Cyber Threat Intelligence 27 May 2025

NCSA_THAICERT

New Tooling

• LlamaFirewall: Open-Source Framework To Detect And Mitigate AI Centric Security Risks
  "LlamaFirewall is a system-level security framework for LLM-powered applications, built with a modular design to support layered, adaptive defense. It is designed to mitigate a wide spectrum of AI agent security risks including jailbreaking and indirect prompt injection, goal hijacking, and insecure code outputs."
  https://www.helpnetsecurity.com/2025/05/26/llamafirewall-open-source-framework-detect-mitigate-ai-centric-security-risks/

Malware

• SilverRAT Source Code Leaked Online: Here’s What You Need To Know
  "The full source code of SilverRAT, a notorious remote access trojan (RAT), has been leaked online briefly appearing on GitHub under the repository “SilverRAT-FULL-Source-Code” before being swiftly taken down. A snapshot of the repository, captured by Hackread.com via the Wayback Machine, reveals the entire project, its features, build instructions, and even a flashy marketing-style dashboard screenshot."
  https://hackread.com/silverrat-source-code-leaked-online-you-need-to-know/
• CVE-2025-32756: Low-Rise Jeans Are Back And So Are Buffer Overflows
  "On May 13, 2025, FortiGuard Labs published an advisory detailing CVE-2025-32756, which affects a variety of Fortinet products: FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. In their advisory, FortiGuard Labs states that Fortinet has observed this issue being exploited in the wild. The next day, May 14, the vulnerability was added to the CISA KEV catalog."
  https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/
  https://hackread.com/researchers-poc-fortinet-cve-2025-32756-quick-patch/

Breaches/Hacks/Leaks

• Now It’s Tiffany: Another LVMH Luxury Brand Hit By Hackers
  "First it was Dior. Now it’s Tiffany & Co. Seok Nam-jun and Kim Mi-geon report: Tiffany & Co. has confirmed a data breach affecting customers in South Korea, marking the second such incident involving an LVMH Moët Hennessy Louis Vuitton brand after a similar case at Dior. On May 26, Tiffany Korea notified select customers via email of a cybersecurity breach involving unauthorized access to a vendor platform used for managing customer data."
  https://databreaches.net/2025/05/26/now-its-tiffany-another-lvmh-luxury-brand-hit-by-hackers/

General News

• Why Layoffs Increase Cybersecurity Risks
  "A wave of layoffs has swept through the tech industry, leaving IT teams in a rush to revoke all access those employees may have had. Additionally, 54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to be let go, according to General Assembly."
  https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/
• AI Forces Security Leaders To Rethink Hybrid Cloud Strategies
  "Hybrid cloud infrastructure is under mounting strain from the growing influence of AI, according to Gigamon. As cyberthreats increase in both scale and sophistication, breach rates have surged to 55% during the past year, representing a 17% year-on-year rise, with AI-generated attacks emerging as a key driver of this growth."
  https://www.helpnetsecurity.com/2025/05/26/ai-hybrid-cloud-infrastructure-concerns/

อ้างอิง
Electronic Transactions Development Agency(ETDA)