NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 20 March 2026

    Cyber Security News
    1
    1
    50
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • CTEK Chargeportal
        "Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-06
      • IGL-Technologies eParking.fi
        "Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-07
      • Automated Logic WebCTRL Premium Server
        "Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08
      • Schneider Electric Modicon M241, M251, And M262
        "Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-01
      • Schneider Electric Modicon Controllers M241, M251, M258, And LMC058
        "Successful exploitation of this vulnerability may risk a Cross-site Scripting or an open redirect attack which could result in an account takeover scenario or the execution of code in the user browser."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-02
      • Schneider Electric EcoStruxure Automation Expert
        "Schneider Electric is aware of a vulnerability in its EcoStruxure™ Automation Expert product. The EcoStruxure™ Automation Expert product is plant automation software designed for digital control systems in discrete, hybrid and continuous industrial processes. A totally integrated automation solution designed to enhance your flexibility, efficiency and scalability. Failure to apply the remediation provided below may risk execution of arbitrary commands on the engineering workstation, which could result in a potential compromise of full system."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-03
      • Schneider Electric EcoStruxure PME And EPO
        "Schneider Electric is aware of a vulnerability in its EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) products. EcoStruxure Power Monitoring Expert (PME) is an on-premises software used to help power critical and energy-intensive facilities maximize uptime and operational efficiency. EcoStruxure Power Operation (EPO) are on-premises software offers that provides a single platform to monitor and control medium and lower power systems.Failure to apply the fix provided below may risk local arbitrary code execution, which could result in the local system being compromised, a disruption of operations, and/or unauthorized administrative control of the system."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-04
      • Mitsubishi Electric CNC Series
        "Successful exploitation of this vulnerability could allow a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition in the affected products."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-05
      • A Brief Overview Of The Main Incidents In Industrial Cybersecurity. Q4 2025
        "In Q4 2025, 161 incidents were publicly confirmed by victims. All of these incidents are included in the table at the end of the overview, with select incidents described in detail. When evaluating the results of the quarter in terms of publicly confirmed cyberincidents at industrial enterprises, several observations can be made. First, attention is drawn to the disproportionately large number of incidents that have occurred in organizations from certain countries and territories, such as Japan and Taiwan. The number of incidents is particularly high when looking at estimates of the accessibility of computers related to industrial automation systems in these countries to cyberthreats."
        https://ics-cert.kaspersky.com/publications/reports/2026/03/19/a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity-q4-2025/

      Vulnerabilities

      • Max Severity Ubiquiti UniFi Flaw May Allow Account Takeover
        "Ubiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts. The UniFi Network app (also known as the UniFi Controller) is management software that helps configure, monitor, and optimize Ubiquiti UniFi networking hardware, such as access points, switches, and gateways. "Combines powerful internet gateways with scalable WiFi and switching. Provides real-time traffic dashboards, visual topology maps, and optimization tips," the networking device manufacturer says. "The preferred way to deploy UniFi Network is on a UniFi Cloud Gateway, rather than on a server, laptop, or other self-hosted environment.""
        https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-unifi-flaw-that-may-enable-account-takeover/
        https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
        https://securityaffairs.com/189689/security/critical-ubiquiti-unifi-unifi-security-flaw-allows-potential-account-hijacking.html
      • Magento PolyShell: Unrestricted File Upload In Magento And Adobe Commerce
        "A critical flaw in Magento's REST API lets unauthenticated attackers upload executable files to any store. We named the vulnerability "PolyShell" because the attack uses a polyglot (code disguised as image). Sansec has not observed active exploitation so far. However, the exploit method is circulating already and Sansec expects automated attacks to appear soon."
        https://sansec.io/research/magento-polyshell
        https://www.bleepingcomputer.com/news/security/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/03/19/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/189682/security/u-s-cisa-adds-a-flaw-in-cisco-fmc-and-cisco-scc-firewall-management-to-its-known-exploited-vulnerabilities-catalog.html
      • RIP RegPwn
        "As part of MDSec’s R&D work, we often discover vulnerabilities and develop exploits to support our red team engagements. When researching widely used software, it is often only a matter of time before the same vulnerability is discovered by other researchers and reported to the vendor. Two weeks ago we outlined an Elevation of Privilege vulnerability in Windows 11 that we had been leveraging in red teams but decided to report to the vendor ourselves. Ironically, today we’re documenting another Elevation Of Privilege vulnerability that was so elegant in its indicators, we kept it internal and used with great success across red team engagements since January 2025. For what will become obvious reasons, we named this vulnerability RegPwn and it affected Windows 10 and 11, as well as Windows Server 2012, 2016, 2019, 2022, and 2025. This vulnerability was fixed this Patch Tuesday and we believe is tracked as CVE-2026-24291."
        https://www.mdsec.co.uk/2026/03/rip-regpwn/

      Malware

      • Winos4.0 Malware Disguised As KakaoTalk Installation File
        "Typically, people perceive the sites that appear at the top of Google search results as the “most authoritative and official” sites. however, threat actors are playing on the psychology of such users, manipulating the search engine’s algorithms to place malicious sites at the top. SEO poisoning is an attack technique in which threat actors exploit search engine optimization (SEO) techniques to push malicious websites they control to the top of search results for specific keywords, often on pages one to three. the goal is to distribute malware or steal information by directing users to a carefully crafted fake site when they are trying to download official software or find information."
        https://asec.ahnlab.com/en/92971/
      • Perseus: DTO Malware That Takes Notes
        "Most mobile malware must continuously evolve to remain effective in an environment shaped by improving security measures, platform restrictions, and user awareness. Rather than relying solely on traditional techniques, contemporary threats increasingly adapt by introducing new capabilities and leveraging legitimate system features in unintended ways. This ongoing evolution reflects a broader trend in which attackers refine their tooling to maintain persistence, evade detection, and maximize control over compromised devices, highlighting the importance of studying how such threats adapt over time."
        https://www.threatfabric.com/blogs/perseus-dto-malware-that-takes-notes
        https://www.bleepingcomputer.com/news/security/new-perseus-android-malware-checks-user-notes-for-secrets/
        https://thehackernews.com/2026/03/new-perseus-android-banking-malware.html
        https://therecord.media/malware-streaming-apps-android
      • Operation GhostMail: Russian APT Exploits Zimbra Webmail To Target Ukraine State Agency
        "Seqrite Labs identified a targeted phishing campaign that exploits a cross-site scripting (XSS) vulnerability in Zimbra Collaboration (ZCS) to compromise a Ukrainian government entity. The phishing email has no malicious attachments, no suspicious links, no macros. The entire attack chain lives inside the HTML body of a single email, there are no malicious attachments. A social engineered internship inquiry is used to deliver an obfuscated JavaScript payload embedded directly in the email body. When the victim opens the email in a vulnerable Zimbra webmail session, it exploits CVE-2025-66376 which is a stored XSS bug caused by inadequate sanitization of CSS @import directives within the HTML content."
        https://www.seqrite.com/blog/operation-ghostmail-zimbra-xss-russian-apt-ukraine/
        https://www.bleepingcomputer.com/news/security/russian-apt28-military-hackers-exploit-zimbra-flaw-in-ukrainian-govt-attacks/
        https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html
        https://therecord.media/russia-hackers-ukraine-zimbra-breach
        https://securityaffairs.com/189673/security/russian-apt-targets-ukraine-via-zimbra-xss-flaw-cve-2025-66376.html
        https://www.securityweek.com/russian-apt-exploits-zimbra-vulnerability-against-ukraine/
      • Everyday Tools, Extraordinary Crimes: The Ransomware Exfiltration Playbook
        "As defenders have improved their ability to detect malicious code, attackers have adapted by reducing their reliance on bespoke implants. As a result, data exfiltration is no longer primarily driven by custom malware or specialized tooling. Instead, many modern exfiltration operations leverage legitimate, widely deployed utilities already present in enterprise environments, along with benign cloud storage locations as the destination of the exfiltration connections. This shift significantly complicates detection. Tools and services used for routine business operations can be repurposed to transfer stolen data outside the network without triggering traditional security controls. In many real-world incidents, exfiltration does not rely on novel protocols, custom command-and-control (C2) infrastructure, or overtly malicious binaries."
        https://blog.talosintelligence.com/everyday-tools-extraordinary-crimes-the-ransomware-exfiltration-playbook/
      • Hasta La Vista, Hastalamuerte: An Overview Of The Gentlemen's TTPs
        "In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk. After all, why should they exploit complex and time-consuming vulnerabilities when there are so many low-hanging fruit out there such as vulnerable web-based remote services like RDWeb and SSL VPN devices and default or easy-to-guess passwords to brute force? Anyway, it is not up to us, but to the criminals, to decide what is the best (or the worst) strategy for a ransomware or extortion operation to conduct attacks."
        https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/
        https://www.infosecurity-magazine.com/news/ransomware-affiliate-gentlemen/
      • Windsurf IDE Extension Drops Malware Via Solana Blockchain
        "Bitdefender researchers have discovered a malicious Windsurf IDE (integrated development environment) extension that deploys a multi-stage NodeJS stealer by using the Solana blockchain as the payload infrastructure. The extension, disguised as an R language support extension for Visual Studio Code, retrieves encrypted JavaScript from blockchain transactions, executes it using NodeJS runtime primitives, drops compiled add-ons to extract Chromium data, all the while establishing persistence with the help of a hidden PowerShell scheduled task. There’s an official, legitimate extension named REditorSupport, which is likely why the attacker used a very similar name to confuse potential victims."
        https://www.bitdefender.com/en-us/blog/labs/windsurf-extension-malware-solana
        https://hackread.com/windsurf-ide-extension-solana-blockchain-developer-data/
      • Russia Turns Vienna Into West’s Biggest Spy Hub – Tracking NATO Communications
        "Russia has turned Vienna into its largest electronic espionage hub in the West, using its diplomatic compounds to monitor sensitive communications across NATO, the Middle East, and Africa. From rooftops across the Austrian capital, clusters of satellite dishes are used for covert signals intelligence (SIGINT), reviving a major Cold War-era function, the Financial Times reported, citing sources familiar with the matter. “This is one of our main concerns,” a senior European diplomat in Vienna said. “They are targeting NATO government and military communications… Vienna is their hub in Europe.”"
        https://www.kyivpost.com/post/72072
        https://securityaffairs.com/189653/intelligence/russia-establishes-vienna-as-key-western-spy-hub-targeting-nato.html
      • New Malware Targets Users Of Cobra DocGuard Software
        "Symantec and Carbon Black researchers have uncovered a mysterious and stealthy new threat that hijacks the functionality and infrastructure of the legitimate security software Cobra DocGuard. Infostealer.Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate communications between client and server. Notably, Speagle appears to be capable of collecting information on highly targeted subjects, such as specifically seeking out documents related to Chinese ballistic missiles."
        https://www.security.com/threat-intelligence/speagle-cobradocguard-infostealer
        https://thehackernews.com/2026/03/speagle-malware-hijacks-cobra-docguard.html
      • EDR Killers Explained: Beyond The Drivers
        "In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such a tool to disrupt protection, and only then launches the encryptor. Besides the dominating Bring Your Own Vulnerable Driver (BYOVD) technique, we also see attackers frequently abusing legitimate anti-rootkit utilities or using driverless approaches to block the communication of endpoint detection and response (EDR) software or suspend it in place. These tools are not just plentiful, but also behave predictably and consistently, which is precisely why affiliates reach for them."
        https://www.welivesecurity.com/en/eset-research/edr-killers-explained-beyond-the-drivers/
        https://thehackernews.com/2026/03/54-edr-killers-use-byovd-to-exploit-34.html
        https://www.helpnetsecurity.com/2026/03/19/edr-killer-ransomware-attacks/
      • Analyzing The Current State Of AI Use In Malware
        "Unit 42 researchers searched through open-source intelligence (OSINT) and our internal telemetry for potential signs of malware made to any degree with large language models (LLMs). This includes either using LLMs to create the malware entirely or to assist with their functionality. This article examines two samples, both of which originated from our OSINT hunts. The rise of AI has sparked considerable interest in its potential applications within cybersecurity, both from the defender and attacker perspectives. We currently consider three primary use cases for AI as applied by the creators of malware:"
        https://unit42.paloaltonetworks.com/ai-use-in-malware/

      Breaches/Hacks/Leaks

      • Navia Discloses Data Breach Impacting 2.7 Million People
        "Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. An investigation into the incident revealed that the hackers had access to the organization's systems between December 22, 2025, and January 15, 2026. However, the company discovered the suspicious activity on January 23. Navia says that it responded immediately and launched an inquiry to determine the potential impact of the incident."
        https://www.bleepingcomputer.com/news/security/navia-discloses-data-breach-impacting-27-million-people/
        https://www.bankinfosecurity.com/worker-benefits-administrator-notifying-27m-hack-a-31085
      • Bitrefill Blames North Korean Lazarus Group For Cyberattack
        "Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. During the investigation, the platform observed indicators similar to previous attacks attributed to the North Korean threat actor, like tactics, malware, IP and email addresses. “Based on indicators observed during the investigation - including the modus operandi, the malware used, on-chain tracing and reused IP + email addresses (!) - we find many similarities between this attack and past cyberattacks by the DPRK Lazarus / Bluenoroff group against other companies in the crypto industries,” reads Bitrefill's statement."
        https://www.bleepingcomputer.com/news/security/bitrefill-blames-north-korean-lazarus-group-for-cyberattack/

      General News

      • CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
        "CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.1 To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify additional threats and determine mitigation actions."
        https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization
        https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117
        https://www.bleepingcomputer.com/news/security/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach/
        https://therecord.media/fbi-cisa-warn-of-microsoft-intune-risks-stryker
        https://www.bankinfosecurity.com/microsoft-intune-mdm-gains-notoriety-after-stryker-hack-a-31084
        https://cyberscoop.com/feds-keep-eyes-peeled-for-iran-cyberattacks-respond-to-stryker-breach/
        https://www.theregister.com/2026/03/19/microsoft_intune_lockdown_stryker/
        https://www.helpnetsecurity.com/2026/03/19/cisa-endpoint-management-system-warning/
      • February 2026 APT Attack Trends Report (South Korea)
        "AhnLab utilizes its infrastructure to monitor for Advanced Persistent Threat (APT) attacks in South Korea. This report covers the classification and statistics on APT attacks on South Korea targets identified during the month of February 2026, and introduces the features of each type."
        https://asec.ahnlab.com/en/92972/
      • FBI Seizes Handala Data Leak Site After Stryker Cyberattack
        "The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. Both the hacktivist's handala-redwanted[.]to and handala-hack[.]to clearnet domains now display a seizure notice stating that the websites were seized under a seizure warrant issued by the District Court for the District of Maryland. "This domain has been seized by the Federal Bureau of Investigation ("FBI") pursuant to a seizure warrant issued by a United States District Court for the District of Maryland as apart of a law enforcement action by the FBI. Law enforcement authorities determined this domain was used to conduct, facilitate, or support malicious cyber activities on behalf of, or in coordination with, a foreign state actor," reads the seizure message."
        https://www.bleepingcomputer.com/news/security/fbi-seizes-handala-data-leak-site-after-stryker-cyberattack/
      • Rethinking Cyber Preparedness In Age Of AI Cyberwarfare
        "Artificial intelligence is fundamentally transforming the cyberwarfare landscape, and while they may think otherwise, most organizations aren't ready for an AI-driven attack. Nearly 80% of IT decision-makers say their organization is prepared to handle a cyberwarfare attack, and 76% say they're confident they could combat AI-based attacks. But 54% of organizations say they have been hit by an AI-generated or AI-led attack in the past 12 months, and half of those haven't adequately secured their environment in the aftermath, according to a report by security firm Armis."
        https://www.bankinfosecurity.com/rethinking-cyber-preparedness-in-age-ai-cyberwarfare-a-31086
      • The Agentic Era Arrives: How AI Is Transforming The Cyber Threat Landscape
        "The cyber security landscape is undergoing a significant shift. Between January and February 2026, we observed a major evolution in how threat actors adopt, weaponize, and operationalize AI. What was once experimental is now mature. What once required coordinated teams can now be executed by a single experienced developer with an AI‑powered IDE. And what enterprises embraced for productivity has simultaneously become a rapidly expanding attack surface. This report highlights the most significant trends shaping today’s threat environment-and what defenders must prepare for next."
        https://blog.checkpoint.com/research/the-agentic-era-arrives-how-ai-is-transforming-the-cyber-threat-landscape/
        https://engage.checkpoint.com/cpr-ai-threat-landscape-digest
      • Inside Russia’s Shift To Credential-Based Intrusions: What CISOs Need To Know In 2026
        "Russia-linked hacktivist activity has entered a noticeably different phase. While earlier campaigns leaned heavily on disruption through denial-of-service and opportunistic scanning of exposed systems, the current trajectory shows a stronger dependence on credential-based intrusions and identity-based cyber attacks. For security leaders, this evolution matters because it lowers the technical barrier to entry while increasing the blast radius of compromise."
        https://cyble.com/blog/russia-credential-based-intrusions-cisos/
      • AI Conundrum: Why MCP Security Can't Be Patched Away
        "Organizations rushing to connect their LLM-powered apps to external data sources and services using the Model Context Protocol (MCP) may be inadvertently creating attack surfaces that are fundamentally different from anything their existing security controls can handle. Making matters worse is that the risks are not the kind a security team can address via patching or configuration changes because they exist at the architectural level in both large language models (LLMs) and in MCP, says Gianpietro Cutolo, cloud threat researcher at Netskope, who is scheduled to highlight the issue at a session next week at the RSAC 2026 Conference in San Francisco"
        https://www.darkreading.com/application-security/mcp-security-patched
      • SpyCloud’s 2026 Identity Exposure Report Reveals Explosion Of Non-Human Identity Theft
        "SpyCloud, the leader in identity threat protection, today released its annual 2026 Identity Exposure Report, one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the criminal underground and highlighting a sharp expansion in non-human identity (NHI) exposure. Last year, SpyCloud saw a 23% increase in its recaptured identity datalake, which now totals 65.7B distinct identity records. The report shows attackers are increasingly targeting machine identities and authenticated session artifacts in addition to traditional username and password combinations and personally identifiable information (PII)."
        https://hackread.com/spyclouds-2026-identity-exposure-report-reveals-explosion-of-non-human-identity-theft/
        https://spycloud.com/resource/report/spycloud-annual-identity-exposure-report-2026/
      • AI Got It Wrong With High Confidence. Now What?
        "In this Help Net Security interview, Christian Debes, Head of Data Analytics & AI at SPRYFOX, talks about the growing gap between what AI models do and what their operators can explain. He argues this gap is already a liability, particularly when decisions affect people or money and no one can say why a model produced a certain output. Debes walks through how responsible teams approach confident wrong answers, why procurement leaders bear accountability when AI systems fail, and what explainability means as a translation layer between technical teams and business operators. He also addresses the EU AI Act and its risk of producing compliance theater, and closes with a frank assessment of where AI infrastructure is headed if explainability does not keep pace with model complexity."
        https://www.helpnetsecurity.com/2026/03/19/christian-debes-spryfox-ai-explainability-accountability/
      • Iran Readied Cyberattack Capabilities For Response Prior To Epic Fury
        "America, Israel and ‘facilitating’ Gulf states received malicious attacks from Iranian APTs within days of Epic Fury, and there are around 60 Iran-linked hacktivist groups currently operating. It is little surprise that malicious Iranian cyber activity increased immediately after the US/Israel strikes commenced at the end of February 2026. It is more surprising that MOIS (Iranian Ministry of Intelligence and Security) and IRGC linked cyber groups seemed to be preparing themselves for this event. A study by Augur Security, which uses AI and behavioral modeling to provide early identification and mapping of malicious infrastructure, demonstrates that numerous government-linked groups (either with MOIS or one of the Islamic Revolutionary Guard Corps – IRGC – cyber units) showed increased infrastructure activity in the six months prior to Epic Fury."
        https://www.securityweek.com/iran-readied-cyberattack-capabilities-for-response-prior-to-epic-fury/
        https://www.augursecurity.com/post/threat-research-iran-2026-threat-posture-assessment
      • 2026 Mobile Security: How Regulation And AI Are Reshaping Risk
        "Mobile security is entering its most transformative phase yet. Mobile is now the largest attack surface in the enterprise, and the least protected. In 2026, two forces will converge to redefine risk: regulatory shifts and the acceleration of AI-driven development. These changes will not only reshape how mobile apps are built, distributed, and secured but also challenge enterprises to rethink their governance, strategy, and resilience. The winners will be those who adapt quickly, leveraging AI responsibly while embedding mobile security into the foundations of development, not bolting it on after the fact."
        https://zimperium.com/blog/2026-mobile-security-how-regulation-and-ai-are-reshaping-risk
        https://www.infosecurity-magazine.com/news/financial-brands-mobile-banking/
      • Federal Jury Convicts Charlotte Man For Cyber Extortion Scheme That Targeted International Technology Company
        "A federal jury returned a guilty verdict yesterday against a Charlotte man for carrying out an extensive cyber extortion scheme against a D.C.-based international technology company, announced Russ Ferguson, U.S. Attorney for the Western District of North Carolina. Cameron Curry, 27, was convicted of six counts of transmitting or willfully causing interstate communications with the intent to extort a victim company. U.S. District Judge Kenneth D. Bell presided over the three-day trial."
        https://www.justice.gov/usao-wdnc/pr/federal-jury-convicts-charlotte-man-cyber-extortion-scheme-targeted-international
        https://cyberscoop.com/cameron-curry-insider-attack-washington-tech-company/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) e4f146e5-0fbc-402d-93db-a7731fc5804f-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post