorders to the Known Exploited Vulnerabilities Catalog (KEV) points to a broader and persistent threat: Consumer devices are increasingly putting businesses at risk. In the hybrid work era, home networks now serve as an extension of the corporate environment, yet they are often built on outdated, insecure devices that lack proper patching or support life cycles. These weaknesses have become a fertile attack surface for threat actors who aim to compromise enterprise systems from the outside in."
https://www.darkreading.com/cyberattacks-data-breaches/hidden-risk-consumer-devices-hybrid-workforce - Beyond The Prompt: Building Trustworthy Agent Systems
"We’re witnessing the quiet rise of the agent ecosystem – systems built not just to answer questions, but to plan, reason, and execute complex tasks. Tools like GPT-4, Claude, and Gemini are the engines. But building reliable, secure, and effective agent systems demand more than just plugging in an API. It demands deliberate architecture and a focus on best practices."
https://www.securityweek.com/beyond-the-prompt-building-trustworthy-agent-systems/ - Governments, Tech Companies Meet In Tokyo To Share Tips On Fighting North Korea IT Worker Scheme
"Multiple governments and companies held a forum in Tokyo on Tuesday to discuss ways of combating a years-long campaign by North Korea to have its citizens illicitly hired in information technology roles. The U.S. State Department said it worked with the Ministries of Foreign Affairs in Japan and South Korea to organize the forum, which had more than 130 attendees from freelance work platforms, payment service providers, cryptocurrency companies, AI firms and more."
https://therecord.media/japan-us-south-korea-forum-north-korea-it-worker-scheme
อ้างอิง
Electronic Transactions Development Agency(ETDA) 
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
platform successfully blocked a sophisticated malware campaign that attempted to compromise over 300 customer environments. The campaign deployed SHAMOS, a variant of Atomic macOS Stealer (AMOS) developed by the cybercriminal group COOKIE SPIDER. Operating as malware-as-a-service, COOKIE SPIDER rents this information stealer to cybercriminals who deploy it to harvest sensitive information and cryptocurrency assets from victims. The campaign utilized malvertising to direct users to fraudulent macOS help websites where victims were instructed to execute a malicious one-line installation command."
![[TLP_CLEAR] แจ้งเตือน แคมเปญการโจมตี Dire Wolf Ransomware v4.jpg](/assets/uploads/files/1755850513117-tlp_clear-%E0%B9%81%E0%B8%88-%E0%B8%87%E0%B9%80%E0%B8%95-%E0%B8%AD%E0%B8%99-%E0%B9%81%E0%B8%84%E0%B8%A1%E0%B9%80%E0%B8%9B%E0%B8%8D%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B9%82%E0%B8%88%E0%B8%A1%E0%B8%95-dire-wolf-ransomware-v4.jpg)
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
Research has independently verified these findings. Both of these flaws build on CVE-2025-49706 and CVE-2025-49704, the initial vulnerabilities in Microsoft SharePoint that were disclosed during Pwn2Own Berlin 2025 by Viettel Cyber Security as part of a chained attack. These were patched as part of the July 2025 Patch Tuesday cycle. However, further analysis revealed that the initial patches were not fully complete, which necessitated the release of CVE-2025-53770 and CVE-2025-53771."