NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 27 March 2026

    Cyber Security News
    1
    1
    12
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Energy Sector

      • The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break
        "Let’s talk about the sector that keeps our lights on, water running, and industries humming—and why it’s become ransomware’s favorite target. In 2025, the global energy and utilities sector faced 187 confirmed ransomware attacks. Not attempts. Confirmed, successful intrusions where attackers locked systems, stole data, and demanded payment. And that’s just what we know about. If you think that number sounds alarming, you’re paying attention."
        https://cyble.com/blog/energy-sector-ransomware-attack-report/

      Industrial Sector

      • WAGO GmbH & Co. KG Industrial Managed Switches
        "An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-085-01
      • PTC Windchill Product Lifecycle Management
        "Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-085-03
      • OpenCode Systems OC Messaging And USSD Gateway
        "Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-085-02

      Vulnerabilities

      • BIND Updates Patch High-Severity Vulnerabilities
        "Internet Systems Consortium (ISC) on Wednesday rolled out a fresh round of BIND 9 updates to resolve four vulnerabilities, including two high-severity bugs. Tracked as CVE-2026-3104, the first high-severity flaw is described as a memory leak issue impacting code preparing DNSSEC proofs of non-existence. The security defect can be exploited via crafted domains to cause a memory leak in BIND resolvers. Authoritative servers may not be impacted, ISC notes in its advisory."
        https://www.securityweek.com/bind-updates-patch-high-severity-vulnerabilities-2/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-33634 Aqua Security Trivy Embedded Malicious Code Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/03/26/cisa-adds-one-known-exploited-vulnerability-catalog
      • TP-Link, Canva, HikVision Vulnerabilities
        "Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website."
        https://blog.talosintelligence.com/tp-link-canva-hikvision-vulnerabilities/
      • Cisco Patches Multiple Vulnerabilities In IOS Software
        "Cisco on Wednesday announced patches for a dozen high- and medium-severity vulnerabilities in IOS and IOS XE, most of which could be exploited to cause denial-of-service (DoS) conditions. The patches were rolled out as part of Cisco’s semiannual IOS and IOS XE security advisory bundle. While none of the bugs appear to have been exploited in the wild, technical information on four of them has been published. The publicly disclosed issues, tracked as CVE-2026-20110, CVE-2026-20112, CVE-2026-20113, and CVE-2026-20114, are medium-severity defects affecting Cisco Catalyst 9300 Series switches."
        https://www.securityweek.com/cisco-patches-multiple-vulnerabilities-in-ios-software/

      Malware

      • BPFdoor In Telecom Networks: Sleeper Cells In The Backbone
        "A months-long investigation by Rapid7 Labs has uncovered evidence of an advanced China-nexus threat actor, Red Menshen, placing some of the stealthiest digital sleeper cells the team has ever seen in telecommunications networks. The goal of these campaigns is to carry out high-level espionage, including against government networks. Telecommunications networks are the central nervous system of the digital world. They carry government communications, coordinate critical industries, and underpin the digital identities of billions of people. When these networks are compromised, the consequences extend far beyond a single provider or region. That level of access is, and should be, a national concern as it compromises not just one company or organization, but the communications of entire populations. Over the past decade, telecom intrusions have been reported across multiple countries. In several cases, state-backed actors accessed call detail records, monitored sensitive communications, and exploited trusted interconnections between operators. While these incidents often appear isolated, a broader pattern is emerging."
        https://www.rapid7.com/blog/post/tr-bpfdoor-telecom-networks-sleeper-cells-threat-research-report/
        https://thehackernews.com/2026/03/china-linked-red-menshen-uses-stealthy.html
        https://www.securityweek.com/chinese-hackers-caught-deep-within-telecom-backbone-infrastructure/
        https://www.helpnetsecurity.com/2026/03/26/telecom-bpfdoor-detection-script/
      • Attackers Are Now Targeting Business TikTok Accounts Using Session-Stealing Phishing Kits
        "We recently detected and blocked a new style of phishing page targeting TikTok for Business accounts — used by company marketing teams to manage ad campaigns. On closer analysis, we identified a cluster of linked pages featuring both TikTok themes, and Google themed “Schedule a Call” imitation pages, similar to a campaign reported late last year, suggesting a continuity of this previous campaign."
        https://pushsecurity.com/blog/tiktok-phishing
        https://www.bleepingcomputer.com/news/security/tiktok-for-business-accounts-targeted-in-new-phishing-campaign/
      • Coruna: The Framework Used In Operation Triangulation
        "On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit kit was first discovered in targeted attacks conducted by a customer of an unnamed surveillance vendor. It was later used by other attackers in watering-hole attacks in Ukraine and in financially motivated attacks in China. Additionally, researchers discovered an instance with the debug version of the exploit kit, which revealed the internal names of the exploits and the framework name used by its developers — Coruna. Analysis of the kit showed that it relies on the exploitation of many previously patched vulnerabilities and also includes exploits for CVE-2023-32434 and CVE-2023-38606. These two vulnerabilities particularly caught our attention because they had been first discovered as zero-days used in Operation Triangulation."
        https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/
        https://thehackernews.com/2026/03/coruna-ios-kit-reuses-2023.html
        https://www.bleepingcomputer.com/news/security/coruna-ios-exploit-framework-linked-to-triangulation-attacks/
        https://securityaffairs.com/190010/security/coruna-exploit-reveals-evolution-of-triangulation-ios-exploitation-framework.html
      • Xiaomi Phishing Attempt - Red Flags You Can't Afford To Ignore
        "Xiaomi, founded in 2010, has grown into a global technology brand known for delivering powerful smartphones and smart devices at competitive prices. With a strong presence in China, India, Southeast Asia, and parts of Europe, the company has built a loyal user base by combining innovation, sleek design, and value-driven technology. Because of its massive global footprint, Xiaomi accounts and services can become attractive targets for cybercriminals. Threat actors often exploit the company’s popularity by crafting phishing emails that appear to come from trusted Xiaomi sources such as HR, IT support, or account services. These emails are designed to look legitimate and often create a sense of urgency, encouraging recipients to click on malicious links before they have time to verify the message."
        https://cofense.com/blog/xiaomi-phishing-attempt-red-flags-you-can-t-afford-to-ignore
      • Quish Splash - When The QR Code Is The Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter.
        "Over a 20-day period, a threat actor identified by 7AI conducted a multi-wave QR code phishing campaign against a large enterprise, while targeting many others in parallel. Tracking data suggests the campaign scaled significantly, with over 1.6 million emails sent between waves to other organizations. In this environment, 33 emails were sent to 32 unique recipients across three waves. Of those emails, 28 were delivered directly to inboxes. Zero were blocked, and no automated remediation occurred."
        https://blog.7ai.com/quish-splash-when-the-qr-code-is-the-weapon-a-multi-wave-phishing-campaign-that-slipped-past-every-filter
        https://hackread.com/quish-splash-qr-code-phishing-hits-users/
      • From Phishing To Exfiltration: A Deep Dive Into PXA Stealer
        "CyberProof MDR analysts and Threat Researchers have identified a significant surge in PXA Stealer activity targeting global financial institutions during Q1 2026. These campaigns primarily leverage phishing emails containing malicious URLs that trigger the download of compromised ZIP attachments. Threat actors have demonstrated high levels of adaptability, utilizing diverse lures ranging from curriculum vitae and Adobe Photoshop installers to tax forms and legal documentation. This opportunistic approach highlights the attackers’ ability to target a broad spectrum of victims. Following the 2025 takedowns of major infostealers such as Lumma, Rhadamanthys, and RedLine, CyberProof observes that PXA Stealer activity has filled the resulting vacuum, seeing an estimated growth of 8-10%."
        https://www.cyberproof.com/blog/a-deep-dive-into-pxa-stealer/
        https://hackread.com/financial-firms-rise-pxa-stealer-attacks/
      • Sonatype Discovers Two Malicious Npm Packages
        "Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two malicious npm packages — sbx-mask and touch-adv — designed to exfiltrate secrets from victims' computers. The evidence strongly suggests account takeover of a legitimate publisher, rather than intentional malicious activity. Sonatype did not observe any indication that these were test packages, though touch-adv has now been removed. Hijacked publisher accounts are particularly concerning as, over time, maintainers build trust with the users of their components. Attackers aim to take advantage of that trust in order to steal valuable, or profitable, information."
        https://www.sonatype.com/blog/sonatype-discovers-two-malicious-npm-packages
        https://hackread.com/suspected-hijacked-developer-accounts-npm-malware/
      • Infiniti Stealer: a New MacOS Infostealer Using ClickFix And Python/Nuitka
        "A previously undocumented macOS infostealer has surfaced during our routine threat hunting. We initially tracked it as NukeChain, but shortly before publication, the malware’s operator panel became publicly visible, revealing its real name: Infiniti Stealer. This malware is designed to steal sensitive data from Macs. It spreads through a fake CAPTCHA page that tricks users into running a command themselves: a technique known as ClickFix. Instead of exploiting a bug, it relies on social engineering."
        https://www.malwarebytes.com/blog/threat-intel/2026/03/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka
      • ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension
        "Anthropic's Claude Chrome Extension has over 3 million users. It's an AI assistant in your browser sidebar that can navigate pages, read content, execute JavaScript, and interact with websites on your behalf. We found a vulnerability that allowed any website to silently inject prompts into that assistant as if the user wrote them. No clicks, no permission prompts. Just visit a page, and an attacker completely controls your browser."
        https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-extension
        https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html
      • Pro-Ukraine Hacker Group Bearlyfy Targets Russian Companies With Custom Ransomware
        "A pro-Ukrainian hacker group known as Bearlyfy has carried out more than 70 cyberattacks against Russian companies over the past year and is now escalating its campaign with newly developed ransomware tools, researchers have found. Bearlyfy first appeared in January 2025 and initially targeted smaller Russian businesses. In its early operations, the attackers showed limited skills and demanded modest ransoms of only a few thousand dollars, according to a report by the Russian cybersecurity firm F6. “Within a year this group has become a real nightmare for large Russian businesses,” researchers said, adding that the group’s ransom demands in recent attacks have grown to hundreds of thousands of dollars."
        https://therecord.media/ransomware-ukraine-russia-bearlyfy
      • Indian Government Probes CCTV Espionage Operation Linked To Pakistan
        "Indian authorities have reportedly ordered an audit of the nation’s CCTV cameras, after police uncovered what they claim was a Pakistan-backed surveillance operation. This story begins on March 14th, when police in Ghaziabad – a city adjacent to India’s capital Delhi – announced they had arrested suspects after finding CCTV cameras aimed at railway stations and other infrastructure. The solar-powered cameras streamed video over cellular networks – perhaps using accounts tied to stolen SIM cards – to viewers in Pakistan. Indian authorities investigated further and found multiple cameras in other locations, all located near important infrastructure. It’s alleged that Pakistan-backed operatives recruited Indian citizens to install the cameras."
        https://www.theregister.com/2026/03/26/india_pakistan_cctv/
      • Pawn Storm Campaign Deploys PRISMEX, Targets Government And Critical Infrastructure Entities
        "Prolific Russian-aligned cyber espionage group Pawn Storm has deployed a new malware suite that TrendAI™ Research identifies as PRISMEX. The APT group also known as APT28, Fancy Bear, UAC-0001 and Forest Blizzard in its latest observed campaigns target the operational backbone of Ukrainian defense and Western humanitarian and military aid infrastructure. The campaigns, which have been active since at least September 2025, significantly escalated in January 2026, and continue the long-lasting brazen attacks that Pawn Storm deploys against Ukraine since 2014."
        https://www.trendmicro.com/en_us/research/26/c/pawn-storm-targets-govt-infra.html
      • Converging Interests: Analysis Of Threat Clusters Targeting a Southeast Asian Government
        "Unit 42 researchers uncovered a series of cyberespionage campaigns targeting a government organization in Southeast Asia. Our initial investigation began with tracking Stately Taurus activity between June 1–Aug. 15, 2025. This activity involves USB-propagated malware called USBFect (aka HIUPAN), which deploys a PUBLOAD backdoor. Our investigation led to the discovery of two additional, distinct activity clusters we’re tracking as CL-STA-1048 and CL-STA-1049."
        https://unit42.paloaltonetworks.com/espionage-campaigns-target-se-asian-government-org/
        Honey For Hackers: A Study Of Attacks Targeting The Recent CVE-2026-21962 And Other Critical WebLogic * Vulnerabilities On a High Interactive Oracle Honeypot
        "This report analyzes attack data collected from a high-interaction honeypot simulating a vulnerable Oracle WebLogic Server (v14.1.1.0.0) over a 12-day period (Jan 22 - Feb 3, 2026). The primary focus is the immediate and widespread exploitation of the newly disclosed, critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2026-21962 (CVSS: 10.0). Attack attempts targeting this zero-day-like flaw were observed immediately following the public release of its exploit code, demonstrating the rapid weaponization of critical Oracle WebLogic vulnerabilities. In addition to CVE-2026-21962, the honeypot captured attacks targeting other persistent, critical WebLogic RCE flaws, including CVE-2020-14882/14883 (Console RCE), CVE-2020-2551 (IIOP RCE), and CVE-2017-10271 (WLS-WSAT RCE). This confirms that threat actors continue to rely on a small set of highly-effective, simple-to-exploit vulnerabilities to compromise WebLogic environments."
        https://www.cloudsek.com/blog/honey-for-hackers-a-study-of-attacks-targeting-the-recent-cve-2026-21962-and-other-critical-weblogic-vulnerabilities-on-a-high-interactive-oracle-honeypot
        https://www.infosecurity-magazine.com/news/critical-oracle-weblogic-rce/
      • EtherRAT & SYS_INFO Module: C2 On Ethereum (EtherHiding), Target Selection, CDN-Like Beacons
        "In March 2026, eSentire's Threat Response Unit (TRU) detected EtherRAT in a customer's environment in the Retail industry. EtherRAT is a Node.js-based backdoor reportedly linked by Sysdig to a North Korean advanced persistent threat (APT) group due to significant overlaps with "Contagious Interview" tactics, techniques, and procedures (TTPs). EtherRAT allows threat actors to run arbitrary commands on compromised hosts, gather extensive system information, and steal assets such as cryptocurrency wallets and cloud credentials. Command-and-Control (C2) addresses are retrieved using "EtherHiding", a technique to make C2 addresses more resilient by storing and updating them in Ethereum smart contracts, allowing threat actors to rotate infrastructure at a small cost and avoid takedowns by law enforcement. After retrieving the C2 address through public Ethereum RPC providers, the malware blends in with normal network traffic through CDN-like beaconing."
        https://www.esentire.com/blog/etherrat-sys-info-module-c2-on-ethereum-etherhiding-target-selection-cdn-like-beacons
        https://www.infosecurity-magazine.com/news/etherrat-bypass-security-ethereum/
      • From Invitation To Infection: How SILENTCONNECT Delivers ScreenConnect
        "Elastic Security Labs is observing malicious campaigns delivering a multi-stage infection involving a previously undocumented loader. The infection begins when users are diverted to a Cloudflare Turnstile CAPTCHA page under the guise of a digital invitation. After the link is clicked, a VBScript file is downloaded to the machine. Upon execution, the script retrieves C# source code, which is then compiled and executed in memory using PowerShell. The final payload observed in these campaigns is ScreenConnect, a remote monitoring and management (RMM) tool used to control victim machines. This campaign highlights a common theme: attackers abusing living-off-the-land binaries (LOLBins) to facilitate execution, as well as using trusted hosting providers such as Google Drive and Cloudflare. While the loader is small and straightforward, it appears to be quite effective and has remained under the radar since March 2025."
        https://www.elastic.co/security-labs/silentconnect-delivers-screenconnect

      Breaches/Hacks/Leaks

      • Ajax Football Club Hack Exposed Fan Data, Enabled Ticket Hijack
        "Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. The security issues also allowed transferring purchased tickets to others and enabled modifications to stadium bans imposed to certain individuals. The club learned about the security issues and their effect from journalists who were tipped off by the hacker. AFC Ajax is one of the most successful football clubs, winning the UEFA Champions League four times and with 36 Eredivisie titles, the premier professional football league in the Netherlands."
        https://www.bleepingcomputer.com/news/security/ajax-football-club-hack-exposed-fan-data-enabled-ticket-hijack/
      • Hightower Holding Data Breach Impacts 130,000
        "Hightower Holding, the parent company of financial management services provider Hightower Advisors, is notifying over 130,000 individuals of a data breach. Operating as a holding company, Hightower Holding provides financial management, retirement planning, wealth and investment advisory, and other services through subsidiaries such as Hightower Advisors, Hightower Securities, and Hightower Trust Company. In a written notification letter sent to the impacted individuals this week, the company revealed that it fell victim to a cyberattack in early January 2026, and that the hackers exfiltrated certain files from its environment between January 8 and 9."
        https://www.securityweek.com/hightower-holding-data-breach-impacts-130000/

      General News

      • UK Crackdown On Vile Scam Centres Steps Up With Sanctions On Illicit Crypto Network
        "A cryptocurrency network through which stolen personal data can be sold to fraudsters is sanctioned today as part of efforts to dismantle a network of ‘scam centres’, protect British nationals from online fraud, and prevent the exploitation of trafficked victims. Across Southeast Asia, scam centres are using sophisticated schemes, including scams in which people are lured into fake romantic relationships, to defraud victims on an industrial scale, including in the UK. Those conducting the scams are often trafficked foreign nationals, who have been lured into purpose-built scam compounds under the pretence of legitimate jobs, only to be trapped and forced to carry out online fraud under the threat of torture."
        https://www.gov.uk/government/news/uk-crackdown-on-vile-scam-centres-steps-up-with-sanctions-on-illicit-crypto-network
        https://www.bleepingcomputer.com/news/security/uk-sanctions-xinbi-marketplace-linked-to-asian-scam-centers/
        https://therecord.media/xinbi-crypto-marketplace-sanctioned
      • Suspected RedLine Infostealer Malware Admin Extradited To US
        "An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. Hambardzum Minasyan was arrested on Monday, March 23, and appeared in federal court in Austin on Tuesday, when U.S. prosecutors accused him of registering virtual private servers that were part of RedLine's infrastructure and two web domains used during RedLine attacks. He also allegedly registered a cryptocurrency account in November 2021 that the RedLine cybercrime gang used to receive affiliate payments and created online file-sharing repositories used to distribute the malware to affiliates."
        https://www.bleepingcomputer.com/news/security/suspected-redline-infostealer-administrator-extradited-to-us/
        https://therecord.media/redline-malware-developer-extradited-to-us-faces-30-years
        https://www.securityweek.com/alleged-redline-malware-administrator-extradited-to-us/
        https://www.helpnetsecurity.com/2026/03/26/redline-infostealer-developer-extradited-us-charged/
      • Automotive Cybersecurity Threats Grow In Era Of Connected, Autonomous Vehicles
        "Automotive security has made great strides over the past 10 years, ever since a pair of researchers first demonstrated they could remotely take control of a Jeep Cherokee. However, threats to vehicles have also heightened, thanks to the increasingly connected nature of vehicles, Kamel Ghali, vice president of the nonprofit Car Hacking Village, and Julio Padilha, chief information security officer for Volkswagen & Audi South America, said at RSAC Conference this week. "A totally connected system means threats," Padilha said. "It's a dangerous situation. You have to be aware. You have to fix this to have a properly secured vehicle.""
        https://www.darkreading.com/vulnerabilities-threats/automotive-cybersecurity-threats-grow-connected-autonomous-vehicles
      • How Organizations Can Use Blunders To Level Up Their Security Programs
        "Regardless of sector or size, organizations keep making the same cybersecurity mistakes. Ports exposed to the Internet, passwords that are weak or reused, poor patching practices, and insufficient logging and monitoring are among the most common weaknesses that result in data breaches. In some cases, attackers abuse those security gaps to breach an organization's defenses and cause wider damage. But mistakes also offer organizations plenty of learning opportunities, Megan Benoit, lead security engineer at Nebraska Medicine, said in a presentation at this week's RSAC Conference. Benoit shared eight common mistakes she's observed on the job over the last 20 years; if she had more time, she could highlight even more, she said."
        https://www.darkreading.com/cybersecurity-operations/blunders-level-up-security-programs
      • Making AI Software Development Safe At Machine Scale
        "AI models are becoming highly effective at generating code, but they remain structurally weak at dependency decisions. In Part 1 of this study, published in the 2026 State of the Software Supply Chain Report, Sonatype analyzed 36,870 dependency upgrade recommendations across Maven Central, npm, PyPI, and NuGet against GPT-5 and found that it often recommended versions, upgrade paths, or fixes that did not hold up in real software ecosystems. In practice, those failures drive wasted AI spend, wasted developer time, unresolved vulnerability exposure, and technical debt before code reaches production."
        https://www.sonatype.com/resources/research/making-ai-work-safely
        https://www.darkreading.com/application-security/ai-powered-dependency-decisions-security-bugs
      • Intermediaries Driving Global Spyware Market Expansion
        "Efforts to shine a light on the activities of spyware vendors has grown more difficult because of the proliferation of intermediaries — the spyware resellers, exploit brokers, contractors, and partners that allow government and private entities to circumvent transparency laws and spyware restrictions, experts say. These intermediaries, which often can be governments in permissive states, have fueled the spread of spyware across the globe, according to a report from policy think tank Atlantic Council published on March 18. Atlantic Council researchers cited several examples, including a South African intermediary acting as a representative for Memento Labs to sell its Dante spyware to the local market, and a third-party firm reportedly helping Israeli firm Passitora sell its spyware product to Bangladesh, despite the two countries having no diplomatic relations and Bangladesh having banned imports from Israel."
        https://www.darkreading.com/cyber-risk/intermediaries-driving-global-spyware-market-expansion
      • A Nearly Undetectable LLM Attack Needs Only a Handful Of Poisoned Samples
        "Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet addressed. Researchers have developed and tested a prompt-based backdoor attack method, called ProAttack, that achieves attack success rates approaching 100% on multiple text classification benchmarks without altering sample labels or injecting external trigger words."
        https://www.helpnetsecurity.com/2026/03/26/llm-backdoor-attack-research/
        https://www.sciencedirect.com/science/article/abs/pii/S0957417424027234
      • Your Facilities Run On Fragile Supply Chains And Nobody Wants To Admit It
        "In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building systems. She explains how sourcing, localized redundancy, and flexible infrastructure design are being integrated into resilience planning. Dodoo also shares practical approaches such as regional vendor networks, alternative contracts, and strategic inventory to maintain continuity during disruptions."
        https://www.helpnetsecurity.com/2026/03/26/christa-dodoo-ifma-facility-resilience-risk/
      • Who Owns AI Agent Access? At Most Companies, Nobody Knows
        "AI agents are operating across production enterprise environments at scale, and the identity infrastructure managing their access has not kept up with their deployment. A January 2026 survey of 228 IT and security professionals, conducted by the Cloud Security Alliance, finds that the majority of organizations have AI agents active in core systems, with fragmented ownership of how those agents authenticate and what they can access."
        https://www.helpnetsecurity.com/2026/03/26/ciso-ai-agent-identity-security-report/
      • Security Researchers Sound The Alarm On Vulnerabilities In AI-Generated Code
        "Vibe coding tools like Anthropic's Claude Code are flooding software with new vulnerabilities, Georgia Tech researchers have warned. At least 35 new common vulnerabilities and exposures (CVE) entries were disclosed in March 2026 that were the direct result of AI-generated code. This is up from from six in January and 15 in February. The vulnerabilities are being tracked as part of the ‘Vibe Security Radar’ project which was started in May 2025 by the Systems Software & Security Lab (SSLab), part of Georgia Tech’s School of Cybersecurity and Privacy."
        https://www.infosecurity-magazine.com/news/ai-generated-code-vulnerabilities/
      • Virtual Machines, Virtually Everywhere – And With Real Security Gaps
        "Twenty years ago, almost to the day, Amazon Web Services (AWS) launched Simple Storage Service (S3). A few months later, the company’s Elastic Compute Cloud (EC2) service opened for public beta testing before rolling out officially in 2008. These events sparked the era of modern on-demand cloud storage and computing that changed how organizations of all sizes think about their IT infrastructure. Fast-forward to the present and you would be hard-pressed to find many organizations that haven’t ‘lifted and shifted’ at least part of their workloads to the cloud, or aren’t planning to do so soon. Indeed, some now run entirely in the cloud, while many others have paired cloud workloads, often in multi-cloud setups, with on-prem resources that won’t be retired anytime soon."
        https://www.welivesecurity.com/en/business-security/virtual-machines-virtually-everywhere-real-security-gaps/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) de1b0a75-dc09-491c-88a2-a6ed19a5257b-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post