Cyber Threat Intelligence 18 March 2026

NCSA_THAICERT

Financial Sector

Bank Built Its Own Threat Hunting Agent Because Vendors Can’t Keep Pace With New Threats
"Australia’s Commonwealth Bank built its own agentic AI threat hunting tools, because vendors are too slow to develop tools that can cope with emerging AI-powered threats, according to General Manager of Cyber Defence Operations Andrew Pade. Speaking at analyst firm Gartner’s Security & Risk Management Summit in Sydney on Tuesday, Pade said he joined the bank six years ago when it logged 80 million daily threat signals. That figure now tops four billion, and he said AI is one reason for the growth."
https://www.theregister.com/2026/03/17/commonwealth_bank_ai_defense/

Vulnerabilities

Instant Hijack: Critical 10.0 CVSS File Browser Flaw Grants Automatic Admin Rights
"Security researchers have issued a high-priority alert for users of File Browser, a popular open-source self-hosted cloud storage solution. A critical logic flaw has been discovered in the platform’s registration system that can automatically grant full administrative powers to any new user who signs up. The vulnerability, tracked as CVE-2026-32760, has been assigned a maximum CVSS score of 10, reflecting its potential for total system takeover with zero technical effort from an attacker."
https://securityonline.info/instant-hijack-critical-10-cvss-file-browser-flaw-cve-2026-32760/
Hidden Instructions In README Files Can Make AI Agents Leak Data
"Developers rely on AI coding agents to set up projects, install dependencies, and run commands by following instructions in repository README files, which provide setup guidance for software projects. New research identifies a security risk when attackers hide malicious instructions in those documents. Tests showed that hidden instructions in README files could trigger AI agents to send sensitive data to external servers in up to 85% of cases."
https://www.helpnetsecurity.com/2026/03/17/ai-agents-readme-files-data-leak-security-risk/
https://arxiv.org/pdf/2603.11862
Open, Closed And Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open And Closed Models
"Unit 42 researchers have developed a genetic algorithm-inspired prompt fuzzing method to automatically generate variants of disallowed requests that preserved their original meaning. This method also measures guardrail fragility under systematic rephrasing. Our research uncovered guardrail weaknesses, with evasion rates ranging from low single digits to high levels in specific keyword and/or model combinations. The key difference from prior single-prompt jailbreak examples is scalability. Small failure rates become reliable when attackers can automate at volume."
https://unit42.paloaltonetworks.com/genai-llm-prompt-fuzzing/

Malware

Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares
"LayerX researchers have discovered how a simple custom font can compromise every AI system in the market. With nothing more than a custom font and simple CSS, we created a webpage where the browser renders instructions that would lead the user to execute a reverse shell, while the DOM text analyzed by AI tools contains harmless video game fanfiction. The malicious instructions exist only in the rendering layer, and every AI web assistant we tested failed to identify the threat. Fonts are a well-known attack vector for deploying malware, and our research demonstrated how they can also be leveraged for prompt injection and poisoning AI systems. As a result, every AI system – including ChatGPT, Claude, Gemini, and others – can be targeted by this attack, leading to potential data leakage and/or execution of malicious code."
https://layerxsecurity.com/blog/poisoned-typeface-a-simple-font-rendering-poisons-every-ai-assistant-and-only-microsoft-cares/
https://www.bleepingcomputer.com/news/security/new-font-rendering-trick-hides-malicious-commands-from-ai-tools/
Casting a Wider Net: ClickFix, Deno, And LeakNet’s Scaling Threat
"Ransomware operator “LeakNet” is currently averaging about three victims per month, but it’s scaling up and shifting tactics. In recent incidents we investigated, the group added a new initial access path and a new loader technique: “ClickFix” lures hosted on compromised websites and a Deno-based, in-memory loader that most security tools won’t catch. No matter how it gets in, LeakNet then follows the same post-exploitation steps: execution, lateral movement, and payload staging."
https://reliaquest.com/blog/threat-spotlight-casting-a-wider-net-clickfix-deno-and-leaknets-scaling-threat
https://www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/
https://thehackernews.com/2026/03/leaknet-ransomware-uses-clickfix-via.html
Claude Fraud - When Trusted Tools Become The Attack Surface: Weaponizing AI Developer Tooling Against The Security Community
"We’re calling it Claude Fraud. A sophisticated, multi-variant malware campaign actively targeting developers and security professionals who use AI coding tools — exploiting the trusted Claude.ai brand to deliver infostealer malware via Google Sponsored search results, fake landing pages, legitimate AI platforms, and trojanized VS Code extensions. Two confirmed attack vectors. Thousands of victims documented publicly. More in the wild. What makes Claude Fraud notable is not just the technical execution — it is the target profile and the deliberate exploitation of trust. The victims are technically sophisticated people: software engineers, security practitioners, AI-tool power users. Newer Claude Code adopters are equally at risk — curiosity about AI tools and the pressure to adopt quickly can be just as effective as technical familiarity at lowering a user's guard. The attackers engineered something that, by design, does not look suspicious to that audience."
https://blog.7ai.com/claude-fraud-malware-campaign-ai-developer-tools
https://hackread.com/clickfix-attack-devs-macsync-malware-fake-claude-tools/
Vidar Stealer 2.0 Distributed Via Fake Game Cheats On GitHub And Reddit
"The TRU team has been tracking several malware campaigns targeting video game cheaters as their primary victim group. These campaigns represent an increasingly prevalent threat vector that exploits the growing usage of cheats in competitive online gaming. The scale is especially concerning: Threat actors are systematically weaponizing the cheating ecosystem across virtually every major online game title. Our investigation revealed that the infrastructure supporting these campaigns is extensive, spanning multiple distribution platforms and leveraging legitimate services to evade detection."
https://www.acronis.com/en/tru/posts/vidar-stealer-20-distributed-via-fake-game-cheats-on-github-and-reddit/
https://hackread.com/vidar-2-0-infostealer-fake-game-cheats-github-reddit/
Weaponizing LSPosed: Remote SMS Injection And Identity Spoofing In Modern Payment Ecosystems
"LSPosed, a powerful framework for rooted Android devices, has been weaponized by attackers to remotely inject fraudulent SMS messages and spoof user identities in modern payment ecosystems. This report exposes a critical vulnerability: the exploitation of LSPosed modules to intercept and modify sensitive system APIs, enabling precise identity theft and unauthorized financial transactions. It reveals the devastating potential of this technique for large-scale payment fraud and identity takeover."
https://www.cloudsek.com/blog/weaponizing-lsposed-remote-sms-injection-and-identity-spoofing-in-modern-payment-ecosystems-2
https://www.infosecurity-magazine.com/news/android-attack-bypasses-payment/
CursorJack: Weaponizing Deeplinks To Exploit Cursor IDE
"Cursor implements deeplinks for Model Context Protocol (MCP) to provide a mechanism for installation of MCP servers in Cursor IDE. This blog describes CursorJack, a method of potentially abusing Cursor MCP deeplinks that, under certain conditions, could enable code execution or allow installation of a malicious remote MCP server. The behavior described below is specific to the test environments noted and does not imply silent or zero‑click exploitation by default. It does, however, highlight the urgent need to secure agentic AI environments."
https://www.proofpoint.com/us/blog/threat-insight/cursorjack-weaponizing-deeplinks-exploit-cursor-ide
https://www.infosecurity-magazine.com/news/cursor-jack-attack-path-ai/
Fake Pudgy World Site Steals Your Crypto Passwords
"A phishing site impersonating the newly-launched Pudgy World browser game is targeting crypto users with a technique that goes well beyond a convincing logo and matching color scheme. Pudgy World is a free-to-play browser game built around the Pudgy Penguins NFT brand. Players explore a virtual world, customize penguin avatars, and complete quests. But some features are tied to digital collectibles and in-game items stored in cryptocurrency wallets."
https://www.malwarebytes.com/blog/scams/2026/03/fake-pudgy-world-site-steals-your-crypto-passwords
RondoDox Botnet: From Zero To 174 Exploited Vulnerabilities
"According to a 2024 report from IoT Analytics, there were 16.6 billion Internet of Things (IoT) connected devices at the end of 2023, and that number is expected to grow to 41.1 billion by 2030. This means an increased attack surface for malicious actors to take advantage of, especially given that the security posture of the vendors that provide these devices varies greatly. Previous research from Bitsight TRACE has exposed security risks stemming from IoT devices, including ICS and OT systems, IoT cameras, and threats like RapperBot."
https://www.bitsight.com/blog/rondodox-botnet-infrastructure-analysis
https://www.securityweek.com/rondodox-botnet-targeted-174-vulnerabilities/
https://securityaffairs.com/189569/malware/rondodox-botnet-expands-arsenal-targeting-174-flaws-and-hits-15000-daily-exploit-attempts.html
Analysis Of The Spear-Phishing And KakaoTalk-Linked Threat Campaign By The Konni Group
"Genians Security Center conducted an in-depth analysis of a malware distribution campaign by the Konni APT group that used North Korea-themed content as a lure. The analysis confirmed that the threat actor attempted initial intrusion through a spear-phishing email disguised as a notice appointing the recipient as a North Korean human rights lecturer, and then induced execution of a malicious LNK file to install remote access malware, leading to the initial compromise."
https://www.genians.co.kr/en/blog/threat_intelligence/kakaotalk
https://thehackernews.com/2026/03/konni-deploys-endrat-through-spear.html
Operation CamelClone: Multi-Region Espionage Campaign Targets Government And Defense Entities Amidst Regional Tensions
"Seqrite Labs APT Team has been monitoring threats across the globe and recently identified a campaign targeting multiple countries. Also looking across the Middle East, taking into account of the current geopolitical tensions. What makes this campaign interesting is the targeting of different regions within a similar timeframe while using the same infection techniques throughout the campaign. In this blog, we will analyze the infection chain used in this campaign, which starts with a malicious archive and eventually leads to the deployment of a legitimate tool that is abused by the threat actor. We will also look at the infrastructure used in the campaign, where the attackers leverage public anonymous file-sharing websites to host and distribute their payloads."
https://www.seqrite.com/blog/operation-camelclone-multi-region-espionage-campaign-targets-government-and-defense-entities-amidst-regional-tensions/

Breaches/Hacks/Leaks

Medusa Ransomware Gang Claims Attacks On Prominent Mississippi Hospital, New Jersey County
"A prominent ransomware gang has taken credit for a devastating attack on the biggest hospital in Mississippi and a large county in New Jersey. The Medusa ransomware operation, which experts believe is run out of Russia, said recently it was behind the cyberattack on the University of Mississippi Medical Center (UMMC). UMMC is one of the most important healthcare organizations in the state — employing 10,000 people and housing Mississippi’s only children's hospital, only Level I trauma center, only Level IV neonatal intensive care unit and the state’s only organ transplant programs."
https://therecord.media/medusa-ransomware-mississippi-cyber

General News

Cyber-Attacks Against The EU And Its Member States: Council Sanctions Three Entities And Two Individuals
"The Council adopted today restrictive measures against three entities and two individuals responsible for cyber-attacks carried out against EU member states and EU partners. The Council has listed Integrity Technology Group, a China-based company, that has routinely provided products used to compromise and access devices in EU members states, across Europe and worldwide. Between 2022 and 2023, through their technical and material support, more than 65,000 devices were hacked across six member states."
https://www.consilium.europa.eu/en/press/press-releases/2026/03/16/cyber-attacks-against-the-eu-and-its-member-states-council-sanctions-three-entities-and-two-individuals/
https://www.bleepingcomputer.com/news/security/europe-sanctions-chinese-and-iranian-firms-for-cyberattacks/
https://www.bankinfosecurity.com/eu-belatedly-sanctions-chinese-iranian-hackers-a-31058
https://securityaffairs.com/189585/security/eu-sanctions-chinese-and-iranian-actors-over-cyberattacks-on-critical-infrastructure.html
https://www.theregister.com/2026/03/17/eu_iran_cyber_sanctions/
https://www.helpnetsecurity.com/2026/03/17/eu-sanctions-china-iran-cyberattacks/
Middle East Cyber Warfare Intensifies: Rising Attacks, Hacktivist Surge, And Global Risk Exposure
"The ongoing Middle East war has evolved into a cyber battlefield, with state-sponsored operations targeting critical infrastructure and essential services. Analysts warn that the region is witnessing an unprecedented escalation in Middle East cyber warfare, with attacks affecting governments, energy networks, finance, communications, and industrial systems. These operations, often executed through proxy groups, aim to destabilize societies, disrupt supply chains, and exert geopolitical pressure. Despite early disruptions to Iranian command centers, Iran and its affiliated groups retain substantial cyber capabilities. Incidents already linked to these campaigns include fuel distribution delays in Jordan and interference with navigation systems, impacting over 1,100 ships near the Strait of Hormuz, posing risks to global oil and gas trade."
https://cyble.com/blog/middle-east-cyber-warfare-2026-hybrid-conflict/
2025 Identity Threat Landscape Report
"Credential compromise from malware logs was not a static risk in 2025 — it compounded. Recorded Future observed a consistent upward trend throughout the year, with the second half producing 50% more indexed credentials than the first. The final three months of the year were particularly active: They saw 90% more volume than the first three months, reflecting both the continued proliferation of infostealer malware-as-a-service (MaaS) and the disruption and reformation of major malware families mid-year (covered in detail in the malware section below)."
https://www.recordedfuture.com/blog/identity-trend-report-march-blog
https://www.darkreading.com/identity-access-management-security/more-attackers-logging-in-not-breaking-in
Ransomware Under Pressure: Tactics, Techniques, And Procedures In a Shifting Threat Landscape
"Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ransomware has become one of the most pervasive threats to organizations across almost every industry vertical and region. In recent years ransomware operations have evolved, creating a robust ecosystem that has lowered the barrier to entry via the commoditization and specialization of the supporting underground communities, which is exemplified by the proliferation of the ransomware-as-a-service (RaaS) business model. While ransomware remains a dominant threat due to the volume of activity and the potential for serious operational disruptions, we have observed multiple indicators that suggest the overall profitability of ransomware operations is in decline."
https://cloud.google.com/blog/topics/threat-intelligence/ransomware-ttps-shifting-threat-landscape/
https://www.darkreading.com/threat-intelligence/less-lucrative-ransomware-market-makes-attackers-alter-methods
GitGuardian Reports An 81% Surge Of AI-Service Leaks As 29M Secrets Hit Public GitHub
"In 2025, Developer Commits Using Claude Code Show 3.2% Secret Leak Rate vs. 1.5% Baseline. The Human Factor Remains Critical. GitGuardian, the security leader behind GitHub’s most installed application, today released the 5th edition of its “State of Secrets Sprawl” report, documenting how mainstream AI adoption in 2025 reshaped software delivery and accelerated the exposure of non-human identities (NHIs) and their secrets across public and internal systems. While the software ecosystem is growing quickly, leaked secrets are growing faster, and remediation is not keeping up."
https://hackread.com/gitguardian-reports-an-81-surge-of-ai-service-leaks-as-29m-secrets-hit-public-github/
https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
Surge In Nation State Attacks On UK Firms Amid Cyber Warfare Fears
"Over half (54%) of UK companies were hit by nation state attacks last year as IT leaders grew increasingly fearful of AI-powered threats, according to a new report from Armis. The security vendor’s 2026 Armis Cyberwarfare Report was based on interviews with 1900 global IT decision-makers (ITDMs), including 500 from the UK, alongside proprietary data from Armis Labs. It revealed an increase in the number of UK ITDMs reporting state-sponsored attacks, up from 47% in last year’s report."
https://www.infosecurity-magazine.com/news/nation-state-attacks-uk-firms/
https://www.armis.com/cyberwarfare-2025/
90% Of People Don’t Trust AI With Their Data
"AI didn’t sneak into our lives. It burst through the door, took a seat at the table, and started finishing our sentences. Instead of a helpful list of links, Google now tries to answer your question. Microsoft’s Copilot drafts replies to your boss before you’ve had coffee. Your phone summarizes conversations you don’t even remember having. Every major tech company is racing to add AI to its products because no one wants to be left behind. And the public is often forced to accommodate such corporate whims because of the increasing effects of “enshittification,” as explained by Cory Doctorow on the Lock and Code podcast."
https://www.malwarebytes.com/blog/privacy/2026/03/90-of-people-dont-trust-ai-with-their-data
AI, APIs And DDoS Collide In New Era Of Coordinated Cyberattacks
"New research from internet infrastructure giant Akamai shows that layer 7 (application layer) DDoS attacks have increased in volume while Layer 3 (network layer) and layer 4 (transport layer) attacks have increased in scale. These, together with increasing API and web application attacks have converged into a new operating model for attackers. The latest State of the Internet Report from Akamai finds three major developments over the last year: DDoS attacks continue but evolve; API attacks increase, driven largely (but not solely) by growth in corporate use of agentic AI; and criminal use of AI as a force multiplier makes attacks cheaper, more sophisticated, stealthier and more difficult to attribute."
https://www.securityweek.com/ai-apis-and-ddos-collide-in-new-era-of-coordinated-cyberattacks/
https://www.akamai.com/lp/soti/app-api-ddos-security-report-2026
https://www.akamai.com/content/dam/site/en/documents/state-of-the-internet/2026/app-api-ddos-security-report-2026-pdf-preview.pdf
https://www.infosecurity-magazine.com/news/average-number-daily-api-attacks/
Operationalizing Raw Threat Data
"Barracuda’s AI-powered XDR platform, managed by Barracuda SOC staff, ingests large amounts of real-time, global threat data. And it turns that data into actionable, operational insights that lead to rapid, highly effective response to cyber incidents. We spoke to Eric Russo, Barracuda’s Director of SOC Defensive Security, to learn more about how that process of operationalizing threat data takes place, and why it’s central to how Barracuda Managed XDR reduces cyber risk while also reducing IT overhead through automation."
https://blog.barracuda.com/2026/03/17/operationalizing-raw-threat-data
Switzerland Built a Secure Alternative To BGP. The Rest Of The World Hasn't Noticed Yet
"BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work – to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale. For four decades, it has done exactly that. It has also, throughout those four decades, been exploited, misconfigured, and abused in ways that were predictable from the start. Route hijacks reroute traffic through hostile networks. Route leaks knock services offline. Nation-state cyber crews weaponize BGP to intercept communications at scale. These are not theoretical threats. They are documented, recurring events, and they remain possible today for one simple reason: BGP has no native way to verify that a network claiming to own a block of addresses actually does."
https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/

อ้างอิง
Electronic Transactions Development Agency (ETDA)