NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 13 May 2026

    Cyber Security News
    1
    1
    7
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • SAP Fixes Critical Vulnerabilities In Commerce Cloud And S/4HANA
        "SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in Commerce Cloud and S/4HANA. Commerce Cloud is an enterprise-grade e-commerce platform used by online stores owned by large retailers and global brands, while S/4HANA is a cloud-based Enterprise Resource Planning (ERP) suite that will replace the company's on-premises ECC ERP system. Tracked as CVE-2026-34263, the first critical flaw is a missing authentication check in SAP Commerce Cloud that allows unauthenticated attackers to execute code on vulnerable servers."
        https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-commerce-cloud-and-s-4hana/
        https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html
        https://www.securityweek.com/sap-patches-critical-s-4hana-commerce-vulnerabilities/
      • Adobe Patches 52 Vulnerabilities In 10 Products
        "Adobe on Tuesday announced the release of patches for 52 vulnerabilities across 10 products, including critical-severity bugs that could lead to code execution and privilege escalation. More than half of the weaknesses Adobe addressed this month could be exploited for arbitrary code execution. Application denial-of-service (DoS) was the second most common type of resolved issue. When it comes to the severity of the resolved vulnerabilities, the Adobe Connect update takes the lead. It addresses two critical-severity flaws that could be exploited for arbitrary code execution (CVE-2026-34659, CVSS score of 9.6) and privilege escalation (CVE-2026-34660, CVSS score of 9.3)."
        https://www.securityweek.com/adobe-patches-52-vulnerabilities-in-10-products/
      • New Exim BDAT Vulnerability Exposes GnuTLS Builds To Potential Code Execution
        "Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free vulnerability in Exim's binary data transmission (BDAT) message body parsing when a TLS connection is handled by GnuTLS."
        https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html
        https://www.exim.org/static/doc/security/EXIM-Security-2026-05-01.1/EXIM-Security-2026-05-01.1.txt
      • Fortinet Warns Of Critical RCE Flaws In FortiSandbox And FortiAuthenticator
        "Fortinet has released security updates to address two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code on unpatched systems. The first one, tracked as CVE-2026-44277, impacts the company's FortiAuthenticator Identity and Access Management (IAM) solution and was patched in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3. "An Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests," Fortinet said in a Tuesday advisory."
        https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-fortiauthenticator/
        https://fortiguard.fortinet.com/psirt/FG-IR-26-128
      • Microsoft May 2026 Patch Tuesday Fixes 120 Flaws, No Zero-Days
        "Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed. This Patch Tuesday addresses 17 "Critical" vulnerabilities, 14 of which are remote code execution, 2 are elevation of privilege, and 1 is an information disclosure flaw. The number of bugs in each vulnerability category is listed below:"
        https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days/
        https://blog.talosintelligence.com/microsoft-patch-tuesday-may-2026/
        https://www.darkreading.com/application-security/patch-tuesday-microsoft-zero-day-sight
        https://cyberscoop.com/microsoft-patch-tuesday-may-2026/
        https://www.securityweek.com/microsoft-patches-137-vulnerabilities/
        https://www.theregister.com/patches/2026/05/13/doozy-of-a-patch-tuesday-includes-30-critical-microsoft-cves/5239224
      • Apple Patches Dozens Of Vulnerabilities In MacOS, iOS
        "Apple on Monday published 11 new security advisories to inform customers about dozens of vulnerabilities patched in its operating systems. iOS and iPadOS 26.5 address more than 60 CVEs, including 20 WebKit issues that can lead to crashes, exposure of sensitive user data, and security bypasses. Other vulnerabilities can be exploited for DoS attacks, security bypass, sandbox escape, access to sensitive user data, privilege escalation, and user tracking. Dozens of the vulnerabilities patched in the latest iOS and iPadOS versions were also addressed by Apple with the release of macOS Tahoe 26.5, which resolves nearly 80 vulnerabilities."
        https://www.securityweek.com/apple-patches-dozens-of-vulnerabilities-in-macos-ios/
        https://thehackernews.com/2026/05/ios-265-brings-default-end-to-end.html
      • Microsoft Releases Windows 10 KB5087544 Extended Security Update
        "Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings. If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.'"
        https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5087544-extended-security-update/
      • Claude Mythos Finds Only One Curl Vulnerability; Experts Divided On What It Really Means
        "A test of Anthropic’s restricted Claude Mythos model found just one low-severity vulnerability in the widely used open source data transfer tool curl, casting doubt on the AI company’s bold claims, though some argue the results say more about curl’s robust security than Mythos’ limitations. Daniel Stenberg, the lead developer of curl, revealed in a blog post on Monday that he was recently given the opportunity to test the Claude Mythos frontier AI model, which Anthropic claimed had identified thousands of zero-days in the weeks leading up to its launch. Anthropic is offering Mythos only to a few dozen major organizations as part of a restricted program due to concerns about potential misuse."
        https://www.securityweek.com/claude-mythos-finds-only-one-curl-vulnerability-experts-divided-on-what-it-really-means/
      • Pwn2Own Berlin 2026 Hits Capacity As Rejected Hackers Release 0-Days
        "The world’s most famous hacking contest is facing a crisis it didn’t see coming. For the first time in 19 years, Pwn2Own Berlin 2026 has reportedly run out of space. The event, run by Trend Micro’s Zero Day Initiative (ZDI), hit a hard limit on how many hackers it can actually host. For your information, Pwn2Own is a live competition where experts detect zero-day vulnerabilities."
        https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/

      Malware

      • Free OnlyFans Lure Used To Spread Cross-Platform CRPx0 Malware
        "OnlyFans – an attractive brand for hopeful users and their attackers. CRPx0 is a complex, stealthy and persistent malware campaign. It currently targets macOS and Windows systems, and appears to have Linux capabilities in development. It currently comprises cryptocurrency theft followed by large scale data exfiltration and ransomware. The campaign has been analyzed (PDF) in detail by Aryaka Threat Research Labs."
        https://www.securityweek.com/free-onlyfans-lure-used-to-spread-cross-platform-crpx0-malware/
        https://www.aryaka.com/docs/reports/crpx0-ransomware-operations-report.pdf
      • RubyGems Suspends New Signups After Hundreds Of Malicious Packages Are Uploaded
        "ubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on Ruby Gems right now," Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. "Signups are paused for the time being. Hundreds of packages involved – mostly targeting us, but some carrying exploits." Visitors to RubyGems' sign up page are now greeted with the message: "New account registration has been temporarily disabled.""
        https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html
      • Foxconn Confirms Cyberattack Impacting North American Factories
        "Taiwanese electronics manufacturer Foxconn said factories in North America are resuming their normal production cycles after a cyberattack affected several facilities. A spokesperson for the company confirmed the incident but declined to provide specifics on how many factories in North America were impacted. Foxconn has factories in Wisconsin, Ohio, Texas, Virginia, Indiana and several across Mexico. “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production,” the spokesperson said."
        https://therecord.media/foxconn-confirms-cyberattack-north-american-factories
        https://www.theregister.com/cyber-crime/2026/05/12/foxconn-confirms-cyberattack-after-nitrogen-claims-apple-nvidia-data-theft/5239144
      • Vibe Hacking: Two AI-Augmented Campaigns Target Government And Financial Sectors In Latin America
        "Threat actors using AI is an unsurprising and even long-predicted development. In a case in point, TrendAI™ Research has identified two emerging threat campaigns that used agentic AI to drive intrusion operations against government entities and financial organizations across several countries in Latin America. Though evidence suggests that the two groups are likely separate entities, they share strikingly similar tactics, as we detail in this report. This degree of overlap suggests that AI-assisted attacks are becoming a broader pattern among threat actor groups."
        https://www.trendmicro.com/en_us/research/26/e/vibe-hacking-two-ai-augmented-campaigns-target-government-and-financial-sectors-in-latin-america.html
      • Attackers Combine ClickFix With PySoxy Proxying To Maintain Persistence
        "Cybercriminals have combined ClickFix attacks with PySoxy, a 10-year-old open-source Python SOCKS5 proxy, to maintain persistence on victims’ machines without malware, even after attempts at removal. The campaign has been detailed by cybersecurity researchers at ReliaQuest, who warned that it shows that ClickFix attacks are moving beyond one-time user execution into modular post-exploitation, making the attacks harder to identify and contain. ClickFix, is a social engineering tactic which tricks users into unwittingly running malicious commands or downloading harmful payloads onto their own machines. It has become a widely deployed method of distributing malware or stealing login credentials."
        https://www.infosecurity-magazine.com/news/clickfix-combined-pysoxy-proxying/
      • Lorem Ipsum Malware: Trojanized MS Teams Installers Deliver Multi-Stage Loader And Backdoor
        "BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) security researchers have been tracking an emerging, rapidly maturing threat group conducting a global SEO-poisoning campaign that distributes trojanized Microsoft Teams installers. These installers ultimately deploy a multi-stage shellcode loader and backdoor BlueVoyant has designated Lorem Ipsum. Active since at least February 2026, the campaign opportunistically targets users searching for Microsoft Teams across at least six countries, with a US-based healthcare-sector client confirmed as targeted, with successful BlueVoyant interdiction. In roughly ten weeks, the operators evolved from a minimally obfuscated test build into an operationally mature loader chain featuring substitution cipher decoding, XOR-encrypted shellcode stubs, DLL sideloading, JFIF-disguised C2 traffic, and a per-victim UUID-tracked callback architecture. Most distinctively, the loader abuses letsdiskuss[.]com, a legitimate India-based question-and-answer/blogging platform, as a dead-drop resolver for C2 infrastructure across at least four attacker-controlled profiles."
        https://www.bluevoyant.com/blog/lorem-ipsum-trojanized-microsoft-teams-installers-multi-stage-loader-backdoor
      • Python Backdoor Threat Analysis Following An AI Deepfake Impersonation Campaign
        "Genians Security Center identified a threat campaign suspected of being associated with APT37 that combines an obfuscated batch file command invocation technique with Compiled Python-based malware. This threat is distributed through email-based spear phishing in the form of ZIP-compressed files and begins by inducing the user to execute an LNK shortcut file contained inside. When the user runs the file, the actual command is reconstructed through an environment variable-based substring expansion technique, after which additional payloads are downloaded and executed sequentially."
        https://www.genians.co.kr/en/blog/threat_intelligence/python

      Breaches/Hacks/Leaks

      • Instructure Reaches 'agreement' With ShinyHunters To Stop Data Leak
        "Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. The company says over 30 million educators and students use its Canvas platform across more than 8,000 schools and universities worldwide. In a Tuesday statement, Instructure said the cybercrime gang also returned the stolen data (which includes usernames, email addresses, course names, enrollment information, and messages) and provided shred logs confirming its destruction."
        https://www.bleepingcomputer.com/news/security/instructure-reaches-agreement-with-shinyhunters-to-stop-data-leak/
        https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html
        https://therecord.media/instructure-pays-ransom-canvas-incident-congress-investigation
        https://www.malwarebytes.com/blog/news/2026/05/stolen-canvas-data-was-returned-after-hacker-agreement-instructure-says
        https://www.securityweek.com/deal-reached-with-hackers-to-delete-data-stolen-from-the-canvas-educational-platform/
      • West Pharmaceutical Services Hit By Disruptive Ransomware Attack
        "Pennsylvania pharma giant West Pharmaceutical Services is scrambling to restore systems impacted by a ransomware attack last week. The incident, the company says in an incident notice, occurred on May 4 and prompted the “proactive shutdown and isolation of affected on-premise infrastructure”. The containment measure disrupted the company’s business operations globally, West Pharmaceutical Services said in a Monday filing with the Securities and Exchange Commission (SEC)."
        https://www.securityweek.com/west-pharmaceutical-services-hit-by-disruptive-ransomware-attack/
        https://therecord.media/west-pharmaceutical-warns-of-ransomware-attack-impacting-operations

      General News

      • April 2026 Threat Trend Report On Ransomware
        "this report summarizes ransomware-related statistics based on Dedicated Leak Sites (DLS) (ransomware PR sites or PR pages) and Quantity of ransomware damaged systems identified during the month of April 2026. it also provides major ransomware issues in Korea and abroad and Damage Trends by Industry/Region."
        https://asec.ahnlab.com/en/93657/
      • Cyber Threats Spike In April 2026 As Ransomware Expands And Attack Volumes Climb After Short-Lived Moderation
        "In April 2026, global cyber-attack activity rebounded sharply following the brief moderation observed in March. Organizations experienced an average of 2,201 weekly cyber-attacks, representing a 10% increase month over month and an 8% increase year over year. This reversal underscores the volatility of today’s threat landscape. After three consecutive months of gradual decline, April’s data confirms that the earlier easing was temporary rather than structural. Attackers continue to leverage automation, expanded digital footprints, and exposed cloud and GenAI environments to sustain elevated pressure across industries and regions."
        https://blog.checkpoint.com/research/cyber-threats-spike-in-april-2026-as-ransomware-expands-and-attack-volumes-climb-after-short-lived-moderation/
      • State-Sponsored Actors, Better Known As The Friends You Don’t Want
        "Most organizations operate under the assumption that anything residing within their trust boundary is trustworthy. Software arrives from vetted vendors, employees pass background checks, cloud providers hold compliance certifications, and build pipelines produce signed artifacts. In practice, these assumptions are rarely scrutinized, and state-sponsored actors have constructed their operational methodology around exploiting precisely this gap. They operate inside the trust boundary, using trusted tools, holding valid credentials, and performing actions that appear entirely authorized. Conventional security architecture is not designed to identify this, and that limitation warrants acknowledgment before turning to what incident response looks like when the adversary is a state-sponsored."
        https://blog.talosintelligence.com/state-sponsored-actors-better-known-as-the-friends-you-dont-want/
      • State Of Ransomware In 2026
        "With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its annual report on the evolving global and regional ransomware cyberthreat landscape. Ransomware remains one of the most persistent and adaptive cyberthreats. In 2026:"
        https://securelist.com/state-of-ransomware-in-2026/119761/
      • WannaCry, The Ransomware Attack That Changed The History Of Cybersecurity
        "In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant events in recent cybersecurity history, not only for its global scale but also for the technical and geopolitical implications it raised. Analyzing its history means understanding how known vulnerabilities, advanced tools, and delays in mitigation can converge into an event capable of disrupting critical infrastructure worldwide."
        https://securityaffairs.com/192015/malware/wannacry-the-ransomware-attack-that-changed-the-history-of-cybersecurity.html
      • Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
        "For decades, the Security Operations Center (SOC) has been the beating heart of enterprise defense. Analysts monitor dashboards, triage alerts, and investigate incidents around the clock. The SOC is often portrayed as the last line of defense—a place where intelligence meets action. And yet, if we are honest, the SOC as we know it is already obsolete. Not because analysts aren’t skilled or diligent, but because the very nature of cyber threats has changed faster than our operational models can keep up."
        https://www.securityweek.com/is-the-soc-obsolete-and-we-just-havent-admitted-it-yet/
      • Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended
        "The notorious hacking group ShinyHunters, recently linked to the large-scale compromise and defacement of Instructure’s Canvas LMS platform, claims its official clearnet domain has been suspended by the domain registry, fueling online speculation that the site may have been targeted following the group’s recent attacks. The issue surfaced on Monday, May 11, 2026, when the group’s public-facing domain, shinyhunte[.]rs, suddenly went offline. Soon after, rumors spread across underground forums and social media platforms suggesting the domain may have been seized by law enforcement agencies, including speculation about possible FBI involvement."
        https://hackread.com/canvas-hackers-shinyhunters-official-domain-suspended/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 98db3465-d799-4e63-8dca-ba7e43509a7a-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post