NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 20 February 2026

    Cyber Security News
    1
    1
    191
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • January 2026 Security Issues In Korean & Global Financial Sector
        "This report comprehensively addresses actual cyber threats and related security issues that have occurred in domestic and international financial sector companies. It includes an analysis of malware and phishing cases disseminated targeting the financial sector, presents the top 10 major malware aimed at the financial sector, and provides statistics on industries of domestic accounts leaked via Telegram.. It also details cases of phishing emails targeting the financial sector. Additionally, it analyzes major threats and cases related to finance that have occurred on the dark web., threats of credit card data leakage and actual cases,, threats of database leaks in financial institutions and occurrences., ransomware intrusion threats targeting the financial sector and damage cases caused by infections,, and various cyber attack threats against financial institutions along with actual damage cases."
        https://asec.ahnlab.com/en/92626/
      • FBI: More Than 700 ATM Jackpotting Incidents With Losses Over $20 Million Occurred In 2025
        "Criminals are increasingly using malware to steal money out of ATMs, with hundreds of incidents taking place in 2025 alone. In a flash alert on Thursday, the FBI said it has tracked more than 1,900 ATM jackpotting incidents since 2020 and over 700 in 2025 that involved more than $20 million in losses. FBI officials explained that criminals are now taking advantage of physical and software vulnerabilities that allow them to deploy malware on ATMs and dispense cash without transactions."
        https://therecord.media/fbi-atm-jackpotting-2025-report
        https://www.ic3.gov/CSA/2026/260219.pdf
        https://www.theregister.com/2026/02/19/crims_atm_jackpotting/

      Industrial Sector

      • ICS Cybersecurity In 2026: Vulnerabilities And The Path Forward
        "CISA/ICS-CERT has been the authoritative source about vulnerabilities in operational technology/industrial control systems (OT/ICS) since they started the ICS Advisory (ICSA) program in 2010. Between March 2010 and January 31, 2026, CISA/ICS-CERT published 3,637 ICS advisories about 12,174 vulnerabilities affecting 2,783 products from 689 vendors. One hundred seventy eight (178) of these advisories were dedicated to medical devices — nearly 5 %. However, there is a growing number of vulnerabilities on critical devices that are not tracked with associated ICSAs which may leave asset owners and network administrators with blind spots on their networks."
        https://www.forescout.com/blog/ics-cybersecurity-in-2026-vulnerabilities-and-the-path-forward/
        https://www.infosecurity-magazine.com/news/industrial-control-system-vulns/
      • Cyberattacks On Automobile Manufacturers, Taxi Fleets, And Logistics Providers: The Risks To Automotive Infrastructure In 2026
        "Modern cars are complex digital devices with extensive remote communication capabilities that expand the vehicle’s attack surface. Attackers can target not only cars directly but also the systems to which they are connected. Kaspersky experts share a cyberthreat forecast for the automotive industry in 2026. In 2026, financially motivated attackers will continue to target the infrastructure of automobile manufacturers, which may result in production shutdowns or the theft of confidential data. There were several such incidents in 2025."
        https://ics-cert.kaspersky.com/publications/blog/2026/02/19/risks-for-the-automotive-industry-in-2026/

      Vulnerabilities

      • Microsoft Patches CVE-2026-26119 Privilege Escalation In Windows Admin Center
        "Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a CVSS score of 8.8 out of a maximum of 10.0"
        https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
        https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119
        https://www.helpnetsecurity.com/2026/02/19/windows-admin-center-cve-2026-26119/
      • How AI SAST Traced Data Flows To Uncover Six OpenClaw Vulnerabilities
        "In our previous post, we discussed how Endor Labs' AI SAST engine successfully identified seven exploitable vulnerabilities in OpenClaw through systematic analysis and validation. Now that OpenClaw has published patches and security advisories, we can share the technical details of how agentic data flow analysis uncovered these issues and enabled proof-of-concept development. This post examines six disclosed vulnerabilities, walking through how the AI SAST engine traced data paths from user-controlled sources to dangerous sinks and how we validated each finding with working exploits."
        https://www.endorlabs.com/learn/how-ai-sast-traced-data-flows-to-uncover-six-openclaw-vulnerabilities
        https://www.infosecurity-magazine.com/news/researchers-six-new-openclaw/

      Malware

      • German Rail Giant Deutsche Bahn Hit By Large-Scale DDoS Attack
        "Deutsche Bahn, Germany’s national rail operator, has been dealing with a large-scale distributed denial-of-service (DDoS) attack that has disrupted some of its IT systems. Regular status updates from Deutsche Bahn indicated that the attack began on February 17 and continued into February 18. According to the rail giant, the attack came in waves and its scale is substantial. The DDoS attack disrupted Deutsche Bahn’s information and ticketing systems, including its websites and the DB Navigator app."
        https://www.securityweek.com/german-rail-giant-deutsche-bahn-hit-by-large-scale-ddos-attack/
        https://www.theregister.com/2026/02/18/deutsche_bahn_ddos/
        https://securityaffairs.com/188254/breaking-news/germanys-national-rail-operator-deutsche-bahn-hit-by-a-ddos-attack.html
      • PromptSpy Ushers In The Era Of Android Threats Using GenAI
        "ESET researchers uncovered the first known case of Android malware abusing generative AI for context-aware user interface manipulation. While machine learning has been used to similar ends already – just recently, researchers at Dr.WEB found Android.Phantom, which uses TensorFlow machine learning models to analyze advertisement screenshots and automatically click on detected elements for large scale ad fraud – this is the first time we have seen generative AI deployed in this manner. Because the attackers rely on prompting an AI model (in this instance, Google’s Gemini) to guide malicious UI manipulation, we have named this family PromptSpy. This is the second AI powered malware we have discovered – following PromptLock in August 2025, the first known case of AI-driven ransomware."
        https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/
        https://www.bleepingcomputer.com/news/security/promptspy-is-the-first-known-android-malware-to-use-generative-ai-at-runtime/
        https://thehackernews.com/2026/02/promptspy-android-malware-abuses-google.html
        https://www.theregister.com/2026/02/19/genai_malware_android/
        https://www.helpnetsecurity.com/2026/02/19/promptspy-android-malware-generative-ai/
      • Hackers Target Microsoft Entra Accounts In Device Code Vishing Attacks
        "Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the device authorization flow to trick victims into authenticating. This provides attackers with valid authentication tokens that can be used to access the victim's account without relying on regular phishing sites that steal passwords or intercept multi-factor authentication codes."
        https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/
      • Massiv: When Your IPTV App Terminates Your Savings
        "Modern mobile threat landscape offers multiple malware families used by lots of single threat actors or organised criminal groups. They are constantly on the lookout for the ways to deliver the Trojans to the victims in the most natural, smooth and unsuspicious way. A modern Android banking Trojan, which is usually distributed through side-loading, must convincingly masquerade as a legitimate application so that it does not raise suspicion and persuades victims to proceed with the installation."
        https://www.threatfabric.com/blogs/massiv-when-your-iptv-app-terminates-your-savings
        https://thehackernews.com/2026/02/fake-iptv-apps-spread-massiv-android.html
        https://www.bleepingcomputer.com/news/security/new-massiv-android-banking-malware-poses-as-an-iptv-app/
        https://www.bankinfosecurity.com/massiv-attack-android-trojan-targets-iptv-users-a-30794
      • Brand Trust As a Weapon: Multi-Brand Impersonation Campaigns Deliver JWrapper Malware
        "In recent threat campaigns, attackers have begun abusing the trust placed in DocuSign, a widely used electronic signature platform, to deliver JWrapper-ackaged malware. By impersonating DocuSign and SimpleHelp communications and embedding malicious executables within seemingly legitimate documents or download links, threat actors trick users into executing harmful payloads."
        https://cofense.com/blog/brand-trust-as-a-weapon-multi-brand-impersonation-campaigns-deliver-jwrapper-malware
      • Supply Chain Attack Targeting Cline Installs OpenClaw
        "Our software supply chain security feed detected a compromised release of the popular AI assistant Cline. It was first reported by Adnan Khan and is tracked as GHSA-9ppg-jx86-fqw7. Version 2.3.0 of the Cline CLI npm package uses a post-install hook to automatically install OpenClaw on the same machine. The malicious version has been flagged in the meantime, but the tarball and metadata are still available at the time of writing. As visible from the metadata, the attacker supposedly got hold of a long-lived token to publish the malicious version, thereby bypassing the trusted publication process established by the Cline maintainers."
        https://www.endorlabs.com/learn/supply-chain-attack-targeting-cline-installs-openclaw
        https://www.darkreading.com/application-security/supply-chain-attack-openclaw-cline-users
      • Starkiller: New Phishing Framework Proxies Real Login Pages To Bypass MFA
        "Most phishing kits rely on static HTML clones of login pages. While effective, they’re inherently fragile: even minor interface updates from the impersonated brand can immediately reveal the deception. A new framework called Starkiller (not to be confused with the legitimate BC Security red team tool of the same name) takes a different approach. Sold openly as a commercial-grade cybercrime platform by a threat group calling itself Jinkusu, Starkiller is distributed like a SaaS product. It launches a headless Chrome instance—a browser that operates without a visible window—inside a Docker container, loads the brand’s real website, and acts as a reverse proxy between the target and the legitimate site."
        https://abnormal.ai/blog/starkiller-phishing-kit
        https://www.darkreading.com/threat-intelligence/starkiller-phishing-kit-mfa
        https://www.infosecurity-magazine.com/news/starkiller-phishing-kit-bypasses/
      • Beyond Tax Returns: How Shared Malware Infrastructure Scales Brand Abuse In Indonesia
        "The fraud campaign involving fake Coretax apps represents a sophisticated, industrialized threat targeting Indonesia’s digital public infrastructure. Initiated in July 2025 and experiencing a significant escalation in January 2026 — timed to coincide with the national tax season — the campaign leverages the impersonation of the official Coretax web platform to facilitate large-scale financial fraud. The attack chain integrates phishing websites, social engineering (WhatsApp), malicious APK sideloading, and voice phishing (vishing) to achieve full device compromise and unauthorized transfer execution."
        https://www.group-ib.com/blog/indonesia-tax-impersonation-goldfactory-malware/
      • Remcos RAT Expands Real-Time Surveillance Capabilities
        "A newly observed variant of Remcos RAT has introduced real-time surveillance features and stronger evasion techniques, marking a shift in how the malware operates on compromised Windows systems. The updated strain no longer relies primarily on storing stolen data locally. Instead, it establishes direct online communication with attacker-controlled servers, enabling immediate monitoring and data theft. The latest build can stream webcam footage in real time and transmit captured keystrokes instantly, reducing forensic traces left on infected machines."
        https://www.infosecurity-magazine.com/news/remcos-rat-expands-real-time/
      • (Don't) TrustConnect: It's a RAT In An RMM Hat
        "RMM tools continue to be many attackers’ top choice for initial access. Such enterprise remote support software like SimpleHelp, SuperOps, Datto, N-able and others are frequently delivered via email campaigns by cybercrime actors or used as follow-on payloads once an actor achieves initial access. (As always, the legitimate RMM tools mentioned in this report are just that — legitimate. It’s the threat actors doing the abusing. We call out brand names strictly to explain what the actors misused, not because the vendors themselves had any hand in the activity.) But at the end of January, Proofpoint observed a weird twist on the RMM landscape: a threat actor created a malware masquerading as an RMM called “TrustConnect Agent.”"
        https://www.proofpoint.com/us/blog/threat-insight/dont-trustconnect-its-a-rat
        https://www.theregister.com/2026/02/19/rmm_rat_trustconnect/
      • Arkanix Stealer: a C++ & Python Infostealer
        "In October 2025, we discovered a series of forum posts advertising a previously unknown stealer, dubbed “Arkanix Stealer” by its authors. It operated under a MaaS (malware-as-a-service) model, providing users not only with the implant but also with access to a control panel featuring configurable payloads and statistics. The set of implants included a publicly available browser post-exploitation tool known as ChromElevator, which was delivered by a native C++ version of the stealer. This version featured a wide range of capabilities, from collecting system information to stealing cryptocurrency wallet data. Alongside that, we have also discovered Python implementation of the stealer capable of dynamically modifying its configuration. The Python version was often packed, thus giving the adversary multiple methods for distributing their malware. It is also worth noting that Arkanix was rather a one-shot malicious campaign: at the time of writing this article, the affiliate program appears to be already taken down."
        https://securelist.com/arkanix-stealer/119006/
      • VShell And SparkRAT Observed In Exploitation Of BeyondTrust Critical Vulnerability (CVE-2026-1731)
        "On Feb. 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. BeyondTrust is an identity and access management platform. This specific vulnerability involves a pre-authentication remote code execution (RCE) issue within BeyondTrust remote support software. It could allow attackers to execute operating system commands in the context of the site user, which may lead to system compromise, including unauthorized access, data exfiltration and service disruption."
        https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
      • Dark Web Profile: Sinobi Ransomware
        "Sinobi Ransomware is a cybercrime operation that emerged in mid-2025, operating as a Ransomware-as-a-Service model. It is believed that the group is a rebrand or direct successor of the Lynx Ransomware group, which itself evolved from the INC Ransomware family. The group calls itself Sinobi, which closely resembles Shinobi (ninja), a term that appears across video games, film, music, comics, and entertainment, most notably in Sega’s long running Shinobi game series and other media titles."
        https://socradar.io/blog/dark-web-profile-sinobi-ransomware/
      • GrayCharlie Hijacks Law Firm Sites In Suspected Supply-Chain Attack
        "Insikt Group has been monitoring GrayCharlie, a threat actor overlapping with SmartApeSG and active since mid-2023, for some time, and is now publishing its first report on the group. GrayCharlie compromises WordPress sites and injects them with links to externally hosted JavaScript that redirects visitors to NetSupport RAT payloads delivered via fake browser update pages or ClickFix mechanisms. These infections often progress to the deployment of Stealc and SectopRAT. Insikt Group identified a large amount of infrastructure linked to GrayCharlie, primarily tied to MivoCloud and HZ Hosting Ltd. This includes NetSupport RAT command-and-control (C2) servers, both actor-controlled and compromised staging infrastructure, and higher-tier infrastructure used to administer operations."
        https://www.recordedfuture.com/research/graycharlie-hijacks-law-firm-sites-suspected-supply-chain-attack
        https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-2026-0218.pdf
      • Uncovering The Sophisticated Phishing Campaign Bypassing M365 MFA
        "KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA). The victim is directed to the legitimate Microsoft domain (microsoft.com/devicelogin) portal to enter an attack-supplied device code. This action authenticates the victim and issues a valid OAuth access token to the attacker’s application. The real-time theft of these tokens grants the attacker persistent access to the victim’s Microsoft 365 accounts and corporate data."
        https://blog.knowbe4.com/uncovering-the-sophisticated-phishing-campaign-bypassing-m365-mfa

      Breaches/Hacks/Leaks

      • Univ. Of Mississippi Medical Center Dealing With Cyberattack
        "The University of Mississippi Medical Center on Thursday said a ransomware attack has triggered its emergency operations plan and forced its hospitals to cancel all clinic and elective procedures at all locations statewide. The FBI is investigating the incident. "It's too early for us to communicate what we do and don't know, but we are in the process of surging resources both locally and nationally into this incident," said Robert Eikhoff, FBI special agent in charge for Mississippi at a press conference held by the medical center Thursday afternoon, according to a local media outlet."
        https://www.bankinfosecurity.com/univ-mississippi-medical-center-dealing-cyberattack-a-30808
      • Abu Dhabi Finance Week Exposed VIP Passport Details
        "Organizers of one of the Middle East's biggest business and investment summits appear to have inadvertently exposed passport details and other identity information of some 700 attendees, including former British Prime Minister David Cameron and former White House communications director Anthony Scaramucci. An independent security researcher found the sensitive data sitting unprotected on a cloud storage system associated with Abu Dhabi Finance Week (ADFW), according to London's Financial Times, the first to report on the incident. The researcher, whom the Financial Times identified as Roni Suchowski, apparently discovered the data using off-the-shelf software for scanning cloud services for unsecured and publicly accessible data."
        https://www.darkreading.com/cyber-risk/abu-dhabi-finance-week-leaked-vip-passport-details
      • Data Protection Failures On Moldovan Portals Leave Citizens At Risk
        "Breaches involving government entities may be politically motivated, such as the 2022 compromise of the Presidency of Moldova’s email server or the 2024 compromise of Moldova’s parliamentary email servers just days before the country’s presidential election. Other incidents may be due to human error or may be financially motivated. In Part 1, DataBreaches describes a data exposure vulnerability with Moldova’s job application portal. In Part 2, DataBreaches reports on a dark web listing of data allegedly hacked from Moldova’s energy compensation portal."
        https://databreaches.net/2026/02/19/data-protection-failures-on-moldovan-portals-exposed-citizens-to-risk/
        https://databreaches.net/2026/02/19/leaked-data-raises-questions-about-hackers-claims-and-moldovas-prior-denial/
      • Intimate Products Maker Tenga Spilled Customer Data
        "Tenga confirmed reports published by several outlets that the company notified customers of a data breach. The Japanese manufacturer of adult products appears to have fallen victim to a phishing attack targeting one of its employees. Tenga reportedly wrote in the data breach notification:"
        https://www.malwarebytes.com/blog/news/2026/02/intimate-products-producer-tenga-spilled-customer-data
      • Leading Japanese Semiconductor Supplier Responding To Ransomware Attack
        "Japanese semiconductor test equipment supplier Advantest said it is dealing with a ransomware attack that has impacted several company systems. The company said it detected unusual activity within its IT environment on Sunday and activated incident response protocols and isolated the impacted systems. “Preliminary findings appear to indicate that an unauthorized third party may have gained access to portions of the company’s network and deployed ransomware,” Advantest said."
        https://therecord.media/leading-japanese-semiconductor-supplier-ransomware
      • Ransomware Gang Threatens Cheyenne And Arapaho Tribes After Shutting Down Schools
        "The government of the Cheyenne and Arapaho Tribes is being extorted by cybercriminals after a ransomware attack shut down its schools and critical systems in January. The Rhysida ransomware gang took credit for the attack this week and demanded 10 bitcoin, or about $660,000, in exchange for not leaking information stolen from the systems of the Cheyenne and Arapaho Tribes, a federally recognized government headquartered in Concho, Oklahoma. Officials previously confirmed the ransomware attack in January."
        https://therecord.media/cheyenne-arapaho-ransomware-rhysida

      General News

      • January 2026 APT Group Trends Report
        "Sandworm attempted to destroy OT and IT equipment using DynoWiper after exploiting a vulnerable configuration of FortiGate, targeting at least 30 energy facilities, including wind and solar power plants in Poland, by the end of December 2025. They directly damaged RTUs, IEDs, and serial devices or manipulated settings to cause loss of remote control and operational disruption, and even conducted large-scale wiper deployment using GPO. This represents the most significant sabotage attack that has caused a substantial impact on the stability of the European power grid, making it the top priority threat group this month."
        https://asec.ahnlab.com/en/92627/
      • More Than 40% Of South Africans Were Scammed In 2025
        "Africans lose money to scammers nearly twice as often as people from other countries do, according to recent survey data, and the financial costs in countries like South Africa are serious. In October, the Global Anti-Scam Alliance (GASA) released its "Global State of Scams 2025 Report," based on quick online questionnaires taken by 46,000 adults in 42 countries. It found that during the preceding 12 months, 57% of citizens experienced some kind of scam and 23% of them lost money to one."
        https://www.darkreading.com/cybersecurity-analytics/south-africans-scammed-2025
      • Public Mobile Networks Are Being Weaponized For Combat Drone Operations
        "On June 1, 2025, Ukraine launched a coordinated drone strike on five airfields inside Russia, disabling or destroying aircrafts. The attack involved more than 100 drones carrying explosive payloads and targeting aircraft on the ground. The drones used mobile networks to transmit telemetry, receive instructions, and send back images during the operation, highlighting the integration of civilian mobile networks into combat drone operations. Enea researchers examined the progression of that integration, how mobile-connected drones have been used in conflict, and what the trend signals for national infrastructure."
        https://www.helpnetsecurity.com/2026/02/19/enea-mobile-connected-drones-report/
      • Attackers Keep Finding The Same Gaps In Security Programs
        "Attackers keep getting in, often through the same predictable weak spots: identity systems, third-party access, and poorly secured perimeter devices. A new threat report from Barracuda based on Managed XDR telemetry from 2025 shows that many successful incidents still start with basic access and configuration failures, not advanced malware. The report draws on more than two trillion IT events, nearly 600,000 security alerts, and more than 300,000 protected assets monitored over the year. Barracuda’s SOC triaged around 53,000 high-severity threats through its SOAR platform."
        https://www.helpnetsecurity.com/2026/02/19/managed-xdr-threat-report-security-programs/
      • Major Operation In Africa Targeting Online Scams Nets 651 Arrests, Recovers USD 4.3 Million
        "Law enforcement agencies from 16 African countries have made 651 arrests and recovered more than USD 4.3 million in an international cybercrime operation against online scams. Operation Red Card 2.0 (8 December 2025 to 30 January 2026) targeted the infrastructure and actors behind high-yield investment scams, mobile money fraud and fraudulent mobile loan applications. During the eight-week operation, investigations exposed scams linked to over USD 45 million in financial losses and identified 1,247 victims, predominantly from the African continent but also from other regions of the world. Authorities also seized 2,341 devices and took down 1,442 malicious IPs, domains and servers, as well as other related infrastructure."
        https://www.interpol.int/News-and-Events/News/2026/Major-operation-in-Africa-targeting-online-scams-nets-651-arrests-recovers-USD-4.3-million
        https://www.fortinet.com/blog/industry-trends/interpol-operation-red-card-20-turning-collaboration-into-real-worl-cybercrime-disruption
        https://www.bleepingcomputer.com/news/security/police-arrests-651-suspects-in-african-cybercrime-crackdown/
        https://thehackernews.com/2026/02/interpol-operation-red-card-20-arrests.html
      • Connected And Compromised: When IoT Devices Turn Into Threats
        "The number of Internet of Things (IoT) devices operating in a home or office continues to balloon, but security awareness is lagging despite the considerable risks the technologies pose, from credential theft to network access. IoT security is a long-standing topic that evolves as an influx of devices emerges onto the landscape. Devices require internet connectivity, yet many lack sufficient passcode and encryption features and ship with insecure default settings, placing much of the responsibility on the user."
        https://www.darkreading.com/iot/connected-compromised-iot-devices-turn-threats
      • Threat Intelligence Has a Human-Shaped Blind Spot
        "Last weekend, someone used email bombing software to deluge my personal inbox with hundreds of mailing list subscriptions in less than an hour. The goal wasn't to overwhelm my inbox, it was to hide three specific messages. Buried at the bottom of the pile were three welcome emails from American Express for a credit card I didn't apply for. The scheme worked — briefly. By the time I noticed the Amex messages, they were 800 emails deep. Email bombing is certainly not a new technique for covering up the evidence of fraud, but what struck me was where else I'd seen it before. Deluge-by-email has been an online harassment tactic for years. It is a cheap way to make victims feel violated, powerless, and overwhelmed."
        https://www.darkreading.com/threat-intelligence/human-shaped-blind-spot
      • OpenClaw Security Issues Continue As SecureClaw Open Source Tool Debuts
        "OpenClaw is rarely out of the news, but not necessarily under that name. This ‘autonomous personal assistant’ started life as Clawdbot, changed its name to Moltbot, and is now OpenClaw. All references to any of these names refer to the same product. On February 14, 2026, Peter Steinberger – the developer of OpenClaw – announced he is joining OpenAI. OpenClaw is transitioning into the OpenClaw Foundation with OpenAI providing financial and technical support. The most continuous and consistent news, however, remains OpenClaw’s security failings."
        https://www.securityweek.com/openclaw-security-issues-continue-as-secureclaw-open-source-tool-debuts/
      • Have Your Say: NIST Seeks Feedback On Draft Cybersecurity Framework For Transit
        "Transit systems never stop moving, and neither do cyberthreats. The National Institute for Standards and Technology’s (NIST’s) newly released draft cybersecurity framework for transit agencies is open for public comment, and the people who run and secure these systems have a chance to help shape what comes next. Public transportation systems are increasingly attractive targets for cybercriminals. And the consequences of a successful attack can extend far beyond IT disruption. As transit agencies adopt more connected technologies, integrate operational technology (OT) with IT systems and rely on digital tools to manage daily operations, their attack surfaces continue to expand."
        https://blog.barracuda.com/2026/02/19/nist-feedback-cybersecurity-framework-transit
        https://www.nccoe.nist.gov/projects/transit-cybersecurity-framework-csf-community-profile

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 8f09b180-a200-4304-993b-30efd3cd6ae3-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post