NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 December 2025

    Cyber Security News
    1
    1
    26
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Threat Landscape For Industrial Automation Systems. Australia And New Zealand, Q3 2025
        "The cybersecurity situation in Australia and New Zealand is among the most favorable across all regions. The region ranked 11th in Q3 2025 based on the percentage of ICS computers on which malicious objects were blocked. At the same time, the region was in higher positions in the relevant rankings for some threat sources and categories:"
        https://ics-cert.kaspersky.com/publications/reports/2025/12/23/threat-landscape-for-industrial-automation-systems-australia-and-new-zealand-q3-2025/
      • Threat Landscape For Industrial Automation Systems. South And North America (Canada), Q3 2025
        "In South America, the percentage of ICS computers on which threats from mail clients were blocked is 1.8 times higher than the global average. On this metric, the region ranks third globally. High levels of email threats (phishing) and spyware clearly indicate that industrial OT systems in the region are highly exposed to advanced attackers."
        https://ics-cert.kaspersky.com/publications/reports/2025/12/23/threat-landscape-for-industrial-automation-systems-south-and-north-america-canada-q3-2025/

      Vulnerabilities

      • Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands Of Instances
        "A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm. "Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime," the maintainers of the npm package said."
        https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html
        https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
        https://censys.com/advisory/cve-2025-68613
        https://securityaffairs.com/186036/hacking/critical-n8n-flaw-could-enable-arbitrary-code-execution.html
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2023-52163 Digiever DS-2105 Pro Missing Authorization Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/12/22/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/186021/security/u-s-cisa-adds-a-flaw-in-digiever-ds-2105-pro-to-its-known-exploited-vulnerabilities-catalog.html
      • Revisiting CVE-2025-50165: A Critical Flaw In Windows Imaging Component
        "ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of the most widely used image formats. The flaw, found and documented by Zscaler ThreatLabz, piqued our interest, as Microsoft assessed its severity as critical but deemed its exploitability as less likely. Our root cause analysis allowed us to pinpoint the exact location of the faulty code and reproduce the crash. We believe that the exploitation scenario is harder than it appears to be."
        https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/
      • CVE-2025–52692: Discovery And Exploitation Of Zero-Day Vulnerability In Linksys E9450-SG Router
        "At the Centre for Strategic Infocomm Technologies (CSIT), we perform vulnerability research on a wide range of platforms including Internet of Things (IoT) devices. Consumer routers are particularly attractive targets because they expose internal networks and often contain exploitable flaws. Most consumers use routers provided by their Internet Service Provider (ISP). One such router is the Linksys E9450-SG AX5400 Wi-Fi 6 router that Singtel distributed in 2021. It is certified as a CSA CLS Level 1 device (CSA/060225/V0009)."
        https://medium.com/csit-tech-blog/cve-2025-52692-discovery-and-exploitation-of-zero-day-vulnerability-in-linksys-e9450-sg-router-cda5c829bbf9

      Malware

      • From Cheats To Exploits: Webrat Spreading Via GitHub
        "In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced professionals and students in the information security field."
        https://securelist.com/webrat-distributed-via-github/118555/
        https://www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/
        https://www.helpnetsecurity.com/2025/12/23/fake-poc-exploits-webrat-malware/
      • From Email To Exfiltration: How Threat Actors Steal ADP Login And Personal Data
        "Recently, threat actors have been impersonating employees at major companies, such as ADP, a leading global provider of human resources management and payroll processing services. The Cofense Phishing Defense Center (PDC) recently observed a new phishing campaign imitating ADP, allowing the threat actor to gain access to employee accounts and steal sensitive information. To help employees identify phishing threats and become the first line of defense against threat actors, we broke down this real-life example."
        https://cofense.com/blog/from-email-to-exfiltration-how-threat-actors-steal-adp-login-and-personal-data
      • RTO Scam Wave Continues: A Surge In Browser-Based e-Challan Phishing And Shared Fraud Infrastructure
        "Following our earlier reporting on RTO-themed threats, CRIL observed a renewed phishing wave abusing the e-Challan ecosystem to conduct financial fraud. Unlike earlier Android malware-driven campaigns, this activity relies entirely on browser-based phishing, significantly lowering the barrier for victim compromise. During the course of this research, CRIL also noted that similar fake e-Challan scams have been highlighted by mainstream media outlets, including Hindustan Times, underscoring the broader scale and real-world impact of these campaigns on Indian users."
        https://cyble.com/blog/rto-scam-wave-continues/
      • Malicious Chrome Extensions “Phantom Shuttle” Masquerade As a VPN To Intercept Traffic And Exfiltrate Credentials
        "Socket's Threat Research Team identified two malicious Chrome extensions sharing the same name Phantom Shuttle (幻影穿梭), published by the same threat actor using the email theknewone.com@gmail[.]com, distributed since at least 2017. The extensions market themselves as "multi-location network speed testing plugins" for developers and foreign trade personnel. Users pay subscriptions ranging from ¥9.9 to ¥95.9 CNY ($1.40 to $13.50 USD) believing they're purchasing a legitimate VPN service, but both variants perform identical malicious operations. Behind the subscription facade, the extensions execute complete traffic interception through authentication credential injection, operate as man-in-the-middle proxies, and continuously exfiltrate user data to the threat actor's C2 server."
        https://socket.dev/blog/malicious-chrome-extensions-phantom-shuttle
        https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.html
        https://www.bleepingcomputer.com/news/security/malicious-extensions-in-chrome-web-store-steal-user-credentials/
      • Indian Income Tax-Themed Phishing Campaign Targets Local Businesses
        "Over the past few months, tax-themed phishing and malware campaigns have surged, particularly during and after the Income Tax Return (ITR) filing season. With ongoing public discussions around refund timelines, these scams appear more credible, giving attackers the perfect context to craft convincing lures. We recently analyzed emails impersonating the Indian Income Tax Department (ITD). At first glance, the message resembled an official “Tax Compliance Review Notice.” However, deeper investigation revealed it was part of a broader phishing campaign targeting Indian businesses with a multi-stage infection chain designed to deploy persistent Remote Access Trojans (RATs) or infostealer malware."
        https://www.seqrite.com/blog/indian-income-tax-themed-phishing-campaign-targets-local-businesses/
      • In Depth Analysis Of The Alleged Qilin, DragonForce And LockBit Alliance
        "On the occasion of the announcement made by the ransomware group DragonForce regarding the creation of an alliance between DragonForce, Qilin, and LockBit, identified on September 15, 2025, the Cyber Intelligence Team conducted an analysis based on internally collected data to assess the potential risk and the credibility of the claim. This activity was carried out as part of ongoing ransomware claims monitoring operations aimed at identifying emerging risks and issuing customer alerts."
        https://labs.yarix.com/2025/12/in-depth-analysis-of-the-alleged-qilin-dragonforce-and-lockbit-alliance/
      • Quishing Campaigns : Advanced QR-Code Phishing Evaluation And Insights
        "CYFIRMA examines a sophisticated phishing campaign that leverages QR-code-based delivery, commonly referred to as “quishing,” to target employees with messages related to payroll and compensation. By combining personalized social engineering with obfuscated scripts and dynamically generated infrastructure, attackers increase the likelihood of engagement while evading traditional security controls. The campaign demonstrates a high level of operational sophistication, emphasizing the shift toward targeted, industry-specific threats. Findings underscore the need for enhanced user awareness, proactive monitoring, and intelligence-driven defenses to protect organizational credentials and sensitive data."
        https://www.cyfirma.com/research/quishing-campaigns-advanced-qr-code-phishing-evaluation-and-insights/

      Breaches/Hacks/Leaks

      • Baker University Says 2024 Data Breach Impacts 53,000 People
        "Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. Founded in 1858, Baker University is a private university in Baldwin City, Kansas, with nearly 2,000 enrolled students (1,457 undergraduates) and over 300 employees. The school detected suspicious activity on its network after a December 2024 outage and found that attackers had access to its systems from December 2 to 19, stealing sensitive documents."
        https://www.bleepingcomputer.com/news/security/baker-university-data-breach-impacts-over-53-000-individuals/
      • More Than 22 Million Aflac Customers Impacted By June Data Breach
        "A data breach in June exposed the information of more than 22 million Aflac customers, according to a new statement from the company. The Georgia-based insurance giant published a statement on Friday about the conclusion of a months-long investigation into a cybersecurity incident announced earlier this year. The company previously warned the Securities Exchange Commission (SEC) that while it was able to stop a hacker intrusion “within hours,” some files were stolen by the cybercriminals."
        https://therecord.media/22-million-impacted-aflac-breach

      General News

      • Formal Proofs Expose Long Standing Cracks In DNSSEC
        "DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume that if DNSSEC validation passes, the answer can be trusted. New academic research suggests that assumption deserves closer scrutiny. Researchers from Palo Alto Networks, Purdue University, the University of California Irvine, and the University of Texas at Dallas present an analysis of DNSSEC that goes beyond bug hunting. Instead of searching for individual flaws, the team built a mathematical model of the protocol and asked a deeper question. Does DNSSEC, as written and deployed, always behave securely under all conditions?"
        https://www.helpnetsecurity.com/2025/12/23/dnssec-validation-risks-research/
        https://arxiv.org/pdf/2512.11431
      • AI Code Looks Fine Until The Review Starts
        "Software teams have spent the past year sorting through a rising volume of pull requests generated with help from AI coding tools. New research puts numbers behind what many reviewers have been seeing during work. The research comes from CodeRabbit and examines how AI co-authored code compares with human written code across hundreds of open source projects. The findings track issue volume, severity, and the kinds of problems that appear most often. The data shows recurring risks tied to logic, correctness, readability, and security that matter directly to security and reliability teams."
        https://www.helpnetsecurity.com/2025/12/23/coderabbit-ai-assisted-pull-requests-report/
      • Cloud Security Is Stuck In Slow Motion
        "Cloud environments are moving faster than the systems meant to protect them. A new Palo Alto Networks study shows security teams struggling to keep up with development cycles, growing cloud sprawl, and attacker tactics that now compress breaches into minutes instead of weeks."
        https://www.helpnetsecurity.com/2025/12/23/palo-alto-networks-cloud-incident-response-report/
      • The Week In Vulnerabilities: More Than 2,000 New Flaws Emerge
        "Cyble Vulnerability Intelligence researchers tracked 2,415 vulnerabilities in the last week, a significant increase over even last week’s very high number of new vulnerabilities. The increase signals a heightened risk landscape and expanding attack surface in the current threat environment. Over 300 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks."
        https://cyble.com/blog/it-vulnerabilities-ics-record-week-new-flaws/
      • Amazon Fends Off 1,800 Suspected DPRK IT Job Scammers
        "Much has been said about IT worker scams in the last few years, but it's not every day that we get a glimpse into how pervasive the issue has become. Stephen Schmidt, senior vice president and chief security officer at Amazon, wrote on LinkedIn over the weekend that the company has prevented "more than 1,800 suspected DPRK operatives from joining [Amazon] since April 2024, and we've detected 27% more DPRK-affiliated applications quarter-over-quarter this year.""
        https://www.darkreading.com/remote-workforce/amazon-fends-off-dprk-it-job-scammers
      • Top Ransomware Trends Of 2025
        "The past year was much quieter than 2024 in ransomware takedown and anti-cybercrime law enforcement operations. Additionally, less organized collectives such as Scattered Spider, Lapsus$ and ShinyHunters grabbed many of the headlines in 2025. However, traditional ransomware syndicates continued to be active throughout the year. According to ransomware tracking website Ransomware.live, 306 groups were active over the past year, listing 7902 victims at the time of writing. This is significantly higher than the 6129 victims listed in 2024 and the 5336 victims listed in 2023."
        https://www.infosecurity-magazine.com/news/top-ransomware-trends-of-2025/
      • Why Third-Party Access Remains The Weak Link In Supply Chain Security
        "Your next breach probably won’t start inside your network—it will start with someone you trust. Every supplier, contractor, and service provider needs access to your systems to keep business running, yet each login is a potential doorway for attackers. Access management is meant to control the risks of granting that access, but weak controls and poor hygiene remain the norm. The Thales Digital Trust Index report, Third-Party Edition, highlights that over half of surveyed professionals (51%) keep access to partner systems for days or even a month after they no longer need it, turning everyday collaborations into hidden vulnerabilities that accumulate over time."
        https://securityaffairs.com/186026/security/why-third-party-access-remains-the-weak-link-in-supply-chain-security.html
      • U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme
        "The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud. The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website are now greeted by a seizure banner that says the domain was taken down in an international law enforcement operation led by authorities from the U.S. and Estonia."
        https://thehackernews.com/2025/12/us-doj-seizes-fraud-domain-behind-146.html
        https://therecord.media/us-disrupts-bank-account-takeover-operation-web3adspanels
        https://www.securityweek.com/feds-seize-password-database-used-in-massive-bank-account-takeover-scheme/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 29560139-e877-49e1-ba88-b6a91174d32f-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post