NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    ETDA Cyber Threat Intelligence 13 July 2026

    Cyber Security News
    1
    1
    16
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Only 28% Of Financial Workforce MFA Is Phishing-Resistant
        "Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report. Banks and financial organizations use a mix of authentication methods, combining phishing-resistant technologies with methods that remain vulnerable to phishing attacks."
        https://www.helpnetsecurity.com/2026/07/10/financial-identity-security-trends-report/
      • Fresh ATM Crypto Software Bugs: Jackpot Or Bust?
        "A researcher has discovered nine vulnerabilities in an ATM and corporate security program. The researcher and major ATM manufacturer Diebold Nixdorf disagree, though, about whether it could allow attackers to steal cash or not. At Black Hat USA 2026, Matt Burch, principal security researcher for Atredis Partners, will present nine new vulnerabilities he discovered in CryptWare CryptoPro Secure Disk. CryptoPro, for short, is a full‑disk encryption (FDE) and pre‑boot authentication solution for Windows that, strangely, is marketed to both corporations generally and ATM manufacturers specifically."
        https://www.darkreading.com/vulnerabilities-threats/atm-crypto-software-bugs-jackpot-bust

      Healthcare Sector

      • Healthcare Ransomware Roundup: H1 2026 Stats On Attacks, Ransoms, And Data Breaches
        "During the first six months of 2026, the healthcare sector suffered an average of 2.3 ransomware attacks per day. Attacks increased by nearly 14 percent when compared to H2 2025, rising from 360 to 410. Of the 410 attacks we recorded in H1 2026, 247 were on hospitals, clinics, and other direct care providers. 163 hit businesses operating within the healthcare sector, such as pharmaceutical/medical manufacturers, medical billing providers, and healthcare tech companies. Attacks on healthcare providers rose just over three percent from H2 2025, but attacks on healthcare businesses rose nearly 35 percent."
        https://www.comparitech.com/news/healthcare-ransomware-roundup-h1-2026-stats-on-attacks-ransoms-and-data-breaches/
        https://www.darkreading.com/threat-intelligence/cybercriminals-healthcare-businesses-attacks-surge

      Industrial Sector

      • OpenPLC v3
        "Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution as the OpenPLC runtime user."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-01
      • Schneider Electric PowerChute Serial Shutdown
        "Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-02
      • Schneider Electric Easergy MiCOM Px40 Series
        "Schneider Electric is aware of a vulnerability in its Easergy MiCOM Px40 Series products. The Easergy MiCOM Px40 is a protection relay series for Medium Voltage, High Voltage and Extra High Voltage protection. Failure to apply the mitigations provided below may risk unauthorized exposure of basic device identification through the SNMP protocol."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-03

      Vulnerabilities

      • URGENT - Progress Tells ShareFile Customers To Shut Down Storage Zone Controllers Over Security Threat
        "Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external security experts. It says it has no indication of unauthorized access to any ShareFile accounts or data, and that it notified customers after learning of the threat. What Progress has not said is what the threat is or who is behind it."
        https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html
        https://www.bleepingcomputer.com/news/security/progress-urges-sharefile-customers-to-shut-down-servers-over-credible-threat/
        https://securityaffairs.com/195194/hacking/progress-told-sharefile-customers-to-pull-the-plug-on-their-servers-heres-what-we-know.html
      • Zimbra Urges Customers To Patch Critical Web Client XSS Flaw
        "The Zimbra security team urged customers to patch a critical vulnerability affecting the Classic Web Client used to access the Zimbra Collaboration suite. Zimbra is a very popular email and collaboration software suite used by hundreds of millions of people, including thousands of businesses and hundreds of government agencies worldwide. Also known as the Classic UI, this Ajax-based webmail interface is faster than Zimbra's modern web client, which requires more resources when loading large email folders. The company released Zimbra 10.1.19 this Tuesday to patch this stored cross-site scripting (XSS) security flaw, which has yet to receive a CVE ID for easy tracking. Attackers can exploit this Classic Web Client security issue through specially crafted emails that execute malicious code when the email is opened."
        https://www.bleepingcomputer.com/news/security/zimbra-urges-customers-to-patch-critical-web-client-xss-flaw/
        https://blog.zimbra.com/2026/07/patch-release-update-zimbra-10-1-19/
        https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html
        https://securityaffairs.com/195130/hacking/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes.html
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
        CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/07/10/cisa-adds-two-known-exploited-vulnerabilities-catalog
        https://securityaffairs.com/195164/security/u-s-cisa-adds-icagenda-and-balbooa-forms-flaws-to-its-known-exploited-vulnerabilities-catalog.html
      • Unfit To Boot: Breaking U-Boot's FIT Signature Verification
        "U-Boot is one of the most widely used bootloaders in the world. It runs on a huge variety of hardware, from home routers and smart cameras to the Baseboard Management Controllers (BMCs), which are commonly used to remotely manage servers in large data centres. As a bootloader, its job usually includes initialising the CPU and memory, bringing up the essential peripherals, and finally handing over execution to the next stage of the boot chain."
        https://www.binarly.io/blog/unfit-to-boot-breaking-u-boots-fit-signature-verification
        https://www.bleepingcomputer.com/news/security/new-u-boot-flaws-could-enable-stealthy-firmware-attacks/
        https://thehackernews.com/2026/07/six-new-u-boot-flaws-could-let.html
        https://securityaffairs.com/195150/security/critical-u-boot-bugs-undermine-secure-boot-on-millions-of-devices.html
      • Bypassing Tangem Card Security With a Laser Attack
        "After uncovering a genuine check bypass on the Tangem Android application and a brute-force attack on the card's authentication protocol, the Ledger Donjon turned its attention to the card itself with more advanced tools and sophisticated techniques. What we found is a critical vulnerability that lets an attacker with physical access to a single Tangem card reset its password and steal all associated funds."
        https://donjon.ledger.com/blog/bypassing-tangem-card-security-with-laser-attack/
        https://thehackernews.com/2026/07/laser-attack-resets-tangem-wallet.html
      • I Sent a WhatsApp Message To An AI Agent. It Ran My Code On The Host.
        "There's a particular feeling you get when you watch an AI agent cheerfully execute a payload you just sent it over WhatsApp. It's somewhere between fascination and dread. Like watching someone hold the front door open for a burglar because they said they were from maintenance. Last week, I sent a perfectly normal-looking debugging request to an OpenClaw AI assistant over WhatsApp. Thirty seconds later, I had arbitrary code execution on the host machine. The AI — Claude Sonnet 4, arguably the most safety-aligned model commercially available — didn't just allow it. It helped. It formatted the output nicely and asked if I needed anything else."
        https://medium.com/@chinmohannayak/i-sent-a-whatsapp-message-to-an-ai-agent-it-ran-my-code-on-the-host-adbbcbb0e0ad
        https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html
      • XRING: Crashing XQUIC With Spec-Compliant QPACK Instructions
        "During recent research into the different QUIC stacks for our active TLS scanner, JA4Scan, I found a deterministic remote crash in XQUIC, Alibaba's QUIC and HTTP/3 library, dubbed XRING. XQUIC enables HTTP/3 support for Tengine, the Nginx-based web server Alibaba runs across its cloud and CDN infrastructure, including sites like Taobao or AliPay. A remote, unauthenticated client sends spec-compliant HTTP/3 operation traffic and the server process terminates. The crash requires only 260 bytes of client traffic. Every XQUIC version is impacted. There is no patch available."
        https://foxio.io/blog/xring-crashing-xquic-with-spec-compliant-qpack-instructions
        https://thehackernews.com/2026/07/unpatched-xring-flaw-in-xquic-lets.html
      • Study Of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, And Tracking
        "Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4 billion times. The problems are basic, not sophisticated. 29 apps let user traffic leak outside the encrypted tunnel, including the DNS lookups that reveal which websites you visit. 61 apps send some data in plain text that anyone watching the traffic on that network can read."
        https://thehackernews.com/2026/07/study-of-281-free-android-vpn-apps.html
      • The ‘Ghost’ In The Database: Recovering Active ADFS Signing Keys Via Machine DPAPI
        "The "Golden SAML" technique, first described by CyberArk researchers in 2017, and further detailed by Mandiant researchers in 2021, remains one of the most effective methods for threat actors to forge identity assertions in the Microsoft ecosystem. By obtaining the private key of an ADFS token-signing certificate, an attacker can authenticate as any user to any SAML-federated application, bypassing multifactor authentication (MFA), conditional access, and all identity-based controls."
        https://cloud.google.com/blog/topics/threat-intelligence/recovering-active-adfs-signing-keys-machine-dpapi
      • We Put The Exploit In a Picture. The AI Code Reviewer Never Opened It.
        "Almost nobody reviews the pull request. We surveyed 6,480 pull requests across the 300 most active public repositories of the last ninety days, and 73% of the ones that got merged reached the default branch with no substantive human review and no bot review at all. The thing filling that gap is a new kind of reviewer: an LLM that reads every diff and comments like a human would. Cursor Bugbot and CodeRabbit are the two with real deployment. Hence, we built a pull request that steals a repository's secrets and walks straight past both of them. The trick is that the malicious instruction is not text. It is a picture."
        https://asset-group.github.io/disclosures/ghostcommit/
        https://www.bleepingcomputer.com/news/security/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets/

      Malware

      • Malicious Go Module Exposes GitHub Malware Lure Network Spanning 222 Repositories
        "Our investigation began with a malicious Go module, github[.]com/kaleidora/dnsub-scanning-tool, that posed as a DNS/subdomain scanner. The module did more than impersonate a developer utility: it exposed a Windows malware-staging chain that used hidden PowerShell execution, public dead-drop resolution, protected archive delivery, and RAT/infostealer deployment. Pivoting from that module revealed the larger finding: a GitHub-based lure network of 222 confirmed repositories across 190 accounts, built to make malicious or deceptive software projects look active, plausible, and recently maintained."
        https://socket.dev/blog/malicious-go-module-exposes-github-malware-lure-network
        https://www.securityweek.com/network-of-200-github-repositories-used-for-malware-infection/
        https://securityaffairs.com/195101/security/222-github-repositories-linked-to-fake-go-package-malware-operation.html
      • One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement
        "Suspected China- and India-nexus threat actors carried out intrusions into several Pakistani law enforcement organizations between 2024 and 2026. Our analysis of C2 netflow data revealed that suspected China- and India-nexus threat actors operating PlugX, ShadowPad, Cobalt Strike, and Remcos infrastructure have converged on this victim class. All of these threat actors were active against Balochistan Police, the principal police force serving the Pakistani province of the same name, at various points between 2024 and 2026."
        https://www.sentinelone.com/labs/one-target-china-india-espionage-converge-on-pakistani-law-enforcement/
        https://therecord.media/china-india-ran-separate-spy-campaigns-against-same-police-force
        https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html
        https://www.securityweek.com/china-india-linked-hackers-both-targeted-same-pakistani-police-force/
      • Operation Phnom Penh: Silver Fox Ghost Distributor Targets Specific Victims With MODBEACON Custom Trojan
        ""Silver Fox / UTG-Q-1000" has long been regarded as a byword for low-sophistication, high-activity cybercriminal operations that distribute counterfeit software via SEO channels. However, behind the scenes lies an organizational structure resembling foreign Malware-as-a-Service (MaaS), composed of multiple distributors. These distributors conduct activities across Asia using counterfeit software installers distributed through SEO campaigns, leveraging variants of Ghost and WinOS (ValleyRat) trojan families. In 2025, we countered one such distributor[1], whose remote-control objective was limited to delivering fraud links in IM group chats, with no involvement in information theft or political motives."
        https://ti.qianxin.com/blog/articles/operation-phnom-penh-silverfox-ghost-distributor-targets-specific-victims-with-modbeacon-en/
        https://thehackernews.com/2026/07/new-modbeacon-rat-uses-grpc-streaming.html
      • How WP-SHELLSTORM Exposed 1.4M WordPress Sites
        "Every so often, a threat actor’s mistake hands over the keys to their entire operation. That’s what happened here: a Python SimpleHTTPServer instance, left open for 22 days, exposed the full toolkit, logs, and target lists of a professional, financially motivated cybercrime group. The SOCRadar Threat Intelligence Team found it. What turned up, now tracked as WP-SHELLSTORM, is a modern webshell access-brokerage operation: over 1.4 million targeted domains, 27 CVEs weaponized, more than 5,700 active webshells, and a second, quieter campaign hitting enterprise Java infrastructure that hasn’t surfaced in other public reporting on this actor."
        https://socradar.io/blog/wp-shellstorm-expose-1-4m-wordpress-sites/
        https://thehackernews.com/2026/07/exposed-hacker-server-reveals-wp.html
      • Attackers Exploit 'Ill Bloom' Vulnerability To Drain Over $5 Million From Cryptocurrency Wallets
        "Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out and take everything it controls. The firm has confirmed one coordinated sweep on May 27 that drained about $3.1 million from 431 wallets, and it told The Hacker News that a further $2.1 million in USDT was stolen from an exposed wallet afterward, pushing confirmed losses past $5 million."
        https://thehackernews.com/2026/07/attackers-exploit-ill-bloom.html
      • No Manners Here: The Ruthless Rise Of The Gentlemen Ransomware
        "The Gentlemen (aka Storm-2697) is a Ransomware-as-a-Service (RaaS) program active since at least July 2025. Public reporting indicates that the operators were likely active months earlier as an affiliate (known as ArmCorp) of Qilin RaaS, which Unit 42 tracks as Spikey Scorpius. Their ransomware variants are written in both C and Go programming languages, enabling the threat actors to spread their encryptors across different operating systems and virtual infrastructure. Figure 1 below illustrates the desktop wallpaper used by the ransomware after deployment."
        https://unit42.paloaltonetworks.com/the-gentlemen-ransomware/
      • Deadlock Ransomware Group
        "DeadLock is a financially motivated ransomware group that emerged in mid-July 2025. The group employs double extortion tactics, demanding ransom payments in cryptocurrencies while threatening to sell stolen data on underground markets. They utilize innovative techniques, such as blockchain smart contracts, to manage their command-and-control infrastructure, enhancing their evasion capabilities."
        https://socradar.io/free-tools/ransomware-intelligence/groups/deadlock
      • Jscrambler Npm Package Publishes Malicious Preinstall Binary
        "On July 11, 2026, version 8.14.0 of jscrambler was published to npm carrying a malicious preinstall hook that drops and executes a platform-specific native binary on Linux, Windows, and macOS. jscrambler is the official CLI client for the Jscrambler Code Integrity API, a commercial JavaScript obfuscation and web-app protection service, with a clean version history dating back to 0.1.0. The compromised release was flagged by StepSecurity's AI Release Analyzer with a suspicion score of 0 (the maximum suspicion rating) on publish."
        https://www.stepsecurity.io/blog/jscrambler-npm-package-publishes-malicious-preinstall-binary
        https://safedep.io/jscrambler-npm-supply-chain-compromise/
        https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html

      Breaches/Hacks/Leaks

      • Police Suspects Dutch Hackers Were Involved In Odido Breach
        "The Dutch National Police (Politie) says it has found "strong indications" that Dutch hackers have been involved in a February breach at the telecommunications provider Odido. "This includes a telephone conversation that was made with Odido customer service shortly before the hack. In this conversation, a Dutch-speaking man posed as Odido's IT employee. The company was then misled through phishing, after which the data theft took place," the police said in a Thursday press release."
        https://www.bleepingcomputer.com/news/security/police-suspects-dutch-hackers-were-involved-in-odido-breach/
        https://therecord.media/dutch-police-suspect-dutch-accomplice-in-odido-cyberattack
      • Fashion Mart Miinto Unzips Breach Details, Warns Shoppers To Watch For Phisherfolk
        "Danish ecommerce company Miinto admitted an intruder has been looking at its order data, according to emails it sent to customers this week. The emails, seen by The Register, do not comment on the scale of the data accessed by the perp or how exactly the breach occurred, although UK-based customers of the Copenhagen-HQ'd biz have received them. “We are writing to let you know about a security incident that may have affected some of the personal data associated with a purchase you made on Miinto,” the email states."
        https://www.theregister.com/security/2026/07/10/miinto-fesses-up-to-breach-says-customers-open-to-phishing/5269891

      General News

      • The Open Source Library Holding Up Your Stack Might Have One Maintainer
        "Every serious software product runs on code that someone else wrote and released for free. A web service leans on a cryptography library, a data pipeline pulls in a parser, and a mobile app ships a handful of small utilities that one person maintains in spare time. All of it carries the same label. A new paper argues that the single label hides differences large enough to change how each piece behaves once it lands in production. Researchers sorted open source software into fourteen sub-genres, each defined by who starts and sustains a project and to what end. Their review screened close to four thousand unique papers drawn from two scholarly indexes. The result is a typology, along with an argument that the kind of project a study samples sets how far its conclusions travel."
        https://www.helpnetsecurity.com/2026/07/10/open-source-software-library-types/
        https://arxiv.org/pdf/2607.01750
      • Most Data Brokers Won’t Tell You What Happened To Your Deletion Request
        "Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and government agencies. California gives residents a way to push back. You can ask a broker to delete your records, or to stop selling and sharing them. A team at UC Irvine decided to find out what happens when someone sends those requests to the whole California registry. The answer gives consumers little comfort. The researchers sent deletion and opt-out requests to every reachable broker on California’s public list in the fall of 2025. That worked out to 322 deletion requests and close to 360 opt-out requests. To keep real people out of the mix, they built two made-up identities, one for each request type, each with a working email address and a plausible California address."
        https://www.helpnetsecurity.com/2026/07/10/trouble-with-data-broker-deletion-requests/
        https://arxiv.org/pdf/2607.04552
      • Evolving Windows Vulnerability Management To Meet The Speed Of AI-Powered Discovery
        "Windows has adapted to emerging threats for decades, all while operating at unparalleled scale. It’s our responsibility to bring clarity, transparency and sustained investment so customers understand what is happening, what Microsoft is doing and how they can reduce their exposure. The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis. The fastest way to reduce customer exposure is to find issues before attackers can use them. Windows is expanding its ability across the platform to find issues earlier, accelerate the engineering work to fix them, strengthen validation and deliver timely, high-quality updates that keep customers protected."
        https://blogs.windows.com/windowsexperience/2026/07/09/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery/
        https://www.theregister.com/security/2026/07/10/microsoft-warns-customers-ai-will-mean-busier-patch-tuesdays/5269618
        https://www.infosecurity-magazine.com/news/microsoft-increase-number-security/
      • Armenian National Extradited To The United States Pleads Guilty To Ransomware Extortion Conspiracy
        "An Armenian national extradited from Ukraine to the United States pleaded guilty yesterday for his role in Ryuk ransomware attacks and an extortion conspiracy targeting companies throughout the United States, including a technology company operating in Oregon. Karen Serobovich Vardanyan, 34, pleaded guilty to conspiracy and computer fraud."
        https://www.justice.gov/usao-or/pr/armenian-national-extradited-united-states-pleads-guilty-ransomware-extortion-conspiracy
        https://www.bleepingcomputer.com/news/security/ryuk-ransomware-member-pleads-guilty-in-the-us-faces-15-years-in-prison/
        https://therecord.media/ryuk-operator-pleads-guilty-alphv-conspirator-sentenced
        https://cyberscoop.com/karen-vardanyan-armenian-ryuk-ransomware-guilty/
        https://securityaffairs.com/195216/uncategorized/ryuk-ransomware-member-pleads-guilty-over-attacks-on-u-s-organizations.html
      • Man Serving Federal Prison Sentence Charged With Theft Of Forfeited Cryptocurrency
        "Rossen G. Iossifov, 53, a Bulgarian national, made an initial appearance in federal court in the Eastern District of Kentucky yesterday on charges of the destruction or removal of property to prevent seizure, aiding and abetting, and conspiracy to commit money laundering. The charges stem from Iossifov’s alleged role in the unauthorized withdrawal and transfer of approximately $290,000 in cryptocurrency that had been seized and forfeited by the United States."
        https://www.justice.gov/opa/pr/man-serving-federal-prison-sentence-charged-theft-forfeited-cryptocurrency
        https://www.bleepingcomputer.com/news/security/money-launderer-accused-of-stealing-seized-crypto-while-in-prison/
      • Lessons From CISA’s Cyber Incident
        "Sharing experiences from incident response activities help other organizations learn from such experiences and enables them to take necessary precautions to prevent similar incidents from happening in their environments. For years, CISA has said this type of information exchange is critical to identifying trends and contributing to broader national awareness. Now, it is our turn. On Friday, May 15, CISA began an internal incident response when an investigative reporter inquired about internal CISA Amazon AWS GovCloud Keys and other information being made available in a public repository. The reporter received this information from a security researcher whose company continuously scans public code repositories."
        https://www.cisa.gov/news-events/news/lessons-cisas-cyber-incident
        https://www.infosecurity-magazine.com/news/cisa-incident-response-exposed-aws/
      • When Cyberattacks Turn Physical: Threats Of Violence In Digital Extortion
        "Cyberattacks have always had real‑world consequences. A ransomware incident can halt production, delay patient care or shut down public services. But until recently, most attacks relied strictly on digital leverage: encrypt data, threaten to leak it and demand payment. Threat intelligence and industry reporting now point to a clear shift toward hybrid attacks that combine cyber intrusion, psychological pressure and real-world intimidation. In practical terms, attackers are no longer satisfied with controlling systems. They are increasingly trying to control outcomes and influence decisions and behavior by introducing fear that extends beyond the network."
        https://blog.barracuda.com/2026/07/09/cyberattacks-physical-threats-ransomware-trend
      • Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018
        "Ransomnews has independently confirmed 9,291 ransomware attacks worldwide between January 2018 and July 2026, tracking incidents only when verified through victim disclosures, regulatory filings, official statements, or credible press reporting. Leak-site listings alone don’t qualify, operators inflate, duplicate, and occasionally fabricate claims. The result is a dataset that’s smaller than what most ransomware statistics cite, and more defensible. “Confirmed ransomware attacks have run at roughly 1,400 to 1,550 per year since 2023, after a visible dip in 2022. The 2020 to 2021 surge, the 2022 trough (which coincided with the Conti shutdown and the Russia-Ukraine war reshuffling the ecosystem), and the post-2023 plateau are all visible in the yearly series. The current year always shows a partial count.” reads the Ransomnews ‘s report."
        https://securityaffairs.com/195117/cyber-crime/ransomware-never-stopped-over-9000-confirmed-attacks-since-2018.html

      อ้างอิง

      Electronic Transactions Development Agency (ETDA) 19eb53a0-3599-46c5-a7a9-0537ec9ea7f8-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post