NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 17 February 2026

    Cyber Security News
    1
    1
    357
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Google Patches First Actively Exploited Chrome Zero-Day Of 2026
        "Google released an emergency Chrome update on Friday to patch a zero-day vulnerability that has been exploited in the wild. Chrome 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux fix CVE-2026-2441, described as a high-severity use-after-free vulnerability in the browser’s CSS component. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” Google said in its advisory. Google has credited researcher Shaheen Fazim for reporting the vulnerability. The actively exploited flaw was disclosed to the vendor on February 11, only two days before it was patched."
        https://www.securityweek.com/google-patches-first-actively-exploited-chrome-zero-day-of-2026/
        https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html
        https://www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/
        https://www.infosecurity-magazine.com/news/google-patches-new-in-wild-chrome/
        https://securityaffairs.com/188029/security/google-fixes-first-actively-exploited-chrome-zero-day-of-2026.html
        https://www.theregister.com/2026/02/16/chromes_zeroday/
        https://www.helpnetsecurity.com/2026/02/16/google-patches-chrome-vulnerability-with-in-the-wild-exploit-cve-2026-2441/

      Malware

      • Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations
        "Following our initial research into ClawdBot, Hudson Rock has now detected a live infection where an infostealer successfully exfiltrated a victim’s OpenClaw configuration environment. This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the “souls” and identities of personal AI agents."
        https://www.hudsonrock.com/blog/6182
        https://www.bleepingcomputer.com/news/security/infostealer-malware-found-stealing-openclaw-secrets-for-first-time/
        https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html
      • Operation DoppelBrand: Weaponizing Fortune 500 Brands
        "An elusive, financially motivated threat actor dubbed GS7 has been targeting Fortune 500 companies in a broad phishing campaign that turns the company's own brands against them with impersonated websites aimed at harvesting credentials. The campaign — dubbed Operation DoppelBrand — is ongoing, first observed between December and January. The group itself however has a history stretching back to 2022, according to a whitepaper by SOCRadar published today."
        https://www.darkreading.com/cyberattacks-data-breaches/operation-doppelbrand-weaponizing-fortune-500-brands
        https://socradar.io/resources/whitepapers/operation-doppelbrand-fortune-500-access/
        https://www.infosecurity-magazine.com/news/operation-doppelbrand-trusted/
      • Google Ads And Claude AI Abused To Spread MacSync Malware Via ClickFix
        "Cyber security researchers at Moonlock Lab, the investigative unit of the popular software developer MacPaw, have uncovered a clever new way that hackers are targeting Mac users. This campaign uses the ClickFix technique, where people are tricked into copying and pasting dangerous commands directly into their computer’s Terminal and the attack starts with a simple Google search."
        https://hackread.com/google-ads-claude-ai-macsync-malware-clickfix/
      • OysterLoader Unmasked: The Multi-Stage Evasion Loader
        "OysterLoader, also known as Broomstick and CleanUp, is a malware developed in C++, composed of multiple stages, belonging to the loader (A.k.a.: downloader) malware family. First reported in June 2024 by Rapid7, it is mainly distributed via web sites impersonating legitimate software which are often IT software for instance: PuTTy, WinSCP, Google Authenticator and Ai software. The loader is primarily employed in campaigns leading to Rhysida ransomware. According to Expel reports, OysterLoader is used by the Rhysida ransomware group which is closely associated with the WIZARD SPIDER nebula. Besides, the loader is also used to distribute commodity malware such as Vidar, the most widespread infostealer by January 2026."
        https://blog.sekoia.io/oysterloader-unmasked-the-multi-stage-evasion-loader/
        https://www.infosecurity-magazine.com/news/oysterloader-new-c2-infrastructure/
      • LockBit Strikes With New 5.0 Version, Targeting Windows, Linux And ESXI Systems
        "In September 2025, a new version of LockBit ransomware was released, supporting Windows, Linux and ESXi systems, with a primary target being the U.S. business sector. As is typical for the ransomware-as-a-service model, LockBit employs a double-extortion scheme, also exfiltrating files to the attacker's server to increase the likelihood of receiving the ransom. As threat actors advertised, this version has improved defense evasion and fast encryption, and having multiple systems support makes this malware a very serious threat. What’s notable among the multiple systems support its proclaimed capability to “work on all versions of Proxmox.” Proxmox is an open-source virtualization platform and is being adopted by enterprises as an alternative to commercial hypervisors, which makes it another prime target of ransomware attacks."
        https://www.acronis.com/en/tru/posts/lockbit-strikes-with-new-50-version-targeting-windows-linux-and-esxi-systems/
        https://www.helpnetsecurity.com/2026/02/16/lockbit-5-0-ransomware-windows-linux-esxi/

      Breaches/Hacks/Leaks

      • Washington Hotel In Japan Discloses Ransomware Infection Incident
        "The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. The hospitality group has established an internal task force and engaged external cybersecurity experts to assess the impact of the intrusion, determine whether customer data was compromised, and coordinate recovery efforts."
        https://www.bleepingcomputer.com/news/security/washington-hotel-in-japan-discloses-ransomware-infection-incident/
      • Eurail Says Stolen Traveler Data Now Up For Sale On Dark Web
        "Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. The company said that a threat actor also published a sample of the data on the Telegram messaging platform but it is still trying to determine the type of records and number of customers affected. Eurail B.V. is a Netherlands-based firm that manages and sells passes (Eurail and Interrail) for train travel across Europe, offering flexibility for multi-country trips."
        https://www.bleepingcomputer.com/news/security/eurail-says-stolen-traveler-data-now-up-for-sale-on-dark-web/
      • Canada Goose Investigating As Hackers Leak 600K Customer Records
        "ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of its own systems. Founded in 1957, Canada Goose is a Toronto-based performance luxury outerwear brand with a global retail footprint and nearly 4,000 employees."
        https://www.bleepingcomputer.com/news/security/canada-goose-investigating-as-hackers-leak-600k-customer-records/
        https://securityaffairs.com/188046/data-breach/shinyhunters-leaked-600k-canada-goose-customer-records-but-the-firm-denies-it-was-breached.html
        https://www.theregister.com/2026/02/16/canada_goose_shinyhunters/
      • Japanese Sex Toys Maker Tenga Discloses Data Breach
        "TENGA Co., Ltd. is a Tokyo-based Japanese sexual wellness and lifestyle company known for its innovative adult products. It employs roughly 125–200 people worldwide across its Japan headquarters and international offices. Tenga operates in personal care product manufacturing and sells products in dozens of countries, with annual revenue estimates in the tens of millions of dollars."
        https://securityaffairs.com/188022/data-breach/japanese-sex-toys-maker-tenga-discloses-data-breach.html
      • Hacking a Pharmacy To Get Free Prescription Drugs And More
        "My first disclosure in the healthcare industry has arrived! Ever wondered what it would be like to gain administrative access to a major pharmacy? You’re about to find out. The target was Dava Industry Pharmacy, a division of Zota Healthcare. If you are in the US, you probably haven’t heard of them, but those in India probably will have since they have 2,100+ stores and they claim they are “India’s largest private generic pharmacy retail chain“."
        https://eaton-works.com/2026/02/13/dava-india-hack/
        https://securityaffairs.com/188056/security/a-security-flaw-at-davaindia-pharmacy-allowed-attackers-to-access-customers-data-and-more.html

      General News

      • Man Arrested For Demanding Reward After Accidental Police Data Leak
        "Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received "something in return." Police detained the suspect at his Prinses Beatrixstraat residence in Ridderkerk on Thursday evening for computer hacking after the failed "extortion" attempt, searching his home and seizing data storage devices to recover the files. The incident began when the man contacted police on February 12 about images he had that may be relevant to an ongoing investigation. An officer responded to his inquiry but, instead of sending a link to upload the images, mistakenly shared a download link to confidential police documents."
        https://www.bleepingcomputer.com/news/security/man-arrested-for-demanding-reward-after-accidental-police-data-leak/
        https://www.theregister.com/2026/02/16/dutch_cops_breach/
      • Password Managers Less Secure Than Promised
        "Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords. People who regularly use online services have between 100 and 200 passwords. Very few can remember every single one. Password managers are therefore extremely helpful, allowing users to access all their passwords with just a single master password."
        https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html
        https://thehackernews.com/2026/02/study-uncovers-25-password-recovery.html
        https://www.bankinfosecurity.com/exploitable-flaws-found-in-cloud-based-password-managers-a-30770
        https://www.infosecurity-magazine.com/news/vulnerabilities-password-managers/
        https://www.theregister.com/2026/02/16/password_managers/
      • Security At AI Speed: The New CISO Reality
        "The CISO role has changed significantly over the past decade, but according to John White, EMEA Field CISO, Torq, the most disruptive shift is accountability driven by agentic AI. In this Help Net Security interview, White explains how security leaders must design and govern hybrid workforces where humans and AI agents operate side by side, making decisions and acting at scale. He notes that automation is moving beyond simple task execution into real-time insight and response. AI agents take on greater responsibility, but CISOs remain accountable for outcomes, and even for inaction when organizations fail to adopt and govern machine-speed security capabilities."
        https://www.helpnetsecurity.com/2026/02/16/john-white-torq-agentic-ai-security/
      • In GitHub’s Advisory Pipeline, Some Advisories Move Faster Than Others
        "GitHub Security Advisories are used to distribute vulnerability information in open-source projects and security tools. A new study finds that only a portion of those advisories ever pass through GitHub’s formal review process. A review of GitHub Security Advisories published between 2019 and 2025 examined 288,604 advisories. Of those, 23,563, about 8%, completed GitHub’s review process. Although most advisories remain unreviewed, reviewed entries play an outsized role in security workflows. They feed dependency scanners, alerting systems, and automated remediation tools used by development teams."
        https://www.helpnetsecurity.com/2026/02/16/github-security-advisorie-review-timelines-study/
        https://arxiv.org/pdf/2602.06009
      • Open Source Registries Don't Have Enough Money To Implement Basic Security
        "Open source registries are in financial peril, a co-founder of an open source security foundation warned after inspecting their books. And it's not just the bandwidth costs that are killing them. "The problem is they don't have enough money to spend on the very security features that we all desperately need to stop being a bunch of idiots and installing fu when it's malware," said Michael Winser, a co-founder of Alpha-Omega, a Linux Foundation project to help secure the open source supply chain."
        https://www.theregister.com/2026/02/16/open_source_registries_fund_security/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) b8acc5b9-eb5f-4220-8fc2-8a9f401a9f1f-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post