NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 25 March 2026

    Cyber Security News
    1
    1
    85
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Energy Sector

      • DoE Publishes 5-Year Energy Security Plan
        "Energy, especially electricity, could be described as the most critical industry – all other critical industries are fundamentally dependent on access to energy. It is essential for peoples’ daily lives (citizens), business operation (economy), and national security (the nation). As such, it is a primary target for criminals, hacktivists, and adversarial nation state actors. The office of Cybersecurity, Energy Security, and Emergency Response (CESER, part of the U.S. Department of Energy) has published a three-pronged 5-year security plan for the fiscal years 2026 to 2030. The three prongs (or goals of the plan) are to develop ‘world-class’ security technologies, to harden the US energy infrastructure, and establish emergency preparedness for response and recovery from incidents."
        https://www.securityweek.com/doe-publishes-5-year-energy-security-plan/
        https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/asset_files/external/ceser-strategic-plan2026-2030.pdf

      Vulnerabilities

      • PTC Warns Of Imminent Threat From Critical Windchill, FlexPLM RCE Bug
        "PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. The security issue, identified as CVE-2026-4681, could be leveraged through the deserialization of trusted data. Its severity has prompted emergency action from German authorities, with the federal police (BKA) reportedly sending agents to affected companies to alert them to the cybersecurity risk."
        https://www.bleepingcomputer.com/news/security/ptc-warns-of-imminent-threat-from-critical-windchill-flexplm-rce-bug/
        https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability
        https://www.heise.de/en/news/WTF-Police-responded-on-Saturday-night-due-to-a-zero-day-11221590.html
      • CVE-2026-3055: Citrix NetScaler ADC And NetScaler Gateway Out-Of-Bounds Read
        "On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a CVSS score of 9.3, allows unauthenticated remote attackers to leak potentially sensitive information from the appliance's memory. The Citrix advisory states that systems configured as a SAML Identity Provider (SAML IDP) are vulnerable, whereas default configurations are unaffected. This SAML IDP configuration is likely a very common configuration for organizations utilizing single sign-on. Per the advisory, organizations can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string: add authentication samlIdPProfile .*"
        https://www.rapid7.com/blog/post/etr-cve-2026-3055-citrix-netscaler-adc-and-netscaler-gateway-out-of-bounds-read/
        https://thehackernews.com/2026/03/citrix-urges-patching-critical.html
        https://www.infosecurity-magazine.com/news/citrix-patch-netscaler/
        https://www.securityweek.com/critical-citrix-netscaler-vulnerability-poised-for-exploitation-security-firms-warn/
        https://securityaffairs.com/189908/security/citrix-netscaler-critical-flaw-could-leak-data-update-now.html
        https://www.helpnetsecurity.com/2026/03/24/netscaler-adc-gateway-cve-2026-3055/
      • Chrome 146 Update Patches High-Severity Vulnerabilities
        "Google on Monday announced a fresh Chrome 146 update that resolves eight high-severity memory safety vulnerabilities. First on the list is CVE-2026-4673, a heap buffer overflow issue in WebAudio that earned the reporting researcher a $7,000 bug bounty reward. The same researcher discovered and reported CVE-2026-4677, an out-of-bounds read bug in WebAudio, but Google says it has yet to determine the bounty amount to be awarded for it. In fact, the internet giant has disclosed only the amount paid for the first WebAudio flaw, but not the amounts to be handed out for the remaining vulnerabilities."
        https://www.securityweek.com/chrome-146-update-patches-high-severity-vulnerabilities/

      Malware

      • Checkmarx KICS Code Scanner Targeted In Widening Supply Chain Hit
        "Hard on the heels of a broad supply chain attack that impacted the Aqua Security-maintained Trivy open source security-scanner project, Checkmarx on Tuesday disclosed that attackers had compromised a version of Keeping Infrastructure as Code Secure (KICS), the open source static code analysis project that it develops and maintains. Specifically, the cybercriminals infiltrated KICS GitHub Action, which organizations use to run KICS scans within their CI/CD pipelines, and poisoned multiple versions of the software. Any organization that had its automated CI/CD pipelines configured to run the KICS GitHub Action during a four-hour window on the morning of March 23 could potentially be impacted, Checkmarx said."
        https://www.darkreading.com/application-security/checkmarx-kics-code-scanner-widening-supply-chain
        https://checkmarx.com/blog/checkmarx-security-update/
        https://thehackernews.com/2026/03/teampcp-hacks-checkmarx-github-actions.html
      • TeamPCP Isn't Done: Threat Actor Behind Trivy And KICS Compromises Now Hits LiteLLM's 95 Million Monthly Downloads On PyPI
        "On March 24, 2026, Endor Labs identified that litellm versions 1.82.7 and 1.82.8 on PyPI contain malicious code not present in the upstream GitHub repository. litellm is a widely used open source library with over 95 million month downloads. It lets developers route requests across LLM providers through a single API. Both compromised versions include a backdoored file that decodes and executes a hidden payload the moment the file is imported. Version 1.82.8 goes further: it installs a .pth file that runs the payload on any Python invocation, even if litellm is never imported. Version 1.82.6 is the last known-clean release."
        https://www.endorlabs.com/learn/teampcp-isnt-done
        https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
        https://thehackernews.com/2026/03/teampcp-backdoors-litellm-versions.html
        https://www.theregister.com/2026/03/24/trivy_compromise_litellm/
      • Someone Has Publicly Leaked An Exploit Kit That Can Hack Millions Of iPhones
        "Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and published it on the code-sharing site GitHub. Researchers are warning that this will allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems who have not yet updated to its latest iOS 26 software. This likely affects hundreds of millions of actively used iPhones and iPads, according to Apple’s own data on out-of-date devices."
        https://techcrunch.com/2026/03/23/someone-has-publicly-leaked-an-exploit-kit-that-can-hack-millions-of-iphones/
        https://cyberscoop.com/darksword-iphone-spyware-leak-ios-18-exploit-threat/
        https://hackread.com/darksword-iphone-exploit-leaked-online/
      • OpenClaw Trap: AI-Assisted Lure Factory Targets Developers & Gamers
        "Netskope Threat Labs identified a link to a malware campaign operating across at multiple GitHub repositories, spanning over 300 delivery packages, including an OpenClaw deployment, an AI developer tool lure, a Telegram-promoted phone tracker, a Fishing Planet game cheat, Roblox scripts, crypto bots, and VPN crackers—all distributing LuaJIT payloads. The lure names suggest AI-assisted generation: obscure biological taxonomy, archaic Latin, and medical terminology applied systematically at scale. Each victim is geolocated, and their desktop screenshot is sent to a server in Frankfurt. We are tracking this cluster as the TroyDen’s Lure Factory."
        https://www.netskope.com/blog/openclaw-trap-ai-assisted-lure-factory-targets-developers-gamers
        https://www.darkreading.com/application-security/github-openclaw-deployer-repo-delivers-trojan
        https://www.helpnetsecurity.com/2026/03/24/github-malware-split-payload/
      • Silver Fox: The Only Tax Audit Where The Fine Print Installs Malware
        "Since early 2025, TDR has focused on tracking Silver Fox, a China-based intrusion set. Originally known for financially motivated attacks, the group has been shifting toward more sophisticated, APT-style operations since at least 2024. This dual focus reflects a broader trend observed throughout 2025, which is the increasingly blurred lines between financially motivated cybercrime operators and state-sponsored espionage. Silver Fox relies on ValleyRAT (aka Winos), which can be considered as its primary modular backdoor. Despite the leak of ValleyRAT builder in March 2025, the intrusion set continued to use it, exploiting zero-day driver plugin and using kernel-mode rootkit likely for intelligence collection. In addition, Silver Fox relies on other malicious payloads like HoldingHands, which is a variant of Gh0st RAT. Rather than replacing ValleyRAT, it appears to be deployed alongside it to achieve specific operational goals."
        https://blog.sekoia.io/silver-fox-the-only-tax-audit-where-the-fine-print-installs-malware/
        https://www.infosecurity-magazine.com/news/silver-fox-cyber-dual-espionage/
      • Fake Install Logs In Npm Packages Load RAT
        "When it comes to supply chain attacks, last year was a lot for software security teams to get their heads around. There were several large scale attacks that struck npm repositories, the most impactful being Shai-hulud — the first open source package repository worm. Then there were several smaller campaigns that didn’t have as big of an impact, but were very important nonetheless. In February 2026, for example, the ReversingLabs research team documented a North Korea connected campaign we dubbed “Graphalgo.” That campaign started in May 2025, and is part of a larger fake job recruiter scheme conducted by North Korea-backed hackers and targeting crypto developers. It is ongoing, phishing developers with fake job interviews and using “coding tests” as a pretext for pushing downloaders to developers’ systems that retrieve a custom remote access trojan (RAT) as the final stage."
        https://www.reversinglabs.com/blog/npm-fake-install-logs-rat
        https://thehackernews.com/2026/03/ghost-campaign-uses-7-npm-packages-to.html
        https://www.infosecurity-magazine.com/news/npm-ghost-campaign-fake-install/
      • From W-2 To BYOVD: How a Tax Search Leads To Kernel-Mode AV/EDR Kill
        "As the saying goes, only two things are guaranteed in life: death and taxes. But, with the April 15 tax filing deadline quickly approaching, there's a third guarantee that threat actors have learned to count on: millions of users searching for the same tax forms, under time pressure, trusting the first Google result they see. During retrospective threat hunting, the Huntress Tactical Response team recently uncovered a large-scale malvertising campaign that has been active since at least January 2026, targeting U.S.-based individuals searching for tax-related documents. The lures are specifically U.S. tax forms (W-2, W-9), and the fake landing pages reference IRS compliance, casting a wide net across employees, freelancers, contractors, and small businesses during filing season. The campaign abuses Google Ads to serve rogue ScreenConnect (ConnectWise Control) installers, ultimately delivering a BYOVD EDR killer that drops a kernel driver to blind security tools before further compromise. Across our customer base, we reported over 60 instances of rogue ScreenConnect sessions tied to this campaign being used as the initial access vector."
        https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill
        https://thehackernews.com/2026/03/tax-search-ads-deliver-screenconnect.html
        Analyzing FAUX#ELEVATE: Threat Actors Target France With CV Lures To Deploy Crypto Miners And Infostealers * Targeting Enterprise Environments
        "Securonix threat researchers have been tracking an ongoing campaign targeting French-speaking corporate environments through fake resumes. The campaign uses highly obfuscated VBScript file disguised as resume/CV documents, delivered through phishing emails. Once executed, the malware deploys a mutli-purpose toolkit that combines credential theft, data exfiltration, and Monero cryptocurrency mining for maximum monetization. What makes this campaign notable is the dropper’s extreme approach to evasion. Of its 224,471 lines, only 266 lines (0.12%) are actual executable code, the remainder consists entirely of junk VBS comments sourced from real English sentences. The malware also uses a domain-join gate using WMI, ensuring that payloads are only delivered on enterprise machines, and standalone home systems are excluded entirely. The campaign uses Dropbox for payload hosting, compromised Moroccan WordPress sites for C2 configuration, and mail.ru SMTP infrastructure for exfiltrating stolen browser credentials and desktop files."
        https://www.securonix.com/blog/faux-elevate-threat-actors-crypto-miners-and-infostealers/
        https://thehackernews.com/2026/03/hackers-use-fake-resumes-to-steal.html
      • Stryker Says Malware Was Involved In Recent Cyberattack As Production Lines Reopen
        "The medical device firm Stryker said it is ramping production lines back up two weeks after alleged Iranian cyber actors wiped more than 200,000 company devices. The company sought to reassure customers in a notice on Monday, sharing a letter from cybersecurity firm Palo Alto Networks confirming that the hackers behind the incident have been removed from Stryker systems. Stryker officials said they are in the process of rebuilding the wiped systems or restoring them from backups predating the known window of compromise to further prevent threat actors from reentering. The impacted systems that have not been restored yet are isolated from the network."
        https://therecord.media/stryker-cyberattack-malware-iran
        https://www.securityweek.com/stryker-says-malicious-file-found-during-probe-into-iran-linked-attack/
      • Threat Brief: Recruiting Scheme Impersonating Palo Alto Networks Talent Acquisition Team
        "Since August 2025, Unit 42 has tracked a series of sophisticated phishing campaigns where attackers impersonate Palo Alto Networks talent acquisition staff. These attacks specifically target senior-level professionals by leveraging scraped LinkedIn data to craft highly personalized lures. The specific attack vector uses social engineering to manufacture a bureaucratic barrier regarding the candidate’s curriculum vitae (CV) and push the candidate toward taking actions such as reformatting their resumes for a fee."
        https://unit42.paloaltonetworks.com/phishing-attackers-pose-as-panw-recruiters/
      • Android Devices Ship With Firmware-Level Malware
        "In late February 2026, SophosLabs analysts identified multiple detections on Android devices for malicious activity associated with the Keenadu backdoor. According to Kaspersky, Keenadu is a firmware infection embedded in the libandroid_runtime.so (shared object library) that injects itself into the Zygote process. As Zygote is the parent process for all Android apps, an attacker effectively gains total control over an infected device. Keenadu acts as a downloader for second-stage malware modules that can be used to target the data in multiple applications. All Android apps rely on libandroid_runtime.so to run, so a copy of Keenadu is copied into the address space of every app installed on an infected device."
        https://www.sophos.com/en-us/blog/android-devices-ship-with-firmware-level-malware
      • OpenClaw Developers Targeted In Crypto-Wallet Phishing Attack
        "OX Security has detected an active phishing campaign abusing the OpenClaw name and spreading through GitHub. The threat actor creates fake GitHub accounts, opens issue threads in attacker-controlled repositories, and tags dozens of GitHub developers. The posts claim that recipients have won $5,000 worth of CLAW tokens and can collect them by visiting a linked site and connecting their crypto wallet. The linked site is an almost identical clone of openclaw.ai, with one key difference: it adds a “Connect your wallet” button designed to initiate wallet theft."
        https://www.ox.security/blog/openclaw-github-phishing-crypto-wallet-attack/

      Breaches/Hacks/Leaks

      • Dutch Ministry Of Finance Discloses Breach Affecting Employees
        "The Dutch Ministry of Finance confirmed on Monday that some of its systems were breached in a cyberattack detected last week. Officials said the ministry was notified by a third party of the breach on March 19, and it's still investigating the cyberattack. An ongoing investigation found that the incident affects some employees. "The Ministry of Finance's ICT security detected unauthorized access to systems for a number of primary processes within the policy department on Thursday, March 19," an official statement revealed. "Following the alert, an immediate investigation was launched, and access to these systems has been blocked as of today. This affects the work of a portion of the employees.""
        https://www.bleepingcomputer.com/news/security/dutch-ministry-of-finance-discloses-breach-affecting-employees/
        https://therecord.media/netherlands-finance-ministry-cyberattack-breach
        https://securityaffairs.com/189929/data-breach/data-breach-at-dutch-ministry-of-finance-impacts-staff-following-cyberattack.html
      • HackerOne Discloses Employee Data Breach After Navia Hack
        "Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. HackerOne manages over 1,950 bug bounty programs and provides vulnerability disclosure, penetration testing, and code security services to high-profile companies like General Motors, Goldman Sachs, Anthropic, GitHub, and Uber, as well as to U.S. government agencies such as the Department of Defense. Navia is a leading consumer-focused benefits administrator serving over 10,000 employers across the United States."
        https://www.bleepingcomputer.com/news/security/hackerone-discloses-employee-data-breach-after-navia-hack/
        https://hackread.com/hackerone-mazda-infinite-campus-dutch-ministry-data-breaches/
        https://www.theregister.com/2026/03/24/hackerone_supplier_breach/
      • Infinite Campus Warns Of Breach After ShinyHunters Claims Data Theft
        "Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. In the breach notification sent to customers, Infinite Campus states that hackers accessed an employee's Salesforce account, exposing information that was mostly publicly available. The company has not published an official statement, but customers reported the incident on various public platforms."
        https://www.bleepingcomputer.com/news/security/infinite-campus-warns-of-breach-after-shinyhunters-claims-data-theft/
      • OVHcloud Founder Denies Massive 590TB Data Breach Claims
        "A major French tech firm, OVHcloud, has been forced to address claims of a massive data breach after a user on a dark web forum boasted about stealing nearly 600 terabytes of its private data. On 23 March 2026, a poster using the name Normal claimed on BreachForums that they had infiltrated the company’s server infrastructure, potentially affecting millions of websites and customers. The scale of the alleged theft is stunning. The hacker claimed to have snatched information belonging to 1.6 million OVH Fresh customers and nearly 6 million active websites. According to the post, this included everything from the internal source code and private databases of these sites to server settings for users in the EU and the US."
        https://hackread.com/ovhcloud-founder-denies-590tb-data-breach-claims/
      • 3.1 Million Impacted By QualDerm Data Breach
        "Healthcare management services provider QualDerm Partners is notifying more than 3.1 million people that their personal, medical, and health insurance information was stolen in a December 2025 data breach. The incident, the company says, was discovered on December 24 and involved unauthorized access to its network for two days. During this window, the attackers exfiltrated certain information from the “limited number of systems” that they compromised, the company notes in an incident notification (PDF)."
        https://www.securityweek.com/3-1-million-impacted-by-qualderm-data-breach/
        https://securityaffairs.com/189917/data-breach/qualderm-partners-december-2025-data-breach-impacts-over-3-million-people.html
      • Iran-Linked Ransomware Gang Targeted US Healthcare Org Amid Military Conflict
        "A U.S. healthcare organization was targeted in late February by an Iranian ransomware gang with ties to the country’s government, according to a new report. Incident responders at Beazley Security helped the unnamed healthcare organization deal with an attack involving the Pay2Key ransomware — a strain used by Iranian actors for a variety of purposes since 2020. Halcyon Ransomware Research Center assisted in the investigation and found several improvements in the ransomware that made it tougher to detect and more damaging."
        https://therecord.media/iran-linked-ransomware-gang-targeted-us-healthcare-org

      General News

      • India’s Evolving Cyber Threat Landscape: State-Sponsored Attacks, Hacktivism, And What’s Next In 2026
        "The India cyber threat landscape 2026 is no longer defined by isolated incidents or opportunistic attacks. It has become a dynamic, constantly shifting battleground shaped by geopolitical tensions, rapid digitization, and highly advanced hackers. What once looked like sporadic cybercrime has matured into a layered ecosystem of state-sponsored cyber attacks, organized ransomware groups, and a growing wave of Hacktivism in India. Recent threat intelligence observations reveal a new pattern: attackers are not only becoming more capable, but also more strategic. They are targeting supply chains, exploiting systemic weaknesses, and adapting their methods faster than most organizations can respond."
        https://cyble.com/blog/india-cyber-threat-landscape-2026-attacks-trends/
      • Measuring Security Performance In Real-Time, Not Once a Quarter
        "Most organizations have invested heavily in security products over the past decade. The assumption embedded in that spending is that more tools equal better protection. Tim Nan, CEO of digiDations, says that assumption is the most persistent misconception he encounters when working with security leaders across industries. “Adversaries don’t operate on averages,” Nan says. “They only need one path that works. The issue isn’t whether your defenses work most of the time. It’s whether they ever fail in a way that can be chained into a real attack.”"
        https://www.helpnetsecurity.com/2026/03/24/tim-nan-digidations-continuous-security-validation/
      • Russian Citizen Sentenced To Prison For Hacking Into U.S. Companies And Enabling Major Cybercrime Groups To Extort Tens Of Millions Of Dollars
        "A court in the Southern District of Indiana today sentenced a Russian citizen, Aleksei Volkov, to 81 months in prison for assisting major cybercrime groups, including the Yanluowang ransomware group, in carrying out numerous attacks against U.S. companies and other organizations. Volkov facilitated dozens of ransomware attacks throughout the United States, causing over $9 million in actual losses and over $24 million in intended losses. Volkov was indicted for this activity in both the Southern District of Indiana and Eastern District of Pennsylvania. Police in Rome, Italy, then arrested Volkov, and he was extradited to the United States. He pleaded guilty to charges from both indictments."
        https://www.justice.gov/opa/pr/russian-citizen-sentenced-prison-hacking-us-companies-and-enabling-major-cybercrime-groups
        https://thehackernews.com/2026/03/us-sentences-russian-hacker-to-675.html
        https://www.bleepingcomputer.com/news/security/yanluowang-ransomware-access-broker-gets-81-months-in-prison/
        https://therecord.media/hacker-russian-ransomware-sentenced-doj
        https://cyberscoop.com/aleksei-volkov-russian-initial-access-broker-sentenced-ransomware/
        https://www.infosecurity-magazine.com/news/russian-initial-access-broker/
        https://securityaffairs.com/189900/cyber-crime/81-month-sentence-for-russian-hacker-behind-major-ransomware-campaigns.html
        https://www.theregister.com/2026/03/24/russian_iab_sentenced/
        https://www.helpnetsecurity.com/2026/03/24/russian-initial-access-broker-sentenced-ransomware-attacks/
      • Ransomware's New Era: Moving At AI Speed
        "Ransomware is not only growing; threat actors are accelerating the pace of their attacks by using offensive tools to exploit valid credentials and hit targets with speed and precision. The practice has undergone big changes over the past five years. Initially, attacks focused on encrypting data; now, threat actors threaten to extract it to pressure victims into paying. Double-extortion tactics quickly shifted to triple-extortion threats to expose stolen data. Threat actors also transitioned from extorting companies to contacting victims directly — whatever it takes to rake in the cash."
        https://www.darkreading.com/endpoint-security/ransomware-new-era-moving-ai-speed
        https://www.halcyon.ai/lp/2026-security-leadership-survey-report
      • Gcore Radar Report Reveals 150% Surge In DDoS Attacks Year-On-Year
        "Gcore, the global infrastructure and software provider for AI, cloud, network, and security solutions, today announced the findings of its Q3-Q4 2025 Gcore Radar report DDoS attack trends. The report reveals growing attack volumes, increasingly sophisticated tactics, and changes in attack locations driven by evolving botnet infrastructure. The DDoS attack landscape is at a clear inflection point: threats are not just growing; they are accelerating and diversifying. To prevent disruption, businesses must act quickly and adopt integrated solutions capable of detecting intent, analysing behaviour, and responding to threats across multiple attack surfaces."
        https://hackread.com/gcore-radar-report-reveals-150-surge-in-ddos-attacks-year-on-year/
      • Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw
        "OpenClaw is an open-source platform for autonomous AI agents that you can self-host and run locally on your machine for task automation. Taking this platform to task, AI agents are now interacting with one another via an experimental social network for AI agents called Moltbook. Even an experienced AI security researcher at Meta learned that OpenClaw is not without its wild-west frontier status. An AI agent accidentally deleted her emails. This news has again put the spotlight on the nature of authority and agency granted to agentic AI systems, as well as the need for better security and governance."
        https://www.securityweek.com/why-agentic-ai-systems-need-better-governance-lessons-from-openclaw/
      • Poland Faced a Surge In Cyberattacks In 2025, Including a Major Assault On The Energy Sector
        "Poland experienced 2½ times more cyberattacks in 2025 compared to the previous year, and the numbers are constantly rising, a government official said Tuesday. The attacks included a destructive infiltration of the country’s energy system in December that was believed to be unprecedented among NATO and European Union members, and was suspected of originating in Russia. Over the last year, Poland was the target of 270,000 cyberattacks, Deputy Minister of Digital Affairs Paweł Olszewski said Tuesday. “We’ve been waging a war in cyberspace for many years now,” the official said. “The number of incidents and attacks has been increasing significantly and radically year after year.”"
        https://www.securityweek.com/poland-faced-a-surge-in-cyberattacks-in-2025-including-a-major-assault-on-the-energy-sector/
      • Iran Built a Vast Camera Network To Control Dissent. Israel Turned It Into a Targeting Tool
        "The role of Israel’s hijacking of Iran’s street cameras in the killing of the country’s supreme leader underscores how surveillance systems are increasingly being targeted by adversaries in wartime. Hundreds of millions of cameras have been installed above shops, in homes and on street corners across the world, many connected to the internet and poorly secured. Recent advances in artificial intelligence have enabled militaries and intelligence agencies to sift through vast amounts of surveillance footage and identify targets. On Feb. 28, Israel vividly demonstrated the potential of such systems to be hacked and used against adversaries when Israel tracked down Iranian leader Ayatollah Ali Khamenei with the help of Tehran’s own street cameras – despite repeated warnings that Iran’s surveillance systems had been compromised, according to interviews and an Associated Press review of leaked data, public statements and news reports."
        https://www.securityweek.com/iran-built-a-vast-camera-network-to-control-dissent-israel-turned-it-into-a-targeting-tool/
      • Enterprise Cybersecurity Software Fails 20% Of The Time, Warns Absolute Security
        "Endpoint cybersecurity software fails to protect one in five enterprise devices, leaving organizations vulnerable to cyber threats, research by Absolute Security has warned. This protection gap means that organizations face the equivalent of 76 days a year in which they’re providing cybercriminals which increased access to their network, potentially leading to data breaches and downtime. The findings come from Absolute Security’s 2026 Resilience Risk Index. The report, published on March 23, is based on analysis of device-level telemetry across tens of millions of enterprise endpoints, which have been validated as using endpoint management and cybersecurity software."
        https://www.infosecurity-magazine.com/news/cybersecurity-software-failure-20/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 3cd05966-3688-4c80-9919-7200c8be122b-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post