NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 26 January 2026

    Cyber Security News
    1
    1
    143
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • CISA Adds Four Known Exploited Vulnerabilities To Catalog
        "CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability
        CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability
        CVE-2025-54313 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
        CVE-2025-68645 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/01/22/cisa-adds-four-known-exploited-vulnerabilities-catalog
        https://www.bleepingcomputer.com/news/security/cisa-confirms-active-exploitation-of-four-enterprise-software-bugs/
        https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html
        https://securityaffairs.com/187241/security/u-s-cisa-adds-prettier-eslint-config-prettier-vite-vitejs-versa-concerto-sd-wan-orchestration-platform-and-synacor-zimbra-collaboration-suite-flaws-to-its-known-exploited-vulnerabilities-catal.html
        https://www.securityweek.com/organizations-warned-of-exploited-zimbra-collaboration-vulnerability/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2024-37079 Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/01/23/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.theregister.com/2026/01/23/critical_vmware_vcenter_server_bug/
        https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html
        https://securityaffairs.com/187267/security/u-s-cisa-adds-a-flaw-in-broadcom-vmware-vcenter-server-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • MaliciousCorgi: The Cute-Looking AI Extensions Leaking Code From 1.5 Million Developers
        "AI coding assistants are everywhere. They suggest code, explain errors, write functions, review pull requests. Every developer marketplace is flooded with them - ChatGPT wrappers, Copilot alternatives, code completion tools promising to 10x your productivity. We install them without a second thought. They're in the official marketplace. They have thousands of reviews. They work. So we grant them access to our workspaces, our files, our keystrokes - and assume they're only using that access to help us code."
        https://www.koi.ai/blog/maliciouscorgi-the-cute-looking-ai-extensions-leaking-code-from-1-5-million-developers
        https://www.bleepingcomputer.com/news/security/malicious-ai-extensions-on-vscode-marketplace-steal-developer-data/
      • The Skeleton Key: How Attackers Weaponize Trusted RMM Tools For Backdoor Access
        "KnowBe4 Threat Labs recently examined a sophisticated dual-vector campaign that demonstrates the real-world exploitation chain following credential compromise. This is not a traditional virus attack. Instead of deploying custom viruses, attackers are bypassing security perimeters by weaponizing the necessary IT tools that administrators trust. By stealing a “skeleton key” to the system, they turn legitimate Remote Monitoring and Management (RMM) software into a persistent backdoor."
        https://blog.knowbe4.com/the-skeleton-key-how-attackers-weaponize-trusted-rmm-tools-for-backdoor-access
        https://thehackernews.com/2026/01/phishing-attack-uses-stolen-credentials.html
      • ESET Research: Sandworm Behind Cyberattack On Poland’s Power Grid In Late 2025
        "In late 2025, Poland’s energy system faced what has been described as the “largest cyberattack” targeting the country in years. ESET Research has now found that the attack was the work of the notorious Russia-aligned APT group Sandworm. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed,” said ESET researchers. “We’re not aware of any successful disruption occurring as a result of this attack,” they added."
        https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/
        https://thehackernews.com/2026/01/new-dynowiper-malware-used-in-attempted.html
        https://www.bleepingcomputer.com/news/security/sandworm-hackers-linked-to-failed-wiper-attack-on-polands-energy-systems/

      Breaches/Hacks/Leaks

      • ShinyHunters Claims Okta Customer Breaches, Leaks Data Belonging To 3 Orgs
        "ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment. On Friday, the criminals leaked data allegedly stolen from market-intel broker Crunchbase, streaming platform SoundCloud, and financial-tech firm Betterment, and confirmed to The Register that they gained access to two of the three - Crunchbase and Betterment - by voice-phishing Okta single-sign-on codes. SoundCloud in December confirmed it had been breached and the crooks accessed data belonging to about 20 percent of its users, which translates to about 28 million people, based on the company's publicly available customer count."
        https://www.theregister.com/2026/01/23/shinyhunters_claims_okta_customer_breaches/
        https://www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/
        https://www.bankinfosecurity.com/voice-phishing-okta-customers-shinyhunters-claims-credit-a-30590
        https://hackread.com/shinyhunters-leak-soundcloud-crunchbase-betterment-data/
      • 149M Logins And Passwords Exposed Online Including Financial Accounts, Instagram, Facebook, Roblox, Dating Sites, And More.
        "Cybersecurity Researcher Jeremiah Fowler uncovered a data leak of 149 million logins and passwords, and shared his findings with ExpressVPN. We are publishing his report to help the public stay informed and protected as part of our ongoing effort to highlight important security risks. The publicly exposed database was not password-protected or encrypted. It contained 149,404,754 unique logins and passwords, totaling a massive 96 GB of raw credential data. In a limited sampling of the exposed documents, I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts."
        https://www.expressvpn.com/blog/149m-infostealer-data-exposed/
        https://hackread.com/logins-roblox-tiktok-netflix-crypto-wallets-found/
      • Cyberattack Disrupts Digital Systems At Renowned Dresden Museum Network
        "Germany’s Dresden State Art Collections, one of Europe’s oldest museum networks, has been hit by a targeted cyberattack that disrupted large parts of its digital infrastructure, the state of Saxony’s culture ministry said this week. The attack, discovered on Wednesday, has left the museum group with limited digital and phone services. Online ticket sales, visitor services, and the museum shop are currently unavailable, and payments at museum sites can only be made in cash. Tickets purchased online before the incident remain valid and can still be scanned on site."
        https://therecord.media/dresden-state-art-collections-cyberattack
      • Nike Probing Potential Security Incident As Hackers Threaten To Leak Data
        "Nike has launched an investigation after a cybercrime group claimed to have stolen data from its systems. The athletic footwear and apparel giant was listed as a victim on the Tor-based leak website operated by the WorldLeaks gang on January 22, and a timer indicates that the stolen data will be made public on January 24, unless a ransom is paid. The cybercriminals have not specified how much or what type of data they allegedly stole from Nike."
        https://www.securityweek.com/nike-probing-potential-security-incident-as-hackers-threaten-to-leak-data/
        https://securityaffairs.com/187303/data-breach/nike-is-investigating-a-possible-data-breach-after-worldleaks-claims.html

      General News

      • Hackers Get $1,047,000 For 76 Zero-Days At Pwn2Own Automotive 2026
        "Pwn2Own Automotive 2026 has ended with security researchers earning $1,047,000 after exploiting 76 zero-day vulnerabilities between January 21 and January 23. The Pwn2Own Automotive hacking competition focuses on automotive technologies and took place this week in Tokyo, Japan, during the Automotive World auto conference. Throughout the contest, the hackers targeted fully patched in-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and car operating systems (e.g., Automotive Grade Linux)."
        https://www.bleepingcomputer.com/news/security/hackers-get-1-047-000-for-76-zero-days-at-pwn2own-automotive-2026/
        https://www.darkreading.com/endpoint-security/researchers-find-new-ways-hack-vehicles
        https://www.securityweek.com/infotainment-ev-charger-exploits-earn-hackers-1m-at-pwn2own-automotive-2026/
        https://www.theregister.com/2026/01/25/pwn2own_automotive_2026_identifies_76_0days/
      • Healthy Security Cultures Thrive On Risk Reporting
        "Businesses can either fear risk or celebrate it. A growing number are embracing the latter. Many risk management styles thrive on fear – the fear of documenting risks, writing them down, and making them discoverable within the organization. Security professionals worry they'll be blamed for those risks, even if they don't amount to any real problems – and if they do lead to incidents or breaches that worry evolves into panic."
        https://www.darkreading.com/cyber-risk/healthy-security-cultures-thrive-on-risk-reporting
      • One-Time SMS Links That Never Expire Can Expose Personal Data For Years
        "Online services often treat one-time links sent by text message as low-risk conveniences. A new study shows that these links can expose large amounts of personal data for years. According to to Proofpoint, cybercriminals favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection. These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads."
        https://www.helpnetsecurity.com/2026/01/23/sms-private-urls-data-exposure-study/
      • More Employees Get AI Tools, Fewer Rely On Them At Work
        "People across many organizations now have access to AI tools, and usage keeps spreading. Some groups rely on AI during regular work, others treat it as an occasional helper. That gap between access and routine use sits at the center of new research from Deloitte on enterprise AI adoption. The research draws on a global survey of more than 3,200 business and IT leaders conducted in late 2025. Respondents come from large organizations across industries and regions. Many report progress during the past year, especially around tool access and executive support. The findings also show friction around scaling, governance, and workforce readiness."
        https://www.helpnetsecurity.com/2026/01/23/deloitte-enterprise-ai-adoption/
      • Agentic AI Edges Closer To Everyday Production Use
        "Many security and operations teams now spend less time asking whether agentic AI belongs in production and more time working out how to run it safely at scale. A new Dynatrace research report looks at how large organizations are moving agentic AI from pilots into live environments and where those efforts are stalling. The report shows agentic AI already embedded in core operational functions, including IT operations, cybersecurity, data processing, and customer support. 70% of respondents say they use AI agents in IT operations and system monitoring, with nearly half running agentic AI across both internal and external use cases."
        https://www.helpnetsecurity.com/2026/01/23/cybersecurity-agentic-ai-operations/
      • Cyber Insights 2026: Regulations And The Tangled Mess Of Compliance Requirements
        "A Gordian Knot is a puzzle that cannot be unraveled, only destroyed. Our own Gordian Mess is an ever growing tangle of regulations that can be neither unraveled nor destroyed. Cyber regulations are where politics meets business – where business becomes subject to political realities. For the last few years, politics has been shaped by geopolitical tension. Different regions and countries have become more nationalist in both politics and attitudes. Even the EU, which has traditionally been ‘liberal’ is now better described as center-right. The overall effect of this global growth in nationalism is that different regions, countries and states are increasingly assertive about their own digital sovereignty."
        https://www.securityweek.com/cyber-insights-2026-regulations-and-the-tangled-mess-of-compliance-requirements/
      • 2025 Was a Wake-Up Call To Protect Human Decisions, Not Just Systems
        "As 2026 begins, I keep coming back to one uncomfortable realization about 2025. We did not misunderstand attackers. We misunderstood failure. Most of last year’s damage did not come from sophisticated techniques or unexpected adversaries. It came from ordinary systems breaking in ways that quietly altered how people made decisions. Systems stayed online. Dashboards stayed green. Confidence eroded, judgment shifted, and humans were forced to act without reliable truth. That is where the real harm happened."
        https://www.darkreading.com/cyber-risk/wake-up-call-to-protect-human-decisions-not-just-systems

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) b6185b7d-382c-4874-b663-2fa47ca067b0-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post