NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 23 February 2026

    Cyber Security News
    1
    1
    60
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Uptime Kuma: Open-Source Monitoring Tool
        "Service availability monitoring remains a daily operational requirement across IT teams, SaaS providers, and internal infrastructure groups. Many environments rely on automated checks and alerting to track outages, latency issues, and service degradation across web applications and network endpoints. Uptime Kuma is an open-source uptime monitoring project that supports this type of operational monitoring through a self-hosted deployment model."
        https://www.helpnetsecurity.com/2026/02/20/uptime-kuma-open-source-monitoring-tool/
        https://github.com/louislam/uptime-kuma

      Vulnerabilities

      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability
        CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/02/20/cisa-adds-two-known-exploited-vulnerabilities-catalog
        https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html
        https://securityaffairs.com/188324/security/u-s-cisa-adds-roundcube-webmail-flaws-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • GitLab Threat Intelligence Team Reveals North Korean Tradecraft
        "We’re sharing intelligence on threat actors associated with North Korean Contagious Interview and IT worker campaigns to raise awareness of emerging trends in operations and tradecraft. We hope this analysis helps the broader security community defend against evolving threats and address the industry-wide challenge of threat actors using legitimate platforms and tools for their operations. Publishing this intelligence reflects our commitment to disrupting threat actor infrastructure. Our security team continuously monitors for accounts that violate our platform’s terms of use and maintains controls designed to prevent the creation of accounts from U.S.-embargoed countries in accordance with applicable trade control laws."
        https://about.gitlab.com/blog/gitlab-threat-intelligence-reveals-north-korean-tradecraft/
      • Massive Winos 4.0 Campaigns Target Taiwan
        "FortiGuard Labs recently observed several targeted phishing campaigns in Taiwan that use themes designed to exploit local business processes. These campaigns disseminate Winos 4.0 (ValleyRat) and subsequent malicious plugins through weaponized attachments or embedded links. The lures mimic official communications, such as tax audit notifications, tax filing software installers, and cloud-based e-invoice downloads. Our analysis of domain registration data reveals that attackers use a rotating set of domains and cloud services to host and distribute malware. The highly volatile nature of this infrastructure renders traditional, static domain blocking insufficient as a primary defense."
        https://www.fortinet.com/blog/threat-research/massive-winos-40-campaigns-target-taiwan
      • Operation Olalampo: Inside MuddyWater’s Latest Campaign
        "The Group-IB Threat Intelligence Team has identified a new cyber campaign attributed with high confidence to the Iranian threat actor known as MuddyWater. This campaign, dubbed Operation Olalampo, targeted multiple organizations and individuals primarily across the MENA region, aligning with the ongoing geopolitical tensions. First observed on 26 January 2026, the operation involved the deployment of several novel malware variants exhibiting tactical and technical overlap with samples previously attributed to the MuddyWater threat group. Notably, one variant leveraged a Telegram bot as a command-and-control (C2) channel."
        https://www.group-ib.com/blog/muddywater-operation-olalampo/
      • Facebook Ads Spread Fake Windows 11 Downloads That Steal Passwords And Crypto Wallets
        "Attackers are running paid Facebook ads that look like official Microsoft promotions, then directing users to near-perfect clones of the Windows 11 download page. Click Download Now and instead of a Windows update, you get a malicious installer—one that silently steals saved passwords, browser sessions, and cryptocurrency wallet data."
        https://www.malwarebytes.com/blog/scams/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets
      • MIMICRAT: ClickFix Campaign Delivers Custom RAT Via Compromised Legitimate Websites
        "During a recent investigation, Elastic Security Labs identified an active ClickFix campaign compromising multiple legitimate websites to deliver a multi-stage malware chain. Unlike simpler ClickFix deployments that terminate at commodity infostealers, this campaign ends with a capable custom remote access trojan (RAT) we have called MIMICRAT: a native C implant with malleable C2 profiles, token impersonation, SOCKS5 tunneling, and a 22-command dispatch table."
        https://www.elastic.co/security-labs/mimicrat-custom-rat-mimics-c2-frameworks
        https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html
      • How Predator Spyware Defeats iOS Recording Indicators
        "This research is malware analysis documenting how already-deployed commercial spyware (Predator) operates post-compromise. It is not a vulnerability disclosure. This research is not revealing a new iOS security flaw that requires patching, rather, it explains how existing spyware works after a device has already been compromised through other means (zero-days, etc.) This research is intended to help defenders understand the threat and build detection capabilities."
        https://www.jamf.com/blog/predator-spyware-ios-recording-indicator-bypass-analysis/
        https://www.bleepingcomputer.com/news/security/predator-spyware-hooks-ios-springboard-to-hide-mic-camera-activity/
      • AI-Augmented Threat Actor Accesses FortiGate Devices At Scale
        "Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates this shift: Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries from January 11 to February 18, 2026. No exploitation of FortiGate vulnerabilities was observed—instead, this campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale."
        https://aws.amazon.com/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale/
        https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/
        https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html
      • The ClickFix Trap: How Fake Captchas Are Delivering Stealthy Infostealers
        "Recently, CyberProof MDR analysts alerted the CyberProof Threat Hunting team to late-stage EDR alerts related to a Fake Captcha Infostealer campaign. Further investigation confirmed that this campaign is likely linked to an infostealer operation. Data correlation revealed significant similarities to previous research on the ClickFix campaign, which targeted restaurant reservations in July 2025. These patterns also match several other infostealers observed spreading via fake captcha pages over the last two months. In this technical deep dive, we examine the mechanics of this campaign and provide hunting queries to assist researchers in their investigations."
        https://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign/
        https://hackread.com/clickfix-attack-crypto-wallets-browsers-infostealer/
      • Hiding In Plain Pixels: Malicious NPM Package Found
        "We recently came across a suspicious NPM package called buildrunner-dev. The package is deceptively simple, containing a package.json with a postinstall hook pointed at an init.js file, but that’s where things got interesting. The postinstall script was triggered upon package installation and dropped a batch file called packageloader.bat. At first glance it looked like pure noise due to thousands of characters that appear to be gibberish; nature-themed REM comments, and variable names that read like a cat walked across someone’s keyboard. But as we started peeling back layer after layer of obfuscation, we uncovered a remarkably well-engineered attack chain that hides its true payloads inside the RGB pixel values of PNG images hosted on a free image service."
        https://www.veracode.com/blog/malicious-npm-package-hiding-in-plain-pixels/
        https://hackread.com/hackers-pulsar-rat-png-images-npm-supply-chain-attack/

      Breaches/Hacks/Leaks

      • PayPal Discloses Data Breach That Exposed User Info For 6 Months
        "PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing. PayPal discovered the breach on December 12, 2025, and determined that customers' names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth had been exposed since July 1, 2025."
        https://www.bleepingcomputer.com/news/security/paypal-discloses-data-breach-exposing-users-personal-information/
        https://securityaffairs.com/188309/data-breach/paypal-discloses-extended-data-leak-linked-to-loan-app-glitch.html
        https://www.theregister.com/2026/02/20/paypal_app_code_error_leak/
      • Hackers Breach Contractor Linked To Ukraine’s Central Bank Collectible Coin Store
        "Ukraine’s central bank said its online store for collectible coins and numismatic products was temporarily taken offline after a cyberattack exposed some customer information. The National Bank of Ukraine (NBU) said in a statement on Thursday that attackers may have gained access to users’ personal data, including names, phone numbers, email addresses and delivery addresses."
        https://therecord.media/hackers-breach-ukraine-national-bank-contractor
      • ShinyHunters Demands $1.5M Not To Leak Vegas Casino And Resort Chain Data
        "Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters. On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees' Social Security numbers and other private details. The extortionists set a February 23 deadline for Wynn to "reach out" and threatened to leak the data, "along with several annoying (digital) problems that'll come your way," if the resort chain did not comply with the demands."
        https://www.theregister.com/2026/02/20/shinyhunters_wynn_resorts/

      General News

      • January 2026 Infostealer Trend Report
        "This report provides statistics, trends, and case information regarding the distribution quantity, distribution methods, and obfuscation techniques of Infostealer malware collected and analyzed during the month of January 2026. Below is a summary of the original report content."
        https://asec.ahnlab.com/en/92646/
      • January 2026 Phishing Email Trends Report
        "This report provides the distribution quantity, statistics, trends, and case information on phishing emails and email threats collected and analyzed for one month in January 2026. The following are some statistics and cases included in the original report."
        https://asec.ahnlab.com/en/92621/
      • January 2026 Threat Trend Report On Ransomware
        "This report provides the number of affected systems confirmed during January 2026, DLS-based ransomware-related statistics, and notable ransomware issues in Korea and abroad. Below is a summary of some information. The statistics on the number of ransomware samples and affected systems were based on the diagnostic names assigned by AhnLab, and the statistics on ransomware-affected companies were derived from information publicly disclosed on the DLS (Dedicated Leak Sites, also referred to as ransomware PR sites or PR pages) of ransomware groups, collected based on the timing from the ATIP infrastructure."
        https://asec.ahnlab.com/en/92620/
      • Ukrainian Gets 5 Years For Helping North Koreans Infiltrate US Firms
        "A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies. 39-year-old Oleksandr Didenko of Kyiv, Ukraine, pleaded guilty in November 2025 to aggravated identity theft and wire fraud conspiracy after being arrested in Poland in May 2024. This week, he was sentenced to 60 months in prison and 12 months of supervised release, and agreed to forfeit more than $1.4 million, including cash and cryptocurrency seized from Didenko and his accomplices."
        https://www.bleepingcomputer.com/news/security/ukrainian-gets-5-years-for-helping-north-koreans-infiltrate-us-firms/
        https://thehackernews.com/2026/02/ukrainian-national-sentenced-to-5-years.html
        https://therecord.media/north-korea-laptop-farm-ukraine
        https://securityaffairs.com/188305/cyber-crime/north-korean-it-worker-scam-nets-ukrainian-five-year-sentence-in-the-u-s.html
        https://www.theregister.com/2026/02/20/north_korean_it_worker_prison/
        https://www.helpnetsecurity.com/2026/02/20/ukrainian-national-sentenced-id-entity-theft-north-korea-it-workers-identity-theft/
      • Keeping Google Play & Android App Ecosystems Safe In 2025
        "The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we’re focused on ensuring that apps do not cause real-world harm, such as malware, financial fraud, hidden subscriptions, and privacy invasions. As bad actors leverage AI to change their tactics and launch increasingly sophisticated attacks, we’ve deepened our investments in AI and real-time defenses over the last year to maintain the upper hand and stop these threats before they reach users."
        https://security.googleblog.com/2026/02/keeping-google-play-android-app-ecosystem-safe-2025.html
        https://www.bleepingcomputer.com/news/security/google-blocked-over-175-million-play-store-app-submissions-in-2025/
        https://www.helpnetsecurity.com/2026/02/20/google-strengthens-android-safe-app-ecosystem/
      • 'God-Like' Attack Machines: AI Agents Ignore Security Policies
        "AI agents are programmed to be industrious and focused on completing user-assigned tasks, but that single-minded approach often has gone wrong. Last week, a Microsoft Copilot bug reportedly resulted in the AI assistant summarizing confidential emails, while users of AI agents have regularly complained that they are ignoring instructions to protect certain files, modifying them anyway. Last July, during a 12-day vibe-coding event, for example, one user working with AI agents on the software-creation platform Replit reported that the agent repeatedly ignored code freezes and even deleted a production database."
        https://www.darkreading.com/application-security/ai-agents-ignore-security-policies
      • Lessons From AI Hacking: Every Model, Every Layer Is Risky
        "When Hillai Ben Sasson and Dan Segev set out to hack AI infrastructure two years ago, they expected to find vulnerabilities — but they didn't expect to compromise virtually every major AI platform they targeted. The two researchers — who work in offensive and defensive research, respectively, at cloud-security firm Wiz — wanted to experiment with how they could attack the AI infrastructure being deployed as part of foundational models, AI services, and in-house AI projects. Yet, what started as simple attacks on the AI supply chain — such as abusing the widely used Pickle format to run arbitrary code — evolved into a comprehensive threat assessment spanning five distinct layers of the AI stack."
        https://www.darkreading.com/application-security/lessons-ai-hacking-model-every-layer-risky
      • Latin America's Cyber Maturity Lags Threat Landscape
        "Although Latin American countries have made major strides toward cybersecurity maturity, sluggish progress and an aggressive cybercrime ecosystem present challenges ahead for the region. Intel 471 this week published a report detailing Latin America's cyber threat landscape, synthesizing data collected during 2025. Broadly speaking, the report references increasing security maturity for the region — citing a December 2025 report from the Organization of American States (OAS) attesting to this — while observing an increasingly hostile threat landscape."
        https://www.darkreading.com/threat-intelligence/latin-americas-cyber-maturity-lags-threat-landscape
      • Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges
        "Chiplets are replacing old chip designs and driving semiconductor design, enabling breakthroughs in next-generation artificial intelligence (AI) data centers and self-driving vehicles. But they also put applications and infrastructure at risk. By stitching together smaller silicon components — all with different functions — into a single circuit, chiplets offer greater design flexibility and reusability than traditional chips. With traditional monolithic chip designs, each chip is built from scratch for a specific purpose, and changing the use case requires creating a whole new chip. Chiplets are a mix-and-match of components to create solutions that meet the exact needs of the customer, so it is quick and easy to swap out components to adapt to a different use case."
        https://www.darkreading.com/cyber-risk/emerging-chiplet-designs-spark-fresh-cybersecurity-challenges
      • LLMs Change Their Answers Based On Who’s Asking
        "AI chatbots may deliver unequal answers depending on who is asking the question. A new study from the MIT Center for Constructive Communication finds that LLMs provide less accurate information, increase refusal rates, and sometimes adopt a different tone when users appear less educated, less fluent in English, or from particular countries. The team evaluated GPT-4, Claude 3 Opus, and Llama 3-8B using established benchmarks for scientific knowledge and truthfulness. One set of questions came from a science exam style dataset and the other from the TruthfulQA benchmark, which includes factual items and questions structured to trigger common misconceptions."
        https://www.helpnetsecurity.com/2026/02/20/mit-llms-response-reliability-risks-study/
        https://arxiv.org/pdf/2406.17737
      • The CISO View Of Fraud Risk Across The Retail Payment Ecosystem
        "In this Help Net Security interview, Paul Suarez, VP and CISO at Casey’s, explains how his team manages patching and upgrades for fuel payment systems with long hardware lifecycles. He also discusses risks tied to QR code payments and outlines why loyalty abuse can be hard to spot. Suarez shares how Casey’s monitors payment systems across stores, corporate networks, and third-party processors."
        https://www.helpnetsecurity.com/2026/02/20/paul-suarez-caseys-convenience-store-payment-fraud/
      • Quantum Security Is Turning Into a Supply Chain Problem
        "Supplier onboarding, invoice processing, and procurement platforms run on encrypted data flows that were built for long-term trust. In many organizations, that trust still depends on cryptographic standards like RSA and elliptic curve cryptography (ECC), even as security teams begin planning for a post-quantum world. A recent apexanalytix research report argues that supply chain leaders are already operating inside a quantum risk window, even though large-scale quantum computing remains years away."
        https://www.helpnetsecurity.com/2026/02/20/post-quantum-cryptography-supply-chain-priority/
      • Dramatic Escalation In Frequency And Power Of DDoS Attacks
        "The number of Distributed Denial-of-Service (DDoS) attacks has increased significantly and they’re getting more powerful and disruptive, analysis by cybersecurity researchers has warned. The Radware 2026 Global Threat Analysis Report has detailed what is described as a “dramatic escalation in cyber-attack activity” during 2025, with a 168% increase in DDoS attacks compared with 2024. The figure is based on analysis of Radware customer data. During 2025, the average Radware customer faced more than 25,351 attempted DDoS attacks during the reporting period – equivalent to 139 attempted incidents a day."
        https://www.infosecurity-magazine.com/news/ddos-escalation-frequency-power/
      • Former Google Engineers Indicted Over Trade Secret Transfers To Iran
        "Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor Ghandali, 32, have been accused of conspiring to commit trade secret theft from Google and other leading technology companies, theft and attempted theft of trade secrets, and obstruction of justice."
        https://thehackernews.com/2026/02/three-former-google-engineers-indicted.html
        https://www.theregister.com/2026/02/20/google_ip_theft_charges/
      • Russia Stepping Up Hybrid Attacks, Preparing For Long Standoff With West, Dutch Intelligence Warns
        "Russia’s intensifying cyberattacks, sabotage and covert influence operations across Europe show the Kremlin is preparing for a prolonged confrontation with the West, Dutch intelligence agencies said in a report published this week. In a joint assessment by the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD), the Dutch agencies warned that while a direct military clash between Russia and NATO remains unlikely, it is no longer unthinkable."
        https://therecord.media/russia-cyberattacks-europe-warfare
      • Romanian Hacker Faces Up To 7 Years For Breaching Oregon Emergency Management Department
        "A 45-year-old Romanian national pleaded guilty this week to hacking into computers at Oregon’s Department of Emergency Management in June 2021 and selling the access he obtained for $3,000 worth of Bitcoin. Catalin Dragomir also hacked into 10 other U.S. companies, causing financial losses of at least $250,000. He was arrested in Romania in November 2024 and was extradited to the U.S. last year. In court on Thursday, Dragomir pleaded guilty to obtaining information from a protected computer and one count of aggravated identity theft. He will be sentenced in May and is facing up to seven years in prison."
        https://therecord.media/romanian-hacker-faces-7-years-oregon-breach

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 35d85d5a-1630-4b25-9ae8-8bcb93cb956f-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post