NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 19 March 2026

    Cyber Security News
    1
    1
    72
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • CODESYS In Festo Automation Suite
        "The following versions of CODESYS in Festo Automation Suite are affected:"
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01
      • Schneider Electric SCADAPack And RemoteConnect
        "Schneider Electric is aware of a vulnerability in its SCADAPack™ x70 RTU products. The SCADAPack™ 47xi, SCADAPack™ 47x and SCADAPack™ 57x product are Remote Terminal Units that provide communication capabilities for remote monitoring and control. Failure to apply the remediations provided below may risk unauthorized access to your RTU, which could result in the possibility of denial of service and loss of confidentiality, integrity of the controller."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-02
      • Schneider Electric EcoStruxure Data Center Expert
        "Schneider Electric is aware of a hard-coded credentials vulnerability in its EcoStruxure IT Data Center Expert (DCE) product that requires administrator credentials and enabling a feature (SOCKS Proxy) that is off by default. The EcoStruxure IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure, and remote compromise of the offer which could result in disruption of operations and access to system data."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-03
      • Siemens SICAM SIAPP SDK
        "The SICAM SIAPP SDK contains multiple vulnerabilities that could allow an attacker to disrupt the customer-developed SIAPP or its simulation environment. Potential impacts include denial of service within the SIAPP, corruption of SIAPP data, or exploit the simulation environment. These vulnerabilities are only exploitable if the API is used improperly or hardening measures are not applied. Siemens has released a new version for SICAM SIAPP SDK and recommends to update to the latest version."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-04

      Vulnerabilities

      • Vulnerability Advisory: Pre-Auth Remote Code Execution Via Buffer Overflow In Telnetd LINEMODE SLC Handler
        "Dream Security uncovered a new buffer overflow vulnerability (CVE-2026-32746) in the GNU Inetutils telnetd daemon, specifically in the code that handles LINEMODE SLC (Set Local Characters) option negotiation. An unauthenticated remote attacker can exploit this by sending a specially crafted message during the initial connection handshake — before any login prompt appears. Successful exploitation can result in remote code execution as root. An initial report was sent to the GNU Inetutils security team following the discovery. Given the trivial exploitation requirements and the complete system compromise this enables, service disablement is required, until a fix will be released."
        https://dreamgroup.com/vulnerability-advisory-pre-auth-remote-code-execution-via-buffer-overflow-in-telnetd-linemode-slc-handler/
        https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
        https://securityaffairs.com/189620/hacking/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions.html
      • Your KVM Is The Weak Link: How $30 Devices Can Own Your Entire Network
        "Compromising a KVM device gives an attacker the equivalent of physical access to every machine connected to it. Not “kind of like” physical access. Actual keyboard, video, and mouse control, at the BIOS level, below the operating system, below EDR, below every security control you have deployed. An attacker may also use the USB drive and CD image emulation feature to boot the system from removable media, thereby proving the ability to access the OS file systems directly and/or install a new OS. This is an attack surface that security teams consistently overlook."
        https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/
        https://thehackernews.com/2026/03/9-critical-ip-kvm-flaws-enable.html
      • ConnectWise Patches New Flaw Allowing ScreenConnect Hijacking
        "ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. The flaw affects ScreenConnect versions before 26.1. It is tracked as CVE-2026-3564 and received a critical severity score. ScreenConnect is a remote access platform typically used by managed service providers (MSPs), IT departments, and support teams. It can be either cloud-hosted by ConnectWise or on-premise on the customer's server."
        https://www.bleepingcomputer.com/news/security/connectwise-patches-new-flaw-allowing-screenconnect-hijacking/
        https://nvd.nist.gov/vuln/detail/CVE-2026-3564
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/
        https://securityaffairs.com/189628/security/u-s-cisa-adds-microsoft-sharepoint-and-zimbra-flaws-to-its-known-exploited-vulnerabilities-catalog.html
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-20963 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-adds-one-known-exploited-vulnerability-catalog-0
      • Apple Pushes First Background Security Improvements Update To Fix WebKit Flaw
        "Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. The CVE-2026-20643 flaw allows malicious web content to bypass the browser's Same Origin Policy. Apple says the flaw is a cross-origin issue in the Navigation API that was addressed with improved input validation. The vulnerability was discovered by security researcher Thomas Espach, with the new update available on iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2."
        https://www.bleepingcomputer.com/news/security/apple-pushes-first-background-security-improvements-update-to-fix-webkit-flaw/
        https://thehackernews.com/2026/03/apple-fixes-webkit-vulnerability.html
        https://www.securityweek.com/apple-debuts-background-security-improvements-with-fresh-webkit-patches/
        https://www.helpnetsecurity.com/2026/03/18/apple-background-security-improvements-updates/
        https://www.malwarebytes.com/blog/news/2026/03/apple-patches-webkit-bug-that-could-let-sites-access-your-data
      • Claudy Day: Chaining Prompt Injection And Data Exfiltration In Claude.ai
        "Claude.ai is one of the most widely used AI assistants worldwide. Millions of people trust it with sensitive conversations, business strategy, health concerns, financial planning, personal relationships, and increasingly connect it to enterprise tools, files, and APIs through integrations and MCP servers. That trust comes with a critical assumption: that the instructions Claude receives are the ones the user intended to give. Oasis Security researchers discovered that for a significant period, this assumption could be broken, and worked with Anthropic to close the gap."
        https://www.oasis.security/blog/claude-ai-prompt-injection-data-exfiltration-vulnerability
        https://www.darkreading.com/vulnerabilities-threats/claudy-day-trio-flaws-claude-users-data-theft
        https://www.bankinfosecurity.com/claudy-day-forecast-chat-data-theft-a-31059
        https://hackread.com/claudy-day-flaws-data-theft-fake-claude-ai-ads/
      • CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation To Root
        "The Qualys Threat Research Unit has identified a Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles. While the exploit requires a specific time-based window (10–30 days), the resulting impact is a complete compromise of the host system."
        https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
        https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
        https://www.infosecurity-magazine.com/news/ubuntu-flaw-enables-root-access/
        https://securityaffairs.com/189614/security/cve-2026-3888-ubuntu-desktop-24-04-vulnerable-to-root-exploit.html
      • Cheshire Cat Security: WhatsApp View Once Is Completely Broken — And WhatsApp Won’t Fix It
        "As part of our ongoing research into Meta’s WhatsApp security, we found and responsibly disclosed a new View Once privacy issue that allows attackers to easily remove its protection. To our surprise, unlike with our previous reports on similar issues about View Once security, WhatsApp replied that they will not fix this issue, leaving users exposed to such attacks. WhatsApp’s reply, and its inconsistencies with how they addressed these issues previously, proves they do not have a clear security model for this privacy feature — which is strategically more severe than our specific finding."
        https://medium.com/@TalBeerySec/cheshire-cat-security-whatsapp-view-once-is-completely-broken-and-whatsapp-wont-fix-it-e0bbeef15872
        https://www.securityweek.com/researcher-discovers-4th-whatsapp-view-once-bypass-meta-wont-patch/

      Malware

      • Amazon Threat Intelligence Teams Identify Interlock Ransomware Campaign Targeting Enterprise Firewalls
        "Amazon threat intelligence has identified an active Interlock ransomware campaign exploiting CVE-2026-20131, a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device, which was disclosed by Cisco on March 4, 2026. After Cisco’s disclosure, Amazon threat intelligence began research into this vulnerability using Amazon MadPot’s global sensor network—a system of honeypot servers that attract and monitor cybercriminal activity. While looking for any current or past exploits of this vulnerability, our research found that Interlock was exploiting this vulnerability 36 days before its public disclosure, beginning January 26, 2026. This wasn’t just another vulnerability exploit, Interlock had a zero-day in their hands, giving them a week’s head start to compromise organizations before defenders even knew to look. Upon making this discovery, we shared our findings with Cisco to help support their investigation and protect customers."
        https://aws.amazon.com/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/
        https://thehackernews.com/2026/03/interlock-ransomware-exploits-cisco-fmc.html
        https://www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/
        https://www.bankinfosecurity.com/interlock-ransomware-exploited-cisco-firewall-flaw-for-weeks-a-31073
        https://cyberscoop.com/cisco-firewall-sd-wan-vulnerabilities-exploited/
        https://www.theregister.com/2026/03/18/amazon_cisco_firewall_0_day_ransomware/
      • Attackers Wielding DarkSword Threaten iOS Users
        "Mobile devices now sit at the convergence of access, identity, and sensitive corporate data—effectively relocating the enterprise perimeter into every employee’s pocket. Recently observed threats demonstrate that the mobile attack surface has fundamentally expanded, moving beyond app-based malware to include sophisticated, hit-and-run campaigns that can disrupt operations and trigger material financial damage faster than traditional attack vectors. In a tangible example of how attacks are evolving, Lookout Threat Labs has discovered DarkSword, a full iOS exploit chain and payload for iPhones running iOS versions between iOS 18.4 and 18.6.2."
        https://www.lookout.com/threat-intelligence/article/darksword
        https://www.bleepingcomputer.com/news/security/new-darksword-ios-exploit-used-in-infostealer-attack-on-iphones/
        https://www.darkreading.com/threat-intelligence/darksword-iphone-exploit-spies-thieves
        https://therecord.media/russia-linked-hackers-use-iphone-exploit-ukraine
        https://cyberscoop.com/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools/
        https://www.securityweek.com/darksword-ios-exploit-kit-used-by-state-sponsored-hackers-spyware-vendors/
        https://www.theregister.com/2026/03/18/darksword_exploit_kit_steals_iphone/
      • Transparent COM Instrumentation For Malware Analysis
        "COM automation is a core Windows technology that allows code to access external functionality through well-defined interfaces. It is similar to traditionally loading a DLL, but is class-based rather than function-based. Many advanced Windows capabilities are exposed through COM, such as Windows Management Instrumentation (WMI). Scripting and late-bound COM calls operate through the IDispatch interface. This creates a key analysis point that many types of malware leverage when interacting with Windows components.This analysis point is quite complex and hard to safely instrumentate at scale. In this article, Cisco Talos presents DispatchLogger, a new open-source tool that closes this gap by delivering high visibility into late-bound IDispatch COM object interactions via transparent proxy interception."
        https://blog.talosintelligence.com/transparent-com-instrumentation-for-malware-analysis/
      • Technical Analysis Of SnappyClient
        "In December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including its core features, configuration, network communication protocol, commands, and post-infection activities."
        https://www.zscaler.com/blogs/security-research/technical-analysis-snappyclient
        https://www.darkreading.com/cyberattacks-data-breaches/new-c2-implant-snappyclient-targets-crypto-wallets
      • SideWinder Espionage Campaign Expands Across Southeast Asia
        "Recent cyber-espionage activity attributed to the SideWinder threat group suggests that the India-linked operation has expanded across Southeast Asia, including Indonesia and Thailand, while continuing to rely on phishing, credential theft, and infrastructure churn to avoid detection. The group often uses a government-audit themed phishing attack to convince employees to open a link, and has consistently reused certain techniques — such as staged execution and frequent domain changes — allowing SideWinder to shift geographic targets without altering its core malware toolkit, researchers with cybersecurity services firm ITSEC Group stated in a report released this week. The group, which the researchers also referred to as RagaSerpent, started targeting Thailand in late 2025 and Indonesia earlier this year, the report stated."
        https://www.darkreading.com/threat-intelligence/sidewinder-espionage-campaign-expands-across-southeast-asia
        https://itsec.asia/storage/file/cGUOOhIvql4c13rWYNeZV8aGl8UPDsEBtcHmv5tC.pdf
      • Reverse Engineering .NET AOT Malware: A Guide To Trace The Multi-Stage Attack Chain With Binary Ninja
        "This blog serves both as an examination of newly identified malware and as a practical guide for researchers beginning their journey into malware analysis. Throughout the guide, we use Binary Ninja to reverse engineer the samples. Howler Cell’s mission is not only to publish research that equips defenders with actionable threat intelligence, but also to empower and educate others to perform their own analysis. We hope this guide proves valuable to aspiring threat researchers."
        https://www.cyderes.com/howler-cell/reverse-engineering-net-aot-malware
        https://hackread.com/net-aot-malware-code-black-box-evade-detection/
      • Disrupting ShieldGuard: a Security Extension Primed To Drain Crypto Wallets
        "Okta Threat Intelligence has discovered and helped industry partners to take down the infrastructure of a cryptocurrency scam called “ShieldGuard”. ShieldGuard claims to be a blockchain project that offers - through its promotion of a browser extension - a capability that blocks known threats to cryptocurrency wallets, such as phishing or malicious smart contracts. The project was promoted using a multi-level marketing campaign in which users would be rewarded for early use of the extension (via a cryptocurrency “airdrop”) and for promoting the capability to other users."
        https://www.okta.com/blog/threat-intelligence/disrupting-shieldguard--a-security-extension-primed-to-drain-cry/
        https://www.infosecurity-magazine.com/news/crypto-scam-shieldguard-dismantled/
      • Inside a Network Of 20,000+ Fake Shops
        "We mapped a sprawling fake shop operation of over 20,000 domains, dozens of shared IP addresses and identical storefronts with different names pasted on top. They exist for one purpose: to steal your payment details and personal data. The thread that ties them all together is a browser tab title most people would never think twice about: “Unrivaled selection only for you.”"
        https://www.malwarebytes.com/blog/scams/2026/03/inside-a-network-of-20000-fake-shops
      • AI Wrote This Malware: Dissecting The Insides Of a Vibe-Coded Malware Campaign
        "The term ‘Vibe coding,’ first coined back in February of 2025 by OpenAI researchers, has exploded across digital platforms. With hundreds of articles and YouTube Videos discussing the dangers of Vibe coding and warning the internet about the rise of “Vibe Coders”, while others labelled it as the fundamental shift in software development and the future of coding. Vibe Coding is an approach where the AI does heavy lifting, rather than the user. Instead of manually writing code or implementing algorithms, users describe their intent through text-based prompt, and the LLMs respond with fully functional code and explanation. Unsurprisingly, the internet is now flooded with guides on the best LLMs and prompts to generate “perfect” code."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ai-written-malware-vibe-coded-campaign/
      • The SOC Files: Time To “Sapecar”. Unpacking a New Horabot Campaign In Mexico
        "In this installment of our SOC Files series, we will walk you through a targeted campaign that our MDR team identified and hunted down a few months ago. It involves a threat known as Horabot, a bundle consisting of an infamous banking Trojan, an email spreader, and a notably complex attack chain. Although previous research has documented Horabot campaigns (here and here), our goal is to highlight how active this threat remains and to share some aspects not covered in those analyses."
        https://securelist.com/horabot-campaign/119033/
      • From Misconfigured Spring Boot Actuator To SharePoint Exfiltration: How Stolen Credentials Bypass MFA
        "Many cybersecurity incidents don’t begin with sophisticated malware or advanced exploits. Instead, they often start with simple misconfigurations and poor credential practices. When these weaknesses combine, attackers can move from reconnaissance to full data compromise surprisingly quickly. This case study walks through an incident that involves:"
        https://www.trendmicro.com/en_us/research/26/c/from-misconfigured-spring-boot-actuator-to-sharepoint-exfiltrati.html
      • GlassWorm Hits MCP: 5th Wave With New Delivery Techniques
        "GlassWorm Strikes Again: Wave 5 Brings Invisible Code to MCP Servers, GitHub Repos, and Hundreds of Extensions. Five waves. Five months. One relentless threat actor. We first exposed GlassWorm back in October 2025 - the first self-propagating worm hiding in VSCode extensions using invisible Unicode characters. Since then, we've tracked them through four waves: invisible payloads, a return strike where we accessed their server and found real victims, compiled Rust binaries, and a full pivot to macOS with hardware wallet trojans."
        https://www.koi.ai/blog/glassworm-hits-mcp-5th-wave-with-new-delivery-techniques
      • Iranian Botnet Exposed Via Open Directory: 15-Node Relay Network And Active C2
        "Threat actors make mistakes. Sometimes those missteps are subtle; a misconfigured server, a reused TLS certificate. Other times, operators leave a directory open on their own staging infrastructure, exposing deployment scripts, configuration files, bash history, and more for anyone willing to look. This research builds on our recent analysis of Iranian APT infrastructure, but represents a different layer of that ecosystem: a financially or personally motivated operator rather than a state-directed one. During a routine review of exposed servers in Iran using AttackCapture™, Hunt.io researchers identified a threat actor's full working environment: a censorship bypass tunnel network spanning Finland and Iran, an SSH-based botnet framework, and a compiled bot client with a hardcoded C2 address still under active development."
        https://hunt.io/blog/iran-botnet-operation-open-directory
      • Fast-Draft Open VSX Extension Compromised By BlokTrooper
        "The KhangNghiem/fast-draft extension, listed on open-vsx.org/extension/KhangNghiem/fast-draft and now sitting above 26,000 downloads, had multiple malicious releases that execute a GitHub-hosted downloader and pull a second-stage RAT and infostealer from the BlokTrooper/extension repository. The confirmed malicious releases in the version line we inspected are 0.10.89, 0.10.105, 0.10.106, and 0.10.112. What makes this case unusual is that the malicious releases are not continuous. Versions through 0.10.88 appear clean. 0.10.111 also appears clean, even though it sits between malicious versions, and the latest Open VSX release as of 2026-03-17, 0.10.135, does not contain the same loader either."
        https://www.aikido.dev/blog/fast-draft-open-vsx-bloktrooper
      • Katana: a Mirai Variant That Compiles Its Own Rootkit On Android TV Set-Top Boxes
        "This report documents the Katana botnet, a Mirai variant targeting Android TV set-top boxes through ADB exploitation. The devices it infects are low-cost, often unbranded boxes running the Android Open Source Project (AOSP) without Google Play Protect or official Google certification, not Google-branded Android TV products. Katana is part of a growing wave of botnets exploiting the same attack surface: residential proxy services that expose internal networks, enabling mass ADB exploitation of Android TV devices. This delivery method, first documented in the context of the Kimwolf proxy botnet and subsequently disclosed to affected proxy providers in late 2025, has since attracted multiple independent operators. The economics are straightforward: for the cost of a residential proxy subscription, an operator gains access to tens of millions of AOSP devices with unauthenticated remote shell access — without writing a single exploit."
        https://github.com/deepfield/public-research/blob/main/katana/report.md

      Breaches/Hacks/Leaks

      • Marquis: Ransomware Gang Stole Data Of 672K People In Cyberattack
        "Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. The company provides digital marketing, data analytics, compliance, and CRM services to more than 700 banks, credit unions, and mortgage lenders across the United States. In data breach notifications filed with U.S. Attorney General offices in early December, Marquis said it suffered a ransomware attack on August 14, 2025, after the threat actors compromised a SonicWall firewall."
        https://www.bleepingcomputer.com/news/security/marquis-ransomware-gang-stole-data-of-672-000-people-in-2025-cyberattack/
        https://therecord.media/marquis-bank-vendor-data-breach
      • Nordstrom's Email System Abused To Send Crypto Scams To Customers
        "Customers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick’s Day promotion. The emails promise recipients to double the cryptocurrency amount deposited to a specific wallet address over the next two hours. "Send cryptocurrency to any of your unique deposit addresses below, and we'll send you right back 200% of the amount you sent," reads the fraudulent message."
        https://www.bleepingcomputer.com/news/security/nordstroms-email-system-abused-to-send-crypto-scams-to-customers/
      • Aura Confirms Data Breach Exposing 900,000 Marketing Contacts
        "Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. The company states that the incident was caused by a voice phishing attack targeting an employee, which exposed the sensitive data of 20,000 current and 15,000 former customers. In a communication this week, Aura states that the data originated from a marketing tool used by a company acquired by Aura in 2021, which exposed limited information."
        https://www.bleepingcomputer.com/news/security/aura-confirms-data-breach-exposing-900-000-marketing-contacts/

      General News

      • Telegram’s Crackdown In 2026 And Why Cyber Criminals Are Still Winning
        "If you’ve been following the Telegram crackdown news, then you’ll know that Telegram entered 2026 under significant pressure. After years of being a largely permissive environment, the platform dramatically increased enforcement following the arrest of CEO Pavel Durov in late 2024 and the rollout of stricter moderation throughout 2025. Millions of channels were taken down, Telegram bans became frequent, automation was introduced, and transparency around enforcement reached an all time high. Yet despite these efforts, cyber criminal ecosystems on Telegram are not shrinking. These cyber criminal communities are adapting, and quickly."
        https://blog.checkpoint.com/research/telegrams-crackdown-in-2026-and-why-cyber-criminals-are-still-winning/
      • AI-Powered Cyber Warfare: How Autonomous Attack Agents Are Changing The Threat Landscape
        "A few years ago, most cyberattacks still depended heavily on human effort—skilled operators manually probing systems, testing vulnerabilities, and executing campaigns step by step. That model is quietly breaking down. In conversations with security teams and analysts over the past year, one theme keeps coming up: attackers are no longer just using tools—they’re starting to deploy systems that can think, adapt, and act on their own. This is where AI-powered cyber warfare begins to shift from buzzword to reality. At the center of this shift are autonomous attack agents, AI-driven systems that don’t just assist attackers but actively participate in decision-making. And that changes the threat landscape in a very real way."
        https://cyble.com/blog/ai-powered-cyber-warfare-attack-agents/
      • Clear Communication: The Missing Link In Cybersecurity Success
        "Time and time again in cybersecurity, effective communication is the obstacle to technical and non-technical teams being able to truly collaborate. Diverse working groups, while essential for coming up with effective cybersecurity strategies and ideas, can be brought to a standstill when communication isn't rooted in trust. At this year's RSAC Conference, husband and wife duo Rebecca Grapsy and Kevin Grapsy are set to deliver a talk on this subject. And for them, it's personal."
        https://www.darkreading.com/cybersecurity-operations/clear-communication-missing-link-cybersecurity-success
      • Beyond Analytics: The Silent Collection Of Commercial Intelligence By TikTok And Meta Ad Pixels
        "TikTok and Meta's tracking pixels are quietly harvesting personal data, granular checkout interactions, and detailed commerce intelligence from the websites that implement them. The collection is going far beyond what ad attribution requires, creating serious privacy compliance risks and competitive disadvantages for the businesses involved. Jscrambler conducted a runtime analysis of the ad pixels used by TikTok and Meta on actual websites, revealing that their default behavior requires immediate attention from every organization that employs them. The analysis focused on large companies in the retail, hospitality, and healthcare sectors. However, it's worth noting that most businesses with an online presence use these tracking pixels on their websites."
        https://jscrambler.com/blog/beyond-analytics-tiktok-meta-ad-pixels
        https://www.darkreading.com/cyber-risk/meta-tiktok-steal-sensitive-pii
      • From Hot CVEs To The Full Attack Surface: How AI Is Reshaping Threat Intelligence
        "For a long time, defenders operated with a practical advantage. Although thousands of vulnerabilities are disclosed each year, only a small fraction ever show up in large-scale attacks. Instead, the same CVEs appeared in post-mortem reports again and again. That pattern made prioritization possible. Security teams could focus on patching, detection, and response around a limited set of exposures and accept that much of the backlog, while not ideal, was unlikely to be targeted at scale and the teams could prioritize based on the identified patterns and each organization’s unique risk assessment."
        https://www.fortinet.com/blog/industry-trends/from-hot-cves-to-the-full-attack-surface-how-ai-is-reshaping-threat-intelligence
      • Cybercriminals Scale Up, Government Sector Hit Hardest
        "Government agencies faced the highest volume of cyberattack campaigns in 2025, according to new findings from HPE Threat Labs, which tracked 1,186 active campaigns over the course of the year. The data covers activity observed between January 1 and December 31, 2025, and reflects a broad mix of sectors and attack types. Government agencies were targeted in 274 campaigns, the largest share among all industries. Financial services followed with 211 campaigns, while technology companies accounted for 179. Defense saw 98 campaigns, and manufacturing recorded 75. Telecommunications and healthcare each logged 63 campaigns, while education and transportation each recorded 61."
        https://www.helpnetsecurity.com/2026/03/18/government-agencies-cyberattack-campaigns-volume/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 0db04e46-3541-4e41-af85-5588236348e1-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post