NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 12 January 2026

    Cyber Security News
    1
    1
    80
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Healthcare Chatbots Provoke Unease In AI Governance Analysts
        "When an AI chatbot tells people to add glue to pizza, the error is obvious. When it recommends eating more bananas - sound nutritional advice that could be dangerous for someone with kidney failure - the mistake hides in plain sight. That's a risk now poised to reach hundreds of millions of users with little or no regulatory oversight. OpenAI days ago launched ChatGPT Health, allowing users to connect medical records and wellness apps for personalized health guidance."
        https://www.bankinfosecurity.com/healthcare-chatbots-provoke-unease-in-ai-governance-analysts-a-30483

      Vulnerabilities

      • CISA Retires Ten Emergency Directives, Marking An Era In Federal Cybersecurity
        "Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the successful retirement of ten Emergency Directives issued between 2019-2024. Marking a significant milestone in federal cybersecurity, this is the highest number of Emergency Directives retired by the agency at one time. These directives achieved their mission to mitigate urgent and imminent risks to Federal Civilian Executive Branch (FCEB) agencies. Since their issuance, CISA has partnered closely with federal agencies to drive remediation, embed best practices and overcome systemic challenges - establishing a stronger, more resilient digital infrastructure for a more secure America."
        https://www.cisa.gov/news-events/news/cisa-retires-ten-emergency-directives-marking-era-federal-cybersecurity
        https://thehackernews.com/2026/01/cisa-retires-10-emergency-cybersecurity.html
        https://www.bleepingcomputer.com/news/security/cisa-retires-10-emergency-cyber-orders-in-rare-bulk-closure/
        https://www.securityweek.com/cisa-closes-10-emergency-directives-as-vulnerability-catalog-takes-over/

      Malware

      • Threat Actors Actively Targeting LLMs
        "Our Ollama honeypot infrastructure captured 91,403 attack sessions between October 2025 and January 2026. Buried in that data: two distinct campaigns that reveal how threat actors are systematically mapping the expanding surface area of AI deployments. GreyNoise customers have received an Executive Situation Report (SITREP) including IOCs and other valuable intelligence from this investigation. Customers, please check your inbox."
        https://www.greynoise.io/blog/threat-actors-actively-targeting-llms
        https://www.bleepingcomputer.com/news/security/hackers-target-misconfigured-proxies-to-access-paid-llm-services/
      • GRU-Linked BlueDelta Evolves Credential Harvesting
        "Between February and September 2025, Recorded Future’s Insikt Group identified multiple credential-harvesting campaigns conducted by BlueDelta, a Russian state-sponsored threat group associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). This activity represents an expansion of BlueDelta’s ongoing credential-theft operations previously detailed in Insikt Group’s December 2025 report."
        https://www.recordedfuture.com/research/gru-linked-bluedelta-evolves-credential-harvesting
        https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-ru-2026-0107.pdf
        https://www.darkreading.com/cyberattacks-data-breaches/russian-apt-credentials-global-targets
        https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.html
      • Reborn In Rust: Muddy Water Evolves Tooling With RustyWater Implant
        "CloudSEK’s TRIAD recently identified a spearphishing campaign attributed to the Muddy Water APT group targeting multiple sectors across the Middle East, including diplomatic, maritime, financial, and telecom entities. The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular post-compromise capability expansion. Historically, Muddy Water has relied on PowerShell and VBS loaders for initial access and post-compromise operations. The introduction of Rust-based implants represents a notable tooling evolution toward more structured, modular, and low noise RAT capabilities."
        https://www.cloudsek.com/blog/reborn-in-rust-muddywater-evolves-tooling-with-rustywater-implant
        https://thehackernews.com/2026/01/muddywater-launches-rustywater-rat-via.html

      Breaches/Hacks/Leaks

      • BreachForums Hacking Forum Database Leaked, Exposing 324,000 Accounts
        "The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online. BreachForums is the name of a series of hacking forums used to trade, sell, and leak stolen data, as well as sell access to corporate networks and other illegal cybercrime services. The site was launched after the first of these forums, RaidForums, was seized by law enforcement, with the owner, "Omnipotent", arrested."
        https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-database-leaked-exposing-324-000-accounts/
        https://hackread.com/breachforums-database-users-leak-admin-disputes/
      • Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records
        "A hacker using the alias “Lovely” is selling nearly 40 million (39,970,158) Condé Nast user records that allegedly belong to the company’s subsidiary websites, many of which rank among the most popular sites worldwide. On December 27, 2025, Hackread.com reported that a hacker using the alias “Lovely” leaked a database containing the personal details of 2.3 million Wired.com users. Wired.com is a major American magazine and website owned by Condé Nast. Alongside the download link, the hacker accused Condé Nast of ignoring repeated security warnings. Three days after the Wired.com leak, the hacker announced that the entire Condé Nast dataset was being put up for sale."
        https://hackread.com/wired-com-hacker-data-leak-conde-nast-records/
      • Instagram Denies Breach Amid Claims Of 17 Million Account Data Leak
        "Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online. "We fixed an issue that allowed an external party to request password reset emails for some Instagram users," a Meta spokesperson told BleepingComputer. "We want to reassure everyone there was no breach of our systems and people's Instagram accounts remain secure. People can disregard these emails and we apologize for any confusion this may have caused.""
        https://www.bleepingcomputer.com/news/security/instagram-denies-breach-amid-claims-of-17-million-account-data-leak/
        https://thecybersecguru.com/news/instagram-data-breach-17-million/
        https://securityaffairs.com/186765/data-breach/a-massive-breach-exposed-data-of-17-5m-instagram-users.html
        https://hackread.com/instagram-user-data-leak-scraped-records-2022/
        https://www.theregister.com/2026/01/11/infosec_news_in_brief/
      • At Least $26 Million In Crypto Stolen From Truebit Platform As Crypto Crime Landscape Evolves
        "Hackers stole more than $26 million worth of cryptocurrency from the Truebit platform on Thursday, marking the first major crypto hack of 2026. The company said in a statement that it became aware of a security incident “involving one or more malicious actors.” “We are in contact with law enforcement and taking all available measures to address the situation,” Truebit said, urging people not to interact with the smart contract that had been affected by the attack."
        https://therecord.media/26-million-in-crypto-stolen-truebit
      • Salt Typhoon Hackers Hit Congressional Emails In New Breach
        "U.S. officials are investigating a suspected Chinese cyber espionage operation compromising email systems used by congressional staff working on House national security committees. The activity, detected in December, appears to have originated from the threat actor commonly tracked as Salt Typhoon, according to researchers tracking the operation. It appears to have affected staff supporting committees with oversight of China policy, foreign affairs, intelligence and the military (see: Chinese Data Leak Reveals Salt Typhoon Contractors)."
        https://www.bankinfosecurity.com/salt-typhoon-hackers-hit-congressional-emails-in-new-breach-a-30484

      General News

      • 34 Arrests In Spain During Action Against The ‘Black Axe’ Criminal Organisation
        "The Spanish National Police (Policía Nacional), in close cooperation with the Bavarian State Criminal Police Office (Bayerisches Landeskriminalamt) and with the support of Europol, has conducted an operation against the international criminal organisation ‘Black Axe’. The action resulted in 34 arrests and significant disruptions to the group's activities. Black Axe is a highly structured, hierarchical group with its origins in Nigeria and a global presence in dozens of countries. The core group of arrested suspects consists of 10 individuals of Nigerian nationality."
        https://www.europol.europa.eu/media-press/newsroom/news/34-arrests-in-spain-during-action-against-black-axe-criminal-organisation
        https://www.bleepingcomputer.com/news/security/spain-arrests-34-suspects-linked-to-black-axe-cyber-crime/
        https://thehackernews.com/2026/01/europol-arrests-34-black-axe-members-in.html
        https://www.infosecurity-magazine.com/news/europol-crackdown-on-black-axe/
        https://hackread.com/europol-black-axe-cybercrime-ring-spain/
      • Identity & Beyond: 2026 Incident Response Predictions
        "In 2026, incident response (IR) will continue its shift away from traditional malware-centric investigations toward identity-driven intrusions, abuse of trusted cloud services, and low-signal, high-impact activity that blends seamlessly into normal business operations. Rather than relying on technical exploits, threat actors are prioritizing legitimate access, persistence, and operational efficiency, enabling them to evade users, security controls, and automated detection."
        https://www.cybereason.com/blog/identity-beyond-2026-incident-response-predictions
      • Crypto Crime Reaches Record High In 2025 As Nation‑State Sanctions Evasion Moves On‑Chain At Scale
        "In 2025, we tracked a notable rise in nation-state activity in crypto, marking the latest phase in the maturation of the illicit on-chain ecosystem. Over the past few years, the crypto crime landscape has become increasingly professionalized; illicit organizations now operate large-scale on-chain infrastructure to help transnational criminal networks procure goods and services and launder their ill-gotten crypto. Against that backdrop, we have seen nation-states moving into this space, both by tapping into these same professionalized service providers and by standing up their own bespoke infrastructure to evade sanctions at scale."
        https://www.chainalysis.com/blog/2026-crypto-crime-report-introduction/
        https://www.darkreading.com/cyber-risk/illicit-crypto-economy-surges-nation-states
      • How AI Agents Are Turning Security Inside-Out
        "AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally built no-code assets."
        https://www.helpnetsecurity.com/2026/01/09/ai-agents-appsec-risk/
      • Security Teams Are Paying More Attention To The Energy Cost Of Detection
        "Security teams spend a lot of time explaining why detection systems need more compute. Cloud bills rise, models retrain more often, and new analytics pipelines get added to existing stacks. Those conversations usually stay focused on coverage and accuracy. A recent study takes a different approach by measuring anomaly detection models alongside their energy use and associated carbon output, treating compute consumption as part of security operations."
        https://www.helpnetsecurity.com/2026/01/09/energy-aware-cybersecurity-ai-research/
      • Wi-Fi Evolution Tightens Focus On Access Control
        "Wi-Fi networks are taking on heavier workloads, more devices, and higher expectations from users who assume constant access everywhere. A new Wireless Broadband Alliance industry study shows that this expansion is reshaping priorities around security, identity, and trust, alongside adoption of new Wi-Fi standards."
        https://www.helpnetsecurity.com/2026/01/09/wba-wi-fi-access-control/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) c2b2d89a-4736-42ff-91f3-122faadb3dfe-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post