NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 20 August 2025

    Cyber Security News
    1
    1
    418
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Siemens Mendix SAML Module
        "Successful exploitation of this vulnerability could allow unauthenticated remote attackers to hijack an account in specific SSO configurations."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-231-02
      • Siemens Desigo CC Product Family And SENTRON Powermanager
        "Successful exploitation of this vulnerability could allow privilege escalation."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-231-01

      Vulnerabilities

      • New Research Links VPN Apps, Highlights Security Deficiencies
        "Nearly two dozen VPN applications in Google Play contain security weaknesses impacting the privacy of their users, exposing transmitted data to decryption, a new Citizen Lab report shows. Furthermore, the VPN providers that offer these applications can be linked to one another, although they claim to be separate entities and use various means to hide their true identities. Starting from previous reports linking Innovative Connecting, Autumn Breeze, and Lemon Clove, three VPN providers claiming to be based in Singapore, to a Chinese national, Citizen Lab’s analysis identified additional connections between their applications, and linked other VPN apps and their providers."
        https://www.securityweek.com/new-research-links-vpn-apps-highlights-security-deficiencies/
        https://www.petsymposium.org/foci/2025/foci-2025-0008.pdf
        https://hackread.com/citizen-lab-vpn-networks-sharing-ownership-security-flaws/
        https://www.helpnetsecurity.com/2025/08/19/android-vpn-apps-used-by-millions-are-covertly-connected-and-insecure/
      • Elastic Response To Blog ‘EDR 0-Day Vulnerability’
        "On August 16, 2025, Elastic’s Information Security team became aware of a blog and social media posts suggesting an alleged vulnerability in Elastic Defend. Having conducted a thorough investigation, Elastic’s Security Engineering team has found no evidence supporting the claims of a vulnerability that bypasses EDR monitoring and enables remote code execution. While the researcher claims to be able to trigger a crash/BSOD in the Elastic Endpoint driver from an unprivileged process, the only demonstration they have provided does so from another kernel driver."
        https://www.elastic.co/blog/elastic-response-edr-0-day-vulnerability-blog
        https://www.bleepingcomputer.com/news/security/elastic-rejects-claims-of-a-zero-day-rce-flaw-in-defend-edr/
      • Don't Want Drive-By Ollama Attackers Snooping On Your Local Chats? Patch Now
        "A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks to, in extreme cases by serving poisoned models. GitLab's Security Operations senior manager Chris Moberly found and reported the flaw in Ollama Desktop v0.10.0 to the project's maintainers on July 31. According to Moberly, the team fixed the issue within hours and released the patched software in v0.10.1 — so make sure you've applied the update because Moberly on Tuesday published a technical writeup about the attack along with proof-of-concept exploit code."
        https://www.theregister.com/2025/08/19/ollama_driveby_attack/

      Malware

      • New Exploit For Critical SAP Vulnerability CVE-2025-31324 Released In The Wild
        "Today on X (formerly Twitter), VX Underground published1 a working and weaponized exploit for the critical SAP vulnerability, CVE-2025-31324. This exploit was allegedly released by “Scattered LAPSUS$ Hunters – ShinyHunters” on a Telegram group. This vulnerability has been recently exploited as a zero-day by multiple sophisticated threat actor groups and later patched by SAP in Security Note 3594142 for CVE-2025-31324 and Security Note 3604119 for CVE-2025-42999."
        https://onapsis.com/blog/new-exploit-for-cve-2025-31324/
        https://thehackernews.com/2025/08/public-exploit-for-chained-sap-flaws.html
        https://www.securityweek.com/new-exploit-poses-threat-to-sap-netweaver-instances/
        https://www.infosecurity-magazine.com/news/sap-netweaver-flaw-exploit-released/
      • The Coordinated Embassy Hunt: Unmasking The DPRK-Linked GitHub C2 Espionage Campaign
        "The Trellix Advanced Research Center uncovered a sophisticated espionage operation targeting diplomatic missions across several regions in South Korea during early 2025. Between March and July 2025, DPRK-linked actors are believed to have carried out at least 19 spear-phishing email attacks against embassies worldwide, impersonating trusted diplomatic contacts and luring embassy staff with credible meeting invites, official letters, and event invitations."
        https://www.trellix.com/blogs/research/dprk-linked-github-c2-espionage-campaign/
        https://www.bleepingcomputer.com/news/security/xenorat-malware-campaign-hits-multiple-embassies-in-south-korea/
        https://therecord.media/north-korean-hackers-target-foreign-embassies
      • GodRAT – New RAT Targeting Financial Institutions
        "In September 2024, we detected malicious activity targeting financial (trading and brokerage) firms through the distribution of malicious .scr (screen saver) files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRAT, which is based on the Gh0st RAT codebase. To evade detection, the attackers used steganography to embed shellcode within image files. This shellcode downloads GodRAT from a Command-and-Control (C2) server."
        https://securelist.com/godrat/117119/
        https://thehackernews.com/2025/08/new-godrat-trojan-targets-trading-firms.html
      • SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen
        "Most people turn to a VPN for one reason: privacy. And with its verified badge, featured placement, and 100k+ installs, FreeVPN.One looked like a safe choice. But once it’s in your browser, it’s not working to keep you safe, it’s continuously watching you. Think about your own daily browsing like opening a Google Sheet with sensitive company information, logging into your bank account, browsing a dating app, or viewing private family photos."
        https://koi-security.webflow.io/blog/spyvpn-the-vpn-that-secretly-captures-your-screen#heading-3
        https://www.infosecurity-magazine.com/news/chrome-vpn-extension-spyware/
      • Patching For Persistence: How DripDropper Linux Malware Moves Through The Cloud
        "Red Canary detected an adversary exploiting CVE-2023-46604 in Apache ActiveMQ to gain persistent access on cloud Linux systems, patching the exploited vulnerability after securing initial access to secure their foothold and evade detection."
        https://redcanary.com/blog/threat-intelligence/dripdropper-linux-malware/
        https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html
        https://www.darkreading.com/cyberattacks-data-breaches/dripdropper-hackers-patch-own-exploit
        https://www.infosecurity-magazine.com/news/attacker-patches-vulnerability/
        https://www.theregister.com/2025/08/19/apache_activemq_patch_malware/
      • RingReaper Linux Malware: EDR Evasion Tactics And Technical Analysis
        "RingReaper is a sophisticated post-exploitation agent designed for Linux environments, built to facilitate covert operations while evading Endpoint Detection and Response (EDR) solutions. It exploits the Linux kernel’s modern asynchronous I/O interface, io_uring, to minimize reliance on conventional system calls that security tools frequently monitor or hook. Instead of invoking standard functions such as read, write, recv, send, or connect, RingReaper employs io_uringprimitives (e.g., io_uring_prep_*) to execute equivalent operations asynchronously. This method helps bypass hook-based detection mechanisms and reduces the visibility of malicious activity in telemetry commonly gathered by EDR platforms."
        https://www.picussecurity.com/resource/blog/ringreaper-linux-malware-edr-evasion-tactics-and-technical-analysis
        https://www.darkreading.com/cyber-risk/ringreaper-sneaks-past-linux-edrs
      • Proactive Security Insights For SharePoint Attacks (CVE-2025-53770 And CVE-2025-53771)
        "CVE-2025-53770 and CVE-2025-53771 are a pair of vulnerabilities affecting Microsoft SharePoint Servers. Attacks exploiting CVE-2025-53770 in the wild were first reported by Eye Security on July 18; these vulnerabilities are currently being actively exploited to compromise on-premises SharePoint environments worldwide. Trend™ Research has independently verified these findings. Both of these flaws build on CVE-2025-49706 and CVE-2025-49704, the initial vulnerabilities in Microsoft SharePoint that were disclosed during Pwn2Own Berlin 2025 by Viettel Cyber Security as part of a chained attack. These were patched as part of the July 2025 Patch Tuesday cycle. However, further analysis revealed that the initial patches were not fully complete, which necessitated the release of CVE-2025-53770 and CVE-2025-53771."
        https://www.trendmicro.com/en_us/research/25/g/cve-2025-53770-and-cve-2025-53771-sharepoint-attacks.html

      Breaches/Hacks/Leaks

      • Massive Allianz Life Data Breach Impacts 1.1 Million People
        "Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. Allianz Life has nearly 2,000 employees in the United States and is a subsidiary of Allianz SE, which has over 128 million customers worldwide and ranks as the world's 82nd largest company based on revenue. As the company disclosed last month, information belonging to the "majority" of its 1.4 million customers was stolen by attackers who gained access to a third-party cloud CRM system on July 16th."
        https://www.bleepingcomputer.com/news/security/massive-allianz-life-data-breach-impacts-11-million-people/
        https://securityaffairs.com/181294/data-breach/allianz-life-security-breach-impacted-1-1-million-customers.html
        https://www.securityweek.com/1-1-million-unique-records-identified-in-allianz-life-data-leak/
        https://www.darkreading.com/cyberattacks-data-breaches/millions-allianz-insurance-breach
        https://www.infosecurity-magazine.com/news/allianz-life-breach-exposes/
      • Australian ISP IiNet Suffers Breach Of 280,000+ Records
        "Australia’s second-largest internet service provider (ISP) has revealed a major data breach impacting hundreds of thousands of customers. Parent company TPG Telecom notified the Australian Securities Exchange of the incident today. It said an “unknown third party” managed to gain unauthorized access to an order management system at subsidiary iiNet, in a breach discovered on Saturday. “Upon confirmation of the incident on Saturday, 16 August 2025, we enacted our incident response plan and removed the unauthorized access to the system. TPG Telecom has engaged external IT and cybersecurity experts to assist with our response to the incident,” noted the letter."
        https://www.infosecurity-magazine.com/news/aussie-isp-iinet-breach-280000/
        https://www.securityweek.com/australias-tpg-telecom-investigating-iinet-hack/
        https://hackread.com/australia-isp-iinet-data-breach-customer-accounts-stolen/
      • NY Business Council Discloses Data Breach Affecting 47,000 People
        "The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals. As the state's largest statewide employer association, BCNYS represents over 3,000 member organizations, including chambers of commerce, professional and trade associations, and other local and regional business organizations, as well as some of the largest corporations worldwide, which employ more than 1.2 million New Yorkers."
        https://www.bleepingcomputer.com/news/security/business-council-of-new-york-state-discloses-data-breach-affecting-47-000-people/
      • When a Deal Is Not a Done Deal: Nova Demands Higher Payment From Clinical Diagnostics
        "Last week, it appeared that Clinical Diagnostics (“Eurofins”) had paid a gang’s demands not to leak patient data that Nova had exfiltrated during a ransomware attack in July. Clinical Diagnostics in the Netheralands held patient data on 485,000 Dutch women in a cervical cancer screening program. Nova confirmed the payment to a Dutch news outlet. But yesterday, the attackers posted a new message and warning to the firm. The listing on Nova’s dark web leak site changed to “you break the deal, you will pay”. In an expanded post, Nova seemed to be saying they would leak the data in 10 days because the company had contacted the police (although DataBreaches notes that understanding their English is difficult and DataBreaches may have misunderstood something).. From the post’s broken English, they appeared to also be saying that they had received a higher offer than what the firm had offered."
        https://databreaches.net/2025/08/19/when-a-deal-is-not-a-done-deal-nova-demands-higher-payment-from-clinical-diagnostics/
      • Drug Development Company Inotiv Reports Ransomware Attack To SEC
        "An Indiana-based drug research company said a recent ransomware attack has disrupted its business operations and forced a shutdown of critical systems. Inotiv told regulators at the Securities Exchange Commission that the cybersecurity incident was discovered on August 8 and a subsequent investigation found that threat actors had encrypted certain systems. The company does not have a timeline for when restoration is expected but said the incident is impacting “the availability of and access to certain of the Company’s networks and systems, including access to portions of internal data storage and certain internal business applications.”"
        https://therecord.media/drug-development-innotiv-ransomware-sec
        https://www.bleepingcomputer.com/news/security/pharma-firm-inotiv-says-ransomware-attack-impacted-operations/
      • Russian Hacktivists Take Aim At Polish Power Plant, Again
        "Russian hackers targeted a Polish hydropower plant again, this time disrupting its control systems and turbines. The power plant — located in Tczew, near Gdańsk — was previously targeted in May. Now the hacktivists have released a video, which at first appeared to be a recording of the earlier attack. However, upon closer inspection, it's clear that the same hacktivists targeted the same facility again. According to the collected data from the plant's turbines, Polish analysts believe that the hack disrupted operations, making this attack more destructive than the previous one, which allegedly occurred when the plant was offline."
        https://www.darkreading.com/cyberattacks-data-breaches/russian-hacktivists-polish-power-plant-attack
      • Canadian Financial Regulator Hacked, Exposing Personal Data From Member Organizations
        "A Canadian financial regulator has disclosed a cybersecurity incident, which has breached the personal information of member firms and their employees. The Canadian Investment Regulatory Organization (CIRO), a national self-regulatory organization covering all investment dealers, mutual fund dealers and trading activity on Canada’s debt and equity marketplaces, revealed it identified the cybersecurity threat on August 11. In response, the regulator shut down some of its systems to ensure their safety before launching an investigation to determine the extent of the attacker’s activities."
        https://www.infosecurity-magazine.com/news/canadian-financial-regulator-hacked/
      • Business Council Of New York State Says Nearly 50,000 Had Data Leaked In February Cyberattack
        "A cyberattack on the Business Council of New York State gave hackers access to sensitive information on more than 47,000 people. The business advocacy organization told regulators in multiple states that it suffered a cyberattack in February. An investigation was completed on August 4 and revealed that 47,329 people had some combination of information leaked that includes names, Social Security numbers, state ID numbers, financial account and routing numbers, payment card numbers, PINs as well as expiration dates, taxpayer identification numbers and electronic signature information."
        https://therecord.media/new-york-business-council-data-breach

      General News

      • July 2025 APT Attack Trends Report (South Korea)
        "Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks that were identified during the month of July 2025."
        https://asec.ahnlab.com/en/89639/
      • July 2025 Threat Trend Report On Ransomware
        "This report provides statistics on the number of new ransomware samples and affected systems, and affected companies that were collected over the course of July 2025, as well as major ransomware issues in and out of Korea. Below is a summary of the information. Disclaimer: The number of ransomware samples and damaged systems is based on the detection names assigned by AhnLab, and statistics on targeted companies are based on the information published on the dedicated leak sites (DLS) of the ransomware group, also referred to as ransomware PR sites or PR pages, collected by the ATIP infrastructure over time."
        https://asec.ahnlab.com/en/89646/
      • Nebraska Man Gets 1 Year In Prison For $3.5M Cryptojacking Scheme
        "A Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $1 million. Charles O. Parks III (also known as "CP3O") was arrested and charged in April with wire fraud, money laundering, and engaging in unlawful monetary transactions. He was facing up to 20 years in prison in December after admitting that he didn't pay a $3.5 million bill after renting cloud computing time from two providers for his cryptojacking operation."
        https://www.bleepingcomputer.com/news/security/nebraska-man-gets-1-year-in-prison-for-35m-cryptojacking-scheme/
      • What Happens When Penetration Testing Goes Virtual And Gets An AI Coach
        "Cybersecurity training often struggles to match the complexity of threats. A new approach combining digital twins and LLMs aims to close that gap. Researchers from the University of Bari Aldo Moro propose using Cyber Digital Twins (CDTs) and generative AI to create realistic, interactive environments for cybersecurity education. Their framework simulates IT, OT, and IoT systems in a controlled virtual space and layers AI-driven feedback on top. The goal is to improve penetration testing skills and strengthen understanding of the full cyberattack lifecycle."
        https://www.helpnetsecurity.com/2025/08/19/digital-twins-cybersecurity-training/
      • The Cybersecurity Myths Companies Can’t Seem To Shake
        "Cybersecurity myths are like digital weeds: pull one out, and another quickly sprouts in its place. You’ve probably heard them before: Macs don’t get viruses, we’re too small to be a target, or changing passwords often keeps us safer. Experts have been busting these myths for years, yet they still stick around and shape bad strategies while giving people a false sense of security."
        https://www.helpnetsecurity.com/2025/08/19/cybersecurity-myths/
      • Hijacked Satellites And Orbiting Space Weapons: In The 21st Century, Space Is The New Battlefield
        "As Russia held its Victory Day parade this year, hackers backing the Kremlin hijacked an orbiting satellite that provides television service to Ukraine. Instead of normal programing, Ukrainian viewers saw parade footage beamed in from Moscow: waves of tanks, soldiers and weaponry. The message was meant to intimidate and was an illustration that 21st-century war is waged not just on land, sea and air but also in cyberspace and the reaches of outer space. Disabling a satellite could deal a devastating blow without one bullet, and it can be done by targeting the satellite’s security software or disrupting its ability to send or receive signals from Earth."
        https://www.securityweek.com/hijacked-satellites-and-orbiting-space-weapons-in-the-21st-century-space-is-the-new-battlefield/
      • PyPI Blocks 1,800 Expired-Domain Emails To Prevent Account Takeovers And Supply Chain Attacks
        "The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts," Mike Fiedler, PyPI safety and security engineer at the Python Software Foundation (PSF), said."
        https://thehackernews.com/2025/08/pypi-blocks-1800-expired-domain-emails.html
        https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/
        https://www.bleepingcomputer.com/news/security/pypi-now-blocks-domain-resurrection-attacks-used-for-hijacking-accounts/
      • Inside The Australian Dark Web: What Hackers Are Selling About Your Business Right Now
        "Despite being tucked in the bottom corner of the world map, Australia is high up on the threat map for cybercriminals. The Australian dark web game has evolved over the years, and now it is a thriving economy for hackers, criminals, and hacktivist groups. This economy now sells and purchases stolen corporate data, personal records, and privileged credentials that are openly traded. What was once a niche underground network now powers a shadow industry worth millions, exploiting every stolen byte from Australian businesses."
        https://cyble.com/blog/australian-dark-web-cybercrime-threats-2025/
      • Ransomware Incidents In Japan During The First Half Of 2025
        "In the first half of 2025, the number of ransomware attacks in Japan increased by approximately 1.4 times compared to the previous year. Ransomware attackers continue to primarily target small and medium-sized enterprises in Japan. The most affected industry remains manufacturing, unchanged from last year. The ransomware group causing the most damage in Japan is "Qilin." In late June, a new ransomware group called "Kawa4096" emerged and might have attacked two Japanese companies."
        https://blog.talosintelligence.com/ransomware_incidents_in_japan_during_the_first_half_of_2025/
      • Secure AI Use Without The Blind Spots
        "Trey Ford has seen it before: The engineering team is off to the races, exploring the latest AI tools, while the security side is still trying to catch its breath. "Security teams are never overstaffed," says Ford, CISO, Americas, with Bugcrowd. "And out of nowhere, we have this new thing that is a game-changer. But there's this whole sudden mindset where 'we're going to go do this thing.'""
        https://www.darkreading.com/cyber-risk/secure-ai-use-without-blind-spots
      • Fashionable Phishing Bait: GenAI On The Hook
        "The rapid expansion of generative AI (GenAI) has led to a diverse set of web-based platforms offering capabilities such as code assistance, natural language generation, chatbot interaction and automated website creation. This article uses insights from our telemetry to show trends in how the GenAI web is evolving. Because of its growing prevalence, GenAI also opens new vectors for threat actors to misuse. Adversaries are increasingly leveraging GenAI platforms to create realistic phishing content, clone trusted brands and automate large-scale deployment using services like low-code site builders. The threats are getting harder to detect."
        https://unit42.paloaltonetworks.com/genai-phishing-bait/
      • US Spy Chief Claims UK Backed Down Over Apple Backdoor Demand
        "The UK government has reportedly abandoned its attempt to strong-arm Apple into weakening iPhone encryption after the White House forced Blighty into a quiet climb-down. US Director of National Intelligence Tulsi Gabbard broke the news on X, boasting that she'd been working "closely with our partners in the UK, alongside @POTUS and @VP, to ensure Americans' private data remains private and our Constitutional rights and civil liberties are protected." "As a result," she added, "the UK has agreed to drop its mandate for Apple to provide a 'backdoor' that would have enabled access to the protected encrypted data of American citizens and encroached on our civil liberties.""
        https://www.theregister.com/2025/08/19/uk_apple_backdoor_uturn/
        https://thehackernews.com/2025/08/uk-government-drops-apple-encryption.html
        https://therecord.media/uk-agrees-drop-apple-encryption
        https://cyberscoop.com/uk-abandons-apple-backdoor-demand-after-us-diplomatic-pressure/
      • Automation Alert Sounds As Certificates Set To Expire Faster
        "The future of managing digital certificates is already here - it's just not evenly distributed yet. Keen to reduce risks to the web public key infrastructure ecosystem, as well as get the automation ball rolling faster, the industry's Certification Authority Browser Forum on April 11 approved a motion to reduce the maximum validity of public TLS certificates from 398 days to 47 days. That TLS Baseline Requirement change, meaning it applies to "authenticating servers accessible through the internet," will begin in March 2026 and come into full effect in March 2029."
        https://www.bankinfosecurity.com/automation-alert-sounds-as-certificates-set-to-expire-faster-a-29253
      • Oregon Man Charged With Administering “Rapper Bot” DDoS-For-Hire Botnet
        "An Oregon man was charged by a federal criminal complaint today in the District of Alaska on charges related to his alleged development and administration of the “Rapper Bot” DDoS-for-hire Botnet that has conducted large-scale cyber-attacks since at least 2021. According to court documents, investigators identified Ethan Foltz, 22, of Eugene, Oregon, as the alleged administrator of Rapper Bot. Rapper Bot, aka “Eleven Eleven Botnet” and “CowBot,” is a Botnet that primarily compromises devices like Digital Video Recorders (DVRS) or WiFi routers at scale by infecting those devices with specialized malware. Clients of Rapper Bot then issue commands to those infected victim devices, forcing them to send large volumes of “Distributed Denial of Service” (DDoS) traffic to different victim computers and servers located throughout the world."
        https://www.justice.gov/usao-ak/pr/oregon-man-charged-administering-rapper-bot-ddos-hire-botnet
        https://cyberscoop.com/rapper-bot-ddos-botnet-disrupted/
      • AI Agents Access Everything, Fall To Zero-Click Exploit
        "In this Black Hat USA 2025 interview, Michael Bargury, Zenity CTO, discusses his alarming "AgentFlayer" research on AI enterprise compromise methods with Dark Reading's Rob Wright, senior news director. Bargury explains that modern AI assistants have "grown arms and legs," gaining the ability to access emails, documents, and calendars and perform actions on users' behalf through integrations with enterprise environments like Microsoft, Google Workspace, and Salesforce. The critical zero-click exploit that Bargury uncovered means external attackers need only a user's email address to completely take over enterprise AI agents, accessing sensitive data and manipulating users through what they perceive as trusted AI advisers."
        https://www.darkreading.com/application-security/ai-agents-access-everything-zero-click-exploit
      • 10 Major GitHub Risk Vectors Hidden In Plain Sight
        "GitHub has evolved from simple version control to the backbone of modern software development. While organizations diligently scan packaged dependencies from npm or PyPI, they often overlook a more pervasive danger: the numerous ways GitHub-hosted code infiltrates systems throughout the entire software development life cycle. These hidden risk vectors create blind spots that sophisticated attackers actively exploit, as demonstrated in incidents like the tj-actions GitHub Action and XZ Utils compromises."
        https://www.darkreading.com/cyberattacks-data-breaches/10-github-risk-vectors

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c5b4a860-e535-416c-9c62-d16b3c56a851-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post