NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 06 March 2026

    Cyber Security News
    1
    1
    72
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Vulnerabilities

      • Cisco Flags More SD-WAN Flaws As Actively Exploited In Attacks
        "Cisco has flagged two Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices. Catalyst SD-WAN Manager (formerly vManage) is network management software that enables admins to monitor and manage up to 6,000 Catalyst SD-WAN devices from a single centralized dashboard. "In March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only," the company warned in an update to a February 25 advisory."
        https://www.bleepingcomputer.com/news/security/cisco-flags-more-sd-wan-flaws-as-actively-exploited-in-attacks/
        https://www.securityweek.com/cisco-warns-of-more-catalyst-sd-wan-flaws-exploited-in-the-wild/
        https://www.helpnetsecurity.com/2026/03/05/cisco-cve-2026-20128-cve-2026-20122-exploited/
      • User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation Via Membership Registration
        "The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration."
        https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/user-registration/user-registration-membership-512-unauthenticated-privilege-escalation-via-membership-registration
        https://www.bleepingcomputer.com/news/security/wordpress-membership-plugin-bug-exploited-to-create-admin-accounts/
      • ContextCrush Flaw Exposes AI Development Tools To Attacks
        "A critical vulnerability affecting the Context7 MCP Server, a widely used tool for delivering documentation to AI coding assistants, has been disclosed by security researchers. The issue, dubbed ContextCrush, could allow attackers to inject malicious instructions into AI development tools through a trusted documentation channel. The flaw was discovered by Noma Labs researchers in the Context7 platform operated by Upstash. Context7 is used by developers to provide AI assistants such as Cursor, Claude Code and Windsurf with up-to-date library documentation directly inside integrated development environments."
        https://www.infosecurity-magazine.com/news/contextcrush-ai-development-tools/
      • CISA Adds Five Known Exploited Vulnerabilities To Catalog
        "CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
        CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
        CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
        CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
        CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/03/05/cisa-adds-five-known-exploited-vulnerabilities-catalog

      Malware

      • UAT-9244 Targets South American Telecommunication Providers With Three New Malware Implants
        "AT-9244 used dynamic-link library (DLL) side-loading to activate multiple stages of their infection chain. The actor executed “wsprint[.]exe”, a benign executable that loaded the malicious DLL-based loader “BugSplatRc64[.]dll”. The DLL reads a data file named “WSPrint[.]dll” from disk, decrypts its contents, and executes them in memory to activate TernDoor, the final payload. TernDoor is a variant of CrowDoor, a backdoor deployed in recent intrusions linked to China-nexus APTs such as FamousSparrow and Earth Estries. CrowDoor is a variant of SparrowDoor, another backdoor attributed to FamousSparrow. CrowDoor has also been observed in previous Tropic Trooper intrusions, indicating a close operational relationship with FamousSparrow."
        https://blog.talosintelligence.com/uat-9244/
        https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-telcos-with-new-malware-toolkit/

      • ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered Via Bincrypter-Based Loader
        "In early February 2026, Cyble Research & Intelligence Labs (CRIL) identified a new Linux malware strain delivered through a loader structure previously associated with ShadowHS activity. While ShadowHS samples deployed post-exploitation tooling, the newly observed payload is operationally different. We have named it ClipXDaemon, an autonomous cryptocurrency clipboard hijacker targeting Linux X11 environments."
        https://cyble.com/blog/clipxdaemon-autonomous-x11-clipboard-hijacker/

      • New BoryptGrab Stealer Targets Windows Users Via Deceptive GitHub Pages
        "We recently found the existence of a new stealer binary that collects browser and cryptocurrency wallet data, system information, and common files, among others. We designated this new stealer BoryptGrab. Certain variants of the stealer can download a PyInstaller backdoor, which we refer to as TunnesshClient. TunnesshClient establishes a reverse Secure Shell (SSH) tunnel to enable comunication with the attacker."
        https://www.trendmicro.com/en_us/research/26/c/boryptgrab-stealer-targets-users-via-deceptive-github-pages.html

      • Bing AI Promoted Fake OpenClaw GitHub Repo Pushing Info-Stealing Malware
        "Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing’s AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware. OpenClaw is an open-source AI agent that gained popularity as a personal assistant capable of executing tasks. It has access to local files and can integrate with email, messaging apps, and online services. Due to its widespread local access, threat actors saw an opportunity to collect sensitive information by publishing malicious skills (instruction files) on the tool's official registry and GitHub."
        https://www.bleepingcomputer.com/news/security/bing-ai-promoted-fake-openclaw-github-repo-pushing-info-stealing-malware/

      • Wikipedia Hit By Self-Propagating JavaScript Worm That Vandalized Pages
        "The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. Editors first reported the incident on Wikipedia's Village Pump (technical), where users noticed a large number of automated edits adding hidden scripts and vandalism to random pages. Wikimedia engineers temporarily restricted editing across projects while they investigated the attack and began reverting changes."
        https://www.bleepingcomputer.com/news/security/wikipedia-hit-by-self-propagating-javascript-worm-that-vandalized-pages/

      • APT36: A Nightmare Of Vibeware
        "Pakistan-based threat actor APT36, also known as Transparent Tribe, has pivoted from off-the-shelf malware to "vibeware", an AI-driven development model that produces a high-volume, mediocre mass of implants. Using niche languages like Nim, Zig, and Crystal, the actor seeks to evade standard detection engines while leveraging trusted cloud services, including Slack, Discord, Supabase, and Google Sheets, for command and control."
        https://businessinsights.bitdefender.com/apt36-nightmare-vibeware
        https://www.darkreading.com/cyberattacks-data-breaches/nation-state-actor-ai-malware-assembly-line
        https://www.bankinfosecurity.com/nation-state-hackers-play-vibes-a-30920
        https://hackread.com/pakistan-apt36-indian-govt-networks-ai-vibeware/

      • Seedworm: Iranian APT On Networks Of U.S. Bank, Airport, Software Company
        "The Iranian APT group Seedworm (aka MuddyWater, Temp Zagros, Static Kitten) has been active on the networks of multiple U.S. companies since the beginning of February 2026, with activity continuing in recent days following U.S. and Israeli military strikes on Iran that have sparked conflict in the region. A U.S. bank, software company and airport, and non-governmental organizations in both the U.S. and Canada, have experienced suspicious activity on their networks in recent days and weeks. The software company is a supplier to the defense and aerospace industries among others, and has a presence in Israel, with the company’s Israel operation seeming to be the target in this activity."
        https://www.security.com/threat-intelligence/iran-cyber-threat-activity-us
        https://www.theregister.com/2026/03/05/mudywater_backdoor_us_networks/

      • FBI Targeted With ‘suspicious’ Activity On Its Networks
        "The FBI found evidence that its networks had been targeted in a suspected cybersecurity incident, the bureau confirmed on Thursday, without sharing any further details. “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the agency said in a statement. “We have nothing additional to provide.”"
        https://cyberscoop.com/fbi-targeted-with-suspicious-activity-on-its-networks/

      • LIMINAL PANDA: China’s Emerging Espionage Threat In The Semiconductor And Technology Sectors
        "LIMINAL PANDA, a suspected China-nexus cyber-espionage actor, has recently emerged as an active player in the global threat landscape. The group began operating around 2020 and has focused its intelligence collection on a range of high-value targets in East Asia, Southeast Asia, and Western nations engaged in research and development of advanced technologies, including semiconductors, defense technologies, and telecommunications. While not a well-known actor (yet) like APT41 or Mustang Panda, LIMINAL PANDA shows an accelerating trajectory of evolution in capabilities, experimenting with the convergence of more traditional phishing criminal enterprises with sophisticated cloud exploitation and supply chain compromise."
        https://brandefense.io/blog/liminal-panda-apt-group/

      • Breaches/Hacks/Leaks

      • New Jersey County Says Malware Attack Took Down Phone Lines, IT Systems
        "One of the largest counties in New Jersey is dealing with a cyberattack that disrupted the phone lines and IT systems used across government offices. Passaic County, home to nearly 600,000 people in Northern New Jersey, published a statement on Wednesday evening warning residents that it is aware of a “malware attack” affecting county IT systems and phone lines. “Our team is actively working with federal and state officials to investigate and contain the issue,” the county said."
        https://therecord.media/new-jersey-county-says-malware-attack-took-down-phones

      General News

      • Phobos Ransomware Admin Pleads Guilty To Wire Fraud Conspiracy
        "A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. Phobos is a long-running ransomware-as-a-service (RaaS) operation linked to the Crysis ransomware family. Phobos has been widely distributed through many affiliates, accounting for roughly 11% of all submissions to the ID Ransomware service between May 2024 and November 2024. The U.S. Department of Justice says the ransomware gang has collected ransom payments worth more than $39 million million from over 1,000 public and private entities worldwide."
        https://www.bleepingcomputer.com/news/security/phobos-ransomware-admin-pleads-guilty-to-wire-fraud-conspiracy/
        https://therecord.media/phobos-ransomware-leader-facing-20-years
        https://www.securityweek.com/russian-ransomware-operator-pleads-guilty-in-us/
        https://cyberscoop.com/phobos-ransomware-leader-guilty/
        https://securityaffairs.com/188984/security/phobos-ransomware-admin-faces-up-to-20-years-after-guilty-plea.html
      • LatAm Now Faces 2x More Cyberattacks Than US
        "Nowhere in the world has cyber threat activity been growing faster than in Latin America, thanks in part to relatively rapid digital adoption on the part of businesses in the region, combined with relatively stagnant cybersecurity growth. Last year, researchers at Check Point tracked a 53% year-over-year rise in weekly cyberattacks in Latin America, and as of 2026, they confirmed it to be the most heavily targeted region on the planet."
        https://www.darkreading.com/threat-intelligence/latam-2x-more-cyberattacks-us
      • That Attractive Online Ad Might Be a Malware Trap
        "Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside marketing traffic. The financial impact of these threats continues to grow. Estimated consumer and business losses in the United States tied to malware, scams, and ad-borne fraud exceeded $12.5 billion in 2025. Exposure also remains widespread among internet users. Seven in ten adults reported encountering a digital scam or phishing attempt during the previous 12 months."
        https://www.helpnetsecurity.com/2026/03/05/the-media-trust-ad-malware-risks-report/
      • As AI Agents Start Making Purchases, Security Teams Must Rethink Risk
        "In this Help Net Security interview, Donald Kossmann, CTO at fintech company Chargebacks911, talks about the emerging security, fraud, and governance risks of “agentic commerce,” where AI agents can autonomously make purchasing decisions on behalf of users or organizations. He explains that as AI agents gain the ability to shop, negotiate prices, select suppliers, and execute transactions independently, traditional assumptions about digital commerce begin to break down."
        https://www.helpnetsecurity.com/2026/03/05/donald-kossmann-chargebacks911-agentic-commerce-security-risks/
      • Look What You Made Us Patch: 2025 Zero-Days In Review
        "Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of zero-days is lower than the record high observed in 2023 (100), it is higher than 2024’s count (78) and remained within the 60–100 range established over the previous four years, indicating a trend toward stabilization at these levels."
        https://cloud.google.com/blog/topics/threat-intelligence/2025-zero-day-review
        https://www.bleepingcomputer.com/news/security/google-says-90-zero-days-were-exploited-in-attacks-last-year/
        https://therecord.media/google-says-90-zero-days-exploited-apt-spyware-vendors
        https://www.securityweek.com/google-half-of-2025s-90-exploited-zero-days-aimed-at-enterprises/
        https://www.theregister.com/2026/03/05/zero_day_attacks_enterprise_tech_record/
      • 2026 Browser Data Reveals Major Enterprise Security Blind Spots
        "The 2026 State of Browser Security Report is now available, revealing how the browser has rapidly become the most critical and least protected control point in the enterprise. It also highlights 2025 as the tipping point when AI-native browsers shifted from experimental tools to mainstream business platforms. Over the past twelve months, the browser evolved from a gateway to SaaS into something far more powerful and far more complex. AI copilots became embedded directly into business applications. Standalone generative AI tools became daily work companions. And a new class of AI-enhanced browsers began reshaping how users search, summarize, write, code, and automate tasks."
        https://www.bleepingcomputer.com/news/security/2026-browser-data-reveals-major-enterprise-security-blind-spots/
      • 62 People Indicted By Taiwanese Prosecutors Over Ties To Cyber Scam Company Prince Group
        "Prosecutors in Taipei indicted 62 people and 13 companies for their involvement in cyber scam operations organized throughout Asia by the Prince Group. The Taipei District Prosecutors Office initiated its investigation in October after Chen Zhi, the founder of the Prince Group, was indicted by U.S. prosecutors on money laundering charges."
        https://therecord.media/62-indicted-taiwan-prince-group-scams
      • AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns
        "The risk of insider threats is on the rise and businesses are concerned about the cybersecurity implications of intentionally malicious or negligent employees, research by Mimecast has warned. According to the company’s State of Human Risk Report 2026, internal cybersecurity risk has grown across the board, to the extent that it should be treated as a “critical business threat.” In many cases, the additional insider risk is because of employees mishandling or actively abusing AI tools"
        https://www.infosecurity-magazine.com/news/ai-insider-risk-critical-business/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 7e9f3751-2cc2-4253-ad15-f3fd6806c953-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post