NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 16 October 2025

    Cyber Security News
    1
    1
    81
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Energy Sector

      • The Power Grid Is Getting Old, And So Is The Cybersecurity Protecting It
        "Critical infrastructure is getting older, and the cost of that decay is starting to show. The Arthur D. Little Built to Last? report says that the systems powering energy, water, and transport are reaching the end of their design life. Much of the world’s infrastructure was built between the 1950s and 1970s. In the United States, nearly 70% of the power grid is over 25 years old, and about one third of bridges need repair. Similar conditions exist across Europe. Power grids, water systems, and transportation networks rely on hardware and software never meant for a hyperconnected world. Mechanical components corrode or fatigue, while digital systems degrade through outdated software, legacy interfaces, and missed updates."
        https://www.helpnetsecurity.com/2025/10/15/aging-critical-infrastructure-cybersecurity/

      Industrial Sector

      • Roaring Access: Exploiting a Pre-Auth Root RCE On Sixnet RTUs
        "Team82 is publishing some details on two serious vulnerabilities in two Red Lion Sixnet remote terminal unit (RTU) products, and in the Sixnet Universal protocol. Both of the vulnerabilities were assessed a CVSS v3 score of 10.0, and users are urged to apply patches provided by Red Lion; Team82 delayed publication of these details in order to allow asset owners to patch and protect their devices. he vulnerabilities affect Red Lion SixTRAK and VersaTRAK RTUs, and allow an unauthenticated attacker to execute commands with root privileges."
        https://claroty.com/team82/research/roaring-access-exploiting-a-pre-auth-root-rce-on-sixnet-rtus
        https://thehackernews.com/2025/10/two-cvss-100-bugs-in-red-lion-rtus.html
      • A Safer Way To Break Industrial Systems (on Purpose)
        "Cybersecurity teams often struggle to test defenses for industrial control systems without risking disruption. A group of researchers from Curtin University has developed a way to make that easier. Their work introduces a container-based framework that lets researchers and practitioners simulate real control system environments and run cyberattacks on them safely."
        https://www.helpnetsecurity.com/2025/10/15/industrial-control-system-simulation-cybersecurity/
      • ICS Patch Tuesday: Fixes Announced By Siemens, Schneider, Rockwell, ABB, Phoenix Contact
        "The October 2025 Patch Tuesday has brought advisories from several major ICS/OT vendors, including Siemens, Schneider Electric, Rockwell Automation, ABB, Phoenix Contact, and Moxa. Siemens has published six new advisories, including two that describe critical vulnerabilities. One of them is a critical flaw in TeleControl Server Basic, which can allow an unauthenticated, remote attacker to obtain user password hashes. The attacker can then log in and perform unauthorized operations. The second critical bug is an authentication issue impacting Simatic ET 200SP communication processors. An unauthenticated, remote attacker can exploit the vulnerability to access configuration data."
        https://www.securityweek.com/ics-patch-tuesday-fixes-announced-by-siemens-schneider-rockwell-abb-phoenix-contact/
      • Open PLC And Planet Vulnerabilities
        "Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one vulnerability in the OpenPLC logic controller and four vulnerabilities in the Planet WGR-500 router. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website."
        https://blog.talosintelligence.com/open-plc-and-planet-vulnerabilities/

      New Tooling

      • Maltrail: Open-Source Malicious Traffic Detection System
        "Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available blacklists, as well as static lists compiled from antivirus reports and user-defined sources. These “trails” can include domain names, URLs, IP addresses, or even HTTP User-Agent values. On top of that, Maltrail can use optional heuristic methods to identify new or unknown threats, such as emerging malware."
        https://www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
        https://github.com/stamparm/maltrail

      Vulnerabilities

      • Vulnerabilities Resolved In Veeam Backup & Replication 12.3.2.4165 Patch
        "A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user."
        https://www.veeam.com/kb4771
      • High-Severity Vulnerabilities Patched By Fortinet And Ivanti
        "Fortinet and Ivanti have announced their October 2025 Patch Tuesday updates, which fix potentially serious vulnerabilities across their products. Fortinet has published 29 new advisories covering more than 30 vulnerabilities. Several of the flaws have been assigned a ‘high severity’ rating, including CVE-2025-54988, which impacts FortiDLP due to its use of Apache Tika. Tika is impacted by a critical flaw allowing an attacker to read sensitive data or send malicious requests to internal resources or third-party servers."
        https://www.securityweek.com/high-severity-vulnerabilities-patched-by-fortinet-and-ivanti/
      • Adobe Patches Critical Vulnerability In Connect Collaboration Suite
        "Adobe on Tuesday announced patches for over 35 vulnerabilities in its products, including a critical-severity bug in the Adobe Connect collaboration suite. The critical flaw, tracked as CVE-2025-49553 (CVSS score of 9.3), is described as a cross-site scripting (XSS) issue that could be exploited to execute arbitrary code. Fixes for the security defect were included in Adobe Connect version 12.10 which has been rolled out to Windows and macOS systems with patches for two other flaws, including a high-severity XSS bug leading to code execution."
        https://www.securityweek.com/adobe-patches-critical-vulnerability-in-collaboration-suite/
      • ICTBroadcast Command Injection Actively Exploited (CVE-2025-2611)
        "On October 11, we added CVE-2025-2611 to the VulnCheck Known Exploited Vulnerability Catalog (VulnCheck KEV) after observing attackers exploiting the vulnerability in the wild. CVE-2025-2611 is an unauthenticated command injection affecting ICTBroadcast, a call center software platform. The software, which should not be internet-facing, currently has a couple hundred instances online. The vulnerability was discovered by Valentin Lobstein (aka Chocapikk) and disclosed to the vendor in March 2025. Valentin later authored a Metasploit module after the vulnerability exceeded the 120-day disclosure deadline outlined in the VulnCheck vulnerability disclosure policy."
        https://www.vulncheck.com/blog/ictbroadcast-kev
        https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html
      • CISA Directs Federal Agencies To Mitigate Vulnerabilities In F5 Devices
        "Today, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly released updates from F5. A nation-state affiliated cyber threat actor has compromised F5 systems and exfiltrated data, including portions of the BIG-IP proprietary source code and vulnerability information, which provides the actor with a technical advantage to exploit F5 devices and software. This poses an imminent threat to federal networks using F5 devices and software."
        https://www.cisa.gov/news-events/alerts/2025/10/15/cisa-directs-federal-agencies-mitigate-vulnerabilities-f5-devices
        https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices
        https://my.f5.com/manage/s/article/K000156572
        https://www.bleepingcomputer.com/news/security/f5-releases-big-ip-patches-for-stolen-security-vulnerabilities/
        https://therecord.media/cisa-directive-f5-nation-state-incident
        https://www.bankinfosecurity.com/cisa-f5-hack-exposes-fed-networks-to-full-compromise-a-29734
        https://cyberscoop.com/cisa-emergency-directive-f5-breach/
      • CISA Adds Five Known Exploited Vulnerabilities To Catalog
        "CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
        CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
        CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability
        CVE-2025-47827 IGEL OS Use of a Key Past its Expiration Date Vulnerability
        CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/10/14/cisa-adds-five-known-exploited-vulnerabilities-catalog
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/10/15/cisa-adds-one-known-exploited-vulnerability-catalog
      • Flaw In Slider Revolution Plugin Exposed 4m WordPress Sites
        "A security vulnerability affecting millions of WordPress websites has been uncovered in the widely used Slider Revolution plugin. The flaw, tracked as CVE-2025-9217, could allow users with contributor-level permissions or higher to read sensitive files stored on a site’s server. The Arbitrary File Read issue impacts all versions of Slider Revolution up to 6.7.36. It stems from insufficient validation in two plugin parameters, “used_svg” and “used_images,” which manage the export of image and video files."
        https://www.infosecurity-magazine.com/news/flaw-slider-revolution-plugin/
      • Dismantling a Critical Supply Chain Risk In VSCode Extension Marketplaces
        "Wiz Research identified a pattern of secret leakage by publishers of VSCode IDE Extensions. This occurred across both the VSCode and Open VSX marketplaces, the latter of which is used by AI-powered VSCode forks like Cursor and Windsurf. Critically, in over a hundred cases this included leakage of access tokens granting the ability to update the extension itself. By default, VS Code will auto-update extensions as new versions become available. A leaked VSCode Marketplace or OpenVSX PAT allows an attacker to directly distribute a malicious extension update across the entire install base. An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base."
        https://www.wiz.io/blog/supply-chain-risk-in-vscode-extension-marketplaces
        https://thehackernews.com/2025/10/over-100-vs-code-extensions-exposed.html
        https://www.theregister.com/2025/10/15/vc_code_extension_leaks/

      Malware

      • Mysterious Elephant: a Growing Threat
        "Mysterious Elephant is a highly active advanced persistent threat (APT) group that we at Kaspersky GReAT discovered in 2023. It has been consistently evolving and adapting its tactics, techniques, and procedures (TTPs) to stay under the radar. With a primary focus on targeting government entities and foreign affairs sectors in the Asia-Pacific region, the group has been using a range of sophisticated tools and techniques to infiltrate and exfiltrate sensitive information. Notably, Mysterious Elephant has been exploiting WhatsApp communications to steal sensitive data, including documents, pictures, and archive files."
        https://securelist.com/mysterious-elephant-apt-ttps-and-tools/117596/
        https://www.darkreading.com/cyberattacks-data-breaches/mysterious-elephant-recycled-malware
      • Jewelbug: Chinese APT Group Widens Reach To Russia
        "Chinese APT group Jewelbug (aka REF7707, CL-STA-0049, Earth Alux) has been highly active in recent months, targeting organizations in South America, South Asia, Taiwan and Russia. One of its intrusions was on the network of a Russian IT service provider and lasted for the first five months of 2025. Attackers had access to code repository and software build systems that they could potentially leverage to carry out supply chain attacks targeting the company’s customers in Russia. Notably too, the attackers were exfiltrating data to Yandex Cloud. Yandex is a popular service in Russia, so the attackers likely chose to use it in order to avoid raising suspicions. In other activity on a large South American government organization in July 2025, Jewelbug deployed a new backdoor that appears to be under development by the group."
        https://www.security.com/blog-post/jewelbug-apt-russia
        https://thehackernews.com/2025/10/chinese-threat-group-jewelbug-quietly.html
        https://therecord.media/rare-china-linked-intrusion-russian-tech-firms
        https://www.bankinfosecurity.com/chinese-actor-targets-russian-provider-a-29738
      • PhantomVAI Loader Delivers a Range Of Infostealers
        "Unit 42 researchers have been tracking phishing campaigns that use PhantomVAI Loader to deliver information-stealing malware through a multi-stage, evasive infection chain. Threat actors wage these campaigns to deliver obfuscated scripts and loaders that use steganography techniques to conceal payloads. The loader initially used in these campaigns was dubbed Katz Stealer Loader, for the Katz Stealer malware that it delivers. Hackers are selling this new infostealer on underground forums as malware as a service (MaaS). Recently, we observed that the loader now delivers additional infostealers, such as AsyncRAT, XWorm, FormBook and DCRat. Given this unique behavior, we now track the loader under a new name: PhantomVAI Loader. We chose the name because of the loader’s stealth and the VAI method it executes."
        https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/
      • Maverick: a New Banking Trojan Abusing WhatsApp In a Mass-Scale Distribution
        "A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will deliver a new banking Trojan named Maverick, which contains many code overlaps with Coyote. In this blog post, we detail the entire infection chain, encryption algorithm, and its targets, as well as discuss the similarities with known threats."
        https://securelist.com/maverick-banker-distributing-via-whatsapp/117715/
      • Fake LastPass, Bitwarden Breach Alerts Lead To PC Hijacks
        "An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. The messages direct recipients to download a binary that BleepingComputer has discovered installs Syncro, a remote monitoring and management (RMM) tool used by managed service providers (MSP) to streamline IT operations. The threat actors are using the Syncro MSP program to deploy the ScreenConnect remote support and access software."
        https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/
        https://blog.lastpass.com/posts/october-13-2025-phishing-campaign
      • Google Careers Impersonation Credential Phishing Scam With Endless Variation
        "Recently, we’ve been detecting variations of a scam that uses a Google Careers impersonation to phish credentials. The scam is simple. An adversary sends an “are you open to talk?” message impersonating an outreach email from Google Careers. If the target clicks the link, they’re taken to a landing page designed to look like a Google Careers meeting scheduler. From there, they’re taken to the phishing page. What makes this attack particularly interesting is that it is in active development. We have observed threat actors refining and adjusting their tactics and techniques over time, evolving to evade detection. In this post, we’ll take a look at the attack and its variants."
        https://sublime.security/blog/google-careers-impersonation-credential-phishing-scam-with-endless-variation/
        https://hackread.com/fake-google-job-offer-email-scam-workspace-microsoft-365/
      • Threat Spotlight: Unpacking a Stealthy New Phishing Kit Targeting Microsoft 365
        "Phishing-as-a-Service (PhaaS) platforms dominate the email threat landscape. The most prominent are sophisticated, well-resourced platforms offering tools, infrastructure and support in return for payment or a share of the profits. They continue to evolve, and new challengers are emerging looking for a share of the money. Barracuda’s threat analysts have been tracking one such contender since July 2025. Barracuda has named this kit Whisper 2FA due to its stealthy and persistent approach to credential theft."
        https://blog.barracuda.com/2025/10/15/threat-spotlight-stealthy-phishing-kit-microsoft-365
        https://www.infosecurity-magazine.com/news/whisper-2fa-behind-1m-phishing/
      • Qilin Ransomware And The Ghost Bulletproof Hosting Conglomerate
        "The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable threat groups extorting organizations today. Most notably, they recently claimed responsibility for the September ransomware attack that crippled operations and manufacturing functions at Japanese brewing conglomerate, Asahi Group Holdings, for nearly two weeks."
        https://www.resecurity.com/es/blog/article/qilin-ransomware-and-the-ghost-bulletproof-hosting-conglomerate
        https://securityaffairs.com/183447/security/qilin-ransomware-announced-new-victims.html
      • Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability To Deploy Rootkits
        "Trend™ Research has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks."
        https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html
      • Defrosting PolarEdge’s Backdoor
        "In early 2025, we published a blogpost reporting on a botnet we dubbed PolarEdge, first detected in January 2025, when our honeypots logged suspicious network activity. Analysis revealed an attempt to exploit CVE-2023-20118, resulting in remote code execution (RCE) that deployed a web shell on the target router. On February 10, 2025, we observed a second exploitation of the same vulnerability. The attacker used a remote command to download and execute a script, which ultimately installed an undocumented implant. Our initial analysis indicates this implant is a TLS-based backdoor. We also uncovered related payloads from the same family targeting other devices—Asus, QNAP, and Synology routers."
        https://blog.sekoia.io/polaredge-backdoor-qnap-cve-2023-20118-analysis/

      Breaches/Hacks/Leaks

      • F5 Says Hackers Stole Undisclosed BIG-IP Flaws, Source Code
        "U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform. F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products."
        https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-undisclosed-big-ip-flaws-source-code/
        https://my.f5.com/manage/s/article/K000154696
        https://thehackernews.com/2025/10/f5-breach-exposes-big-ip-source-code.html
        https://www.darkreading.com/cyberattacks-data-breaches/f5-big-ip-environment-breached-nation-state-actor
        https://cyberscoop.com/f5-breach-nation-state-actor-sec-8k-justice-department/
        https://hackread.com/f5-breach-source-code-vulnerability-data-stolen/
        https://www.securityweek.com/f5-blames-nation-state-hackers-for-theft-of-source-code-and-vulnerability-data/
        https://securityaffairs.com/183436/security/a-sophisticated-nation-state-actor-breached-f5-systems-stealing-big-ip-source-code-and-data-on-undisclosed-flaw.html
        https://www.helpnetsecurity.com/2025/10/15/f5-big-ip-data-breach/
      • Clothing Giant MANGO Discloses Data Breach Exposing Customer Info
        "Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. Founded in 1984 in Barcelona, MANGO is a clothing and fashion accessories designer and manufacturer, operating physical and e-commerce stores in 2,800 locations across 120 countries. The company employs 16,300 people and has an annual revenue of €3.3 billion, of which approximately 30% comes from online purchases."
        https://www.bleepingcomputer.com/news/security/clothing-giant-mango-discloses-data-breach-exposing-customer-info/
        https://therecord.media/mango-fashion-retaier-data-breach
      • Elasticsearch Leak Exposes 6 Billion Records From Scraping, Old And New Breaches
        "A misconfigured Elasticsearch server holding 1.12 terabytes of data was leaking more than 6 billion records to public access without any security authentication or password. The server, apparently operated from Russia or a Russian-speaking country, contained detailed records collected through data breaches, website scraping and other sources before it was taken offline. This was revealed exclusively to Hackread.com by independent cybersecurity researcher Anurag Sen, who initially spotted the exposed server. It remains unclear how long the data was exposed."
        https://hackread.com/elasticsearch-leak-6-billion-record-scraping-breaches/

      General News

      • Annual Cyber Threat Report 2024-2025
        "I am pleased to present the Annual Cyber Threat Report 2024–25. The world continues to face complex strategic circumstances. Competition and military buildup in the Indo-Pacific, and ongoing global conflicts, are challenging Australia’s security and the global rules that have endured since World War II. In this uncertain environment, Australia's relationships with friends and allies are more critical than ever. Over the past year, we have continued to see state-sponsored cyber actors targeting Australian networks to steal sensitive information."
        https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2024-2025
      • The Diagnosis Is In: Mobile Health Apps Are Bad For Your Privacy
        "Sensitive data is moving through Android healthcare apps without adequate protection. Researchers found that many transmit information without encryption, store files without safeguards, or share it through third-party components. The methodology followed three phases: data collection, security and privacy testing, and user experience analysis."
        https://www.helpnetsecurity.com/2025/10/15/mobile-healthcare-apps-security-and-privacy-problems/
        https://arxiv.org/pdf/2510.06015
      • Statistics Report Of Malware Targeting Linux SSH Servers In Q3 2025
        "AhnLab SEcurity intelligence Center (ASEC) is using a honeypot to respond to and categorize brute-force and dictionary attacks that target poorly managed Linux SSH servers. This post covers the status of the attack sources identified in logs from the third quarter of 2025 and the statistics of attacks performed by these sources. It also classifies the malware used in each attack and provides detailed statistics."
        https://asec.ahnlab.com/en/90569/
      • Europe And UK Face Relentless Ransomware Onslaught In Q3 2025, Qilin Leads The Charge
        "Europe’s ransomware problem isn’t getting better! Q3 2025 saw 288 attacks hammer organizations across the region, with Qilin claiming 65 victims and cementing its position as the most aggressive threat actor targeting the continent. But it’s SafePay’s meteoric rise to second place—and a devastating airport attack that rippled across multiple countries—that has security teams particularly worried about what’s coming next."
        https://cyble.com/blog/europe-ransomware-attacks-q3-2025/
      • PowerSchool Hacker Gets Sentenced To Four Years In Prison
        "19-year-old college student Matthew D. Lane, from Worcester, Massachusetts, was sentenced to 4 years in prison for orchestrating a cyberattack on PowerSchool in December 2024 that resulted in a massive data breach. PowerSchool is a cloud-based software solutions provider for K-12 schools and districts, with over 18,000 customers worldwide and supporting more than 60 million students. According to court documents, U.S. District Judge Margaret R. Guzman sentenced Lane to four years in prison on Tuesday and ordered him to pay $14 million in restitution and a $25,000 fine."
        https://www.bleepingcomputer.com/news/security/powerschool-hacker-gets-sentenced-to-four-years-in-prison/
        https://therecord.media/powerschool-hacker-sentenced-4-years
        https://cyberscoop.com/powerschool-hacker-matthew-lane-sentenced/
      • State Of MCP Server Security 2025: 5,200 Servers, Credential Risks, And An Open-Source Fix
        "This blog post shares the findings from the Astrix Research team’s large-scale “State of MCP Server Security 2025” research project. We analyzed over 5,200 unique, open-source Model Context Protocol (MCP) server implementations to understand how they manage credentials and what this means for the security of the growing AI agent ecosystem. The research findings were eye-opening: the vast majority of servers (88%) require credentials, but over half (53%) rely on insecure, long-lived static secrets, such as API keys and Personal Access Tokens (PATs). Meanwhile, modern and secure authentication methods, such as OAuth, are lagging in adoption at just 8.5%, confirming a major security risk across the ecosystem."
        https://astrix.security/learn/blog/state-of-mcp-server-security-2025/
        https://github.com/astrix-security/mcp-secret-wrapper
        https://www.bankinfosecurity.com/static-credentials-expose-mcp-servers-to-risk-a-29731
      • Statistics Report On Malware Targeting Windows Database Servers In Q3 2025
        "AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) to categorize and respond to attacks targeting Windows-based MS-SQL and MySQL servers. This report will cover the current state of damage to MS-SQL and MySQL servers that became attack targets based on the logs discovered in the third quarter of 2025, and also discuss statistics on the attacks launched against said servers. Furthermore, malware used in each attack will be categorized with a summary of the statistical details."
        https://asec.ahnlab.com/en/90572/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post