NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 April 2026

    Cyber Security News
    1
    1
    11
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Energy Sector

      • Electricity Is a Growing Area Of Cyber Risk
        "Organizations secure work phones and company laptops, but attackers could be lurking, targeting the electric current running those devices. Direct current (DC) power regulation helps to stabilize the energy powering electronics people use daily, from solar panels and connected cars to smartphones and essential computer parts. It's also vital across critical infrastructures like telecommunications, industrial automation, and data centers. DC regulators provide stable voltage to prevent damage or more concerningly, outages that stem from power surges. However, the power ecosystem is becoming more complex as technology advances -- opening a potential new attack vector. There are many famous attacks against DC power infrastructure, but they're often viewed as unexplained physical damage, safety failure systems, and mysterious outages, which may not be the case, explains Andy Davis, global research director at NCC Group."
        https://www.darkreading.com/cyber-risk/electricity-growing-area-cyber-risk

      Industrial Sector

      • Milesight Cameras
        "Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03
      • Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
        "Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-05
      • Intrado 911 Emergency Gateway (EGW)
        "Successful exploitation of this vulnerability could allow an attacker to read, modify, or delete files."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-06
      • Carlson Software VASCO-B GNSS Receiver
        "Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-02
      • Yadea T5 Electric Bicycle
        "Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-01
      • SpiceJet Online Booking System
        "Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-04
      • Threat Landscape For Industrial Automation Systems. Russia, Q4 2025
        "Russia ranked 10th among regions by percentage of ICS computers on which malicious objects were blocked. At the same time, the region held higher positions in the rankings based on threat figures in the following categories:"
        https://ics-cert.kaspersky.com/publications/reports/2026/04/23/threat-landscape-for-industrial-automation-systems-russia-q4-2025/

      New Tooling

      • Scenario: Open-Source Framework For Automated AI App Red-Teaming
        "Enterprises running customer service bots, data analytics agents, and other AI-driven applications in production handle sensitive records and connect to core business systems every day. LangWatch has released Scenario, an open-source framework that runs automated red-team exercises against AI agents using multi-turn attack techniques that mirror how adversaries operate in the wild. Single-prompt penetration tests have long been the standard approach for probing LLMs. Models often hold firm against a direct attack and then leak sensitive information across several conversational turns. Scenario structures those conversations deliberately, running sequences that begin with harmless exploration and build toward complex requests and authority-based pressure."
        https://www.helpnetsecurity.com/2026/04/23/scenario-open-source-framework-for-automated-ai-app-red-teaming/
        https://github.com/langwatch/scenario

      Vulnerabilities

      • Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload Via Fetch_gravatar_from_remote
        "The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default."
        https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch-gravatar-from-remote
        https://www.bleepingcomputer.com/news/security/hackers-exploit-file-upload-bug-in-breeze-cache-wordpress-plugin/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-39987 Marimo Remote Code Execution Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/04/23/cisa-adds-one-known-exploited-vulnerability-catalog
      • Identifying And Remediating a Persistent Memory Compromise In Claude Code
        "We recently discovered a method to compromise Claude Code’s memory and maintain persistence beyond our immediate session into every project, every session, and even after reboots. In this post, we’ll break down how we were able to poison an AI coding agent’s memory system, causing it to deliver insecure, manipulated guidance to the user. After working with Anthropic’s Application Security team on the issue, they pushed a change to Claude Code v2.1.50 that removes this capability from the system prompt."
        https://blogs.cisco.com/ai/identifying-and-remediating-a-persistent-memory-compromise-in-claude-code
        https://www.darkreading.com/vulnerabilities-threats/bad-memories-haunt-ai-agents
      • Can AI Attack The Cloud? Lessons From Building An Autonomous Cloud Offensive Multi-Agent System
        "The offensive capabilities of large language models (LLMs) have until recently existed as theoretical risks – frequently discussed at security conferences and in conceptual industry reports, but rarely discovered in practical exploits. However, in November 2025, Anthropic published a pivotal report documenting a state-sponsored espionage campaign. In this operation, AI didn't just assist human operators – it became the operator, performing 80-90% of the campaign autonomously, at speeds that no human team could match. This disclosure shifted the conversation from "could this happen?" to "this is happening." But it also raised practical questions: Can AI actually operate autonomously end-to-end, or does it still require human guidance at each decision point? Where do current LLM capabilities excel, and where do they fall short compared to skilled human operators?"
        https://unit42.paloaltonetworks.com/autonomous-ai-cloud-attacks/
        https://www.darkreading.com/cyber-risk/zealot-shows-ai-execute-full-cloud-attacks
        https://www.securityweek.com/ai-can-autonomously-hack-cloud-systems-with-minimal-oversight-researchers/
      • Apple Intelligence Flaw Kept Stolen Tokens Reusable On Another Device
        "Apple claims that Apple Intelligence, a GenAI service provided on its operating systems, is designed with an extra focus on user security and privacy through a two-stage authentication and authorization system using anonymous access tokens. However, researchers from The Ohio State University have identified vulnerabilities in this design, demonstrated on macOS 26.0 (Tahoe), that allow attackers to steal and reuse these tokens."
        https://www.helpnetsecurity.com/2026/04/22/apple-intelligence-token-vulnerability-serpent-attack/
        https://arxiv.org/pdf/2604.15637
      • Hybrid Clouds Have Two Attack Surfaces And You’re Not Paying Enough Attention To Either
        "Israeli researchers found a series of flaws in Microsoft's Windows Admin Center (WAC) and suggest this shows hybrid cloud management tools are a two-way attack surface that users don't spend enough time worrying about. Speaking at the Black Hat Asia conference in Singapore today, Ilan Kalendarov and Ben Zamir of Cymulate delivered a talk titled "Breaking Hybrid Boundaries Across Azure and Windows" in which they detailed four CVEs they found and reported to Microsoft – 2025-64669, 2026-20965, 2026-23660, and 2026-32196 – which has since fixed the flaws."
        https://www.theregister.com/2026/04/23/wac_flaws_hybrid_cloud_security/

      Malware

      • Bitwarden CLI Compromised In Ongoing Checkmarx Supply Chain Campaign
        "Socket researchers discovered that the Bitwarden CLI was compromised as part of the ongoing Checkmarx supply chain campaign. The open source password manager serves more than 10 million users and over 50,000 businesses, and ranks among among the top three password managers by enterprise adoption. The affected package version appears to be @bitwarden/cli2026.4.0, and the malicious code was published in bw1.js, a file included in the package contents. The attack appears to have leveraged a compromised GitHub Action in Bitwarden’s CI/CD pipeline, consistent with the pattern seen across other affected repositories in this campaign."
        https://socket.dev/blog/bitwarden-cli-compromised
        https://research.jfrog.com/post/bitwarden-cli-hijack/
        https://www.ox.security/blog/shai-hulud-bitwarden-cli-supply-chain-attack/
        https://www.bleepingcomputer.com/news/security/bitwarden-cli-npm-package-compromised-to-steal-developer-credentials/
        https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html
      • Trigona Affiliates Deploy Custom Exfiltration Tool To Streamline Data Theft
        "While many ransomware groups rely on off-the-shelf utilities such as Rclone or MegaSync to steal victim data, recent attacks involving the Trigona ransomware used a custom-developed tool designed to provide attackers with granular control over the data theft process. The attacks, which occurred in March 2026, mark a significant shift in tactics for Trigona affiliates. The motivation for moving away from publicly available tools remains unknown. Many publicly available tools are now so well known that they may be flagged by security solutions. It is possible that the attackers are investing time and effort in proprietary malware in a bid to maintain a lower profile during a critical phase of their attacks. Trigona, which first appeared in late 2022, is operated as a Ransomware-as-a-Service (RaaS) by a cybercrime group Symantec calls Rhantus."
        https://www.security.com/threat-intelligence/trigona-exfiltration-custom
        https://www.bleepingcomputer.com/news/security/trigona-ransomware-attacks-use-custom-exfiltration-tool-to-steal-data/
      • Executive Summary: Defending Against China-Nexus Covert Networks Of Compromised Devices
        "China-nexus cyber actors have moved from using individually procured infrastructure to operating large scale “covert networks” – botnets built from compromised routers, and other edge devices. These networks are used for each phase of the Cyber Kill Chain, from reconnaissance and malware delivery, to command and control and data exfiltration against targets of espionage and offensive cyber operations. The threat is a dynamic, low-cost, deniable infrastructure model that can be rapidly re-shaped, rendering traditional static IP block lists ineffective."
        https://www.ncsc.gov.uk/news/executive-summary-defending-against-china-nexus-covert-networks-of-compromised-devices
        https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-113a
        https://www.bleepingcomputer.com/news/security/uk-warns-of-chinese-hackers-using-botnets-of-hijacked-consumer-devices-to-evade-detection/
        https://www.darkreading.com/cyber-risk/china-hackers-industrializing-botnets
        https://www.bankinfosecurity.com/hacked-devices-are-gateways-for-chinese-nation-state-hackers-a-31490
        https://cyberscoop.com/china-nexus-covert-networks-advisory/
        https://www.theregister.com/2026/04/23/china_covert_networks/
      • GopherWhisper: A Burrow Full Of Malware
        "ESET researchers have discovered a previously undocumented China-aligned APT group that we named GopherWhisper. The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal. In the observed campaign, the threat actors targeted a governmental entity in Mongolia. GopherWhisper abuses legitimate services, notably Discord, Slack, Microsoft 365 Outlook, and file.io for command and control (C&C) communication and exfiltration. Crucially, after we identified multiple Slack and Discord API tokens, we managed to extract a large number of C&C messages from those services, which provided us with great insight into the group’s activities."
        https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/
        https://web-assets.esetstatic.com/wls/en/papers/white-papers/gopherwhisper-burrow-full-malware.pdf
        https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html
        https://www.bleepingcomputer.com/news/security/new-gopherwhisper-apt-group-abuses-outlook-slack-discord-for-comms/
        https://www.darkreading.com/cyberattacks-data-breaches/chinese-apt-abuses-cloud-tools-spy-mongolia
        https://therecord.media/china-linked-hackers-target-mongolian-gov-slack-discord
        https://www.bankinfosecurity.com/unwary-chinese-hackers-hardcoded-credentials-into-backdoors-a-31487
        https://www.helpnetsecurity.com/2026/04/23/gopherwhisper-apt-group/
      • UAT-4356's Targeting Of Cisco Firepower Devices
        "Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to gain unauthorized access to vulnerable devices, where the threat actor deployed their custom-built backdoor dubbed “FIRESTARTER.” FIRESTARTER considerably overlaps with the technical capabilities of RayInitiator’s Stage 3 shellcode that processes incoming XML-based payloads to endpoint APIs. In early 2024, Cisco Talos attributed ArcaneDoor, a state-sponsored campaign focused on gaining access to network perimeter devices for espionage, to UAT-4356."
        https://blog.talosintelligence.com/uat-4356-firestarter/
        https://www.cisa.gov/news-events/analysis-reports/ar26-113a
        https://therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
        https://cyberscoop.com/cisco-firestarter-malware-cisa-warning/
      • Bad Connection: Uncovering Global Telecom Exploitation By Covert Surveillance Actors
        "Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure. The findings expose how suspected commercial surveillance vendors (CSVs) exploit the global telecom interconnect ecosystem, leverage private operator networks, and conduct covert location tracking operations that can persist undetected for years."
        https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
        https://therecord.media/surveillance-companies-exploiting-telecom-systems-to-track-location
        https://cyberscoop.com/surveillance-campaigns-use-commercial-surveillance-tools-to-exploit-long-known-telecom-vulnerabilities/
      • 10 Indirect Prompt Injection Payloads Caught In The Wild
        "As AI agents become mainstream — summarizing pages, indexing content and processing payments — attackers have found a way to weaponize them without ever touching the AI directly. It's called Indirect Prompt Injection (IPI). X-Labs researchers are finding it deployed across live web infrastructure right now. Unlike direct prompt injection, where a user sends malicious input to a model, IPI hides adversarial instructions inside ordinary web content. When an AI agent crawls or summarizes a poisoned page, it ingests those instructions and executes them as legitimate commands, with no indication anything went wrong."
        https://www.forcepoint.com/blog/x-labs/indirect-prompt-injection-payloads
        https://hackread.com/hackers-hidden-site-instruction-attack-ai-assistants/
        https://www.infosecurity-magazine.com/news/researchers-10-wild-indirect/
      • Inside RAMP: What a Leaked Database Reveals About Russia’s Ransomware Marketplace
        "RAMP (Russian Anonymous Marketplace) was a Russian-language cybercrime forum that operated from late 2021 until it was seized by the FBI on January 28, 2026, in coordination with the U.S. Attorney’s Office for the Southern District of Florida. It ran as both a Tor hidden service and maintained a clearnet mirror at ramp4u.io, making it more accessible than many competing forums. The forum ran on XenForo 2.2.5, a commercial platform, and had dedicated sections for selling network access, malware, ransomware partnerships, stolen data, and hiring criminal freelancers. Thread titles appeared in Russian, English, and Chinese, highlighting its global audience from Western cybercriminals to East Asian threat actors."
        https://www.comparitech.com/news/inside-ramp-what-a-leaked-database-reveals-about-russias-ransomware-marketplace/
        https://securityaffairs.com/191171/cyber-crime/ramp-uncovered-anatomy-of-russias-ransomware-marketplace.html
      • Nightmare-Eclipse Tooling Moves From Public PoC To Real-World Intrusion
        "Huntress has observed the use of Nightmare-Eclipse tooling, including BlueHammer, RedSun, and UnDefend, during a real-world intrusion investigation. In the clearest case, the activity included suspicious binaries staged in user-writable directories, hands-on-keyboard reconnaissance, likely compromised FortiGate SSL VPN access, and follow-on tunneling behavior. Organizations should review VPN logs, investigate the artifacts and paths below, and treat any confirmed execution as high-priority incident activity."
        https://www.huntress.com/blog/nightmare-eclipse-intrusion
        https://www.securityweek.com/recent-microsoft-defender-vulnerability-exploited-as-zero-day/
      • Threat Spotlight: Device Code Phishing Is On The Rise With 7 Million Attacks In Four Weeks
        "Device code authentication is an OAuth 2.0 login method that lets users sign in on one device by entering a short code on another, trusted device. This is ideal for devices with limited interfaces, such as TVs, printers or command line interface (CLI) tools. Device code phishing attacks exploit this process to gain persistent, authorized access to Microsoft services. Over the last month, Barracuda’s threat analysts have detected more than 7 million device code phishing attacks, largely powered by the recently reported EvilTokens phishing kit. Barracuda has also seen other attackers leveraging the approach together with Tycoon 2FA capabilities. It is likely that other phishing kits will follow."
        https://blog.barracuda.com/2026/04/23/threat-spotlight-device-code-phishing
      • Snow Flurries: How UNC6692 Employed Social Engineering To Deploy a Custom Malware Suite
        "Google Threat Intelligence Group (GTIG) identified a multistage intrusion campaign by a newly tracked threat group, UNC6692, that leveraged persistent social engineering, a custom modular malware suite, and deft pivoting inside the victim’s environment to achieve deep network penetration. As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account outside their organization. The UNC6692 campaign demonstrates an interesting evolution in tactics, particularly the use of social engineering, custom malware, and a malicious browser extension, playing on the victim’s inherent trust in several different enterprise software providers."
        https://cloud.google.com/blog/topics/threat-intelligence/unc6692-social-engineering-custom-malware/
        https://thehackernews.com/2026/04/unc6692-impersonates-it-helpdesk-via.html
      • Dev Targeted By Sophisticated Job Scam: 'I Let My Guard Down, And Ran The Freaking Code'
        "It all started with a LinkedIn message, as so many employment scams do these days. A recruiter claiming to work for a blockchain firm called Genusix Labs invited Boris Vujičić, a web developer based in Serbia, to apply for a full-time, remote developer job with the company. Vujičić is no stranger to recruitment scams. He told us he received messages like this daily, and his personal record is eight in one day. Plus, he used to work for Step Finance before a breach and subsequent $40 million cryptocurrency heist shuttered the decentralized-finance biz earlier this year."
        https://www.theregister.com/2026/04/23/job_scam_targeted_developer/
      • Tropic Trooper APT Takes Aim At Home Routers, Japanese Targets
        "The China-linked advanced persistent threat (APT) known as Tropic Trooper appears to be changing up its tactics, techniques, and procedures (TTPs), with an odd spear-phishing effort that involved compromising a target's home Wi-Fi network. Tropic Trooper (aka Pirate Panda, KeyBoy, APT23, Bronze Hobart, and Earth Centaur) has been active since at least 2011. The group historically spies on government, military, healthcare, transportation, and high‑tech organizations in Taiwan, the Philippines, and Hong Kong, with researchers recently also finding one singular campaign in the Mideast. But its latest efforts are aimed at specific individuals in new geographies like Japan, Taiwan, and South Korea, according to recent analysis, indicating an expansion of not just operational modus operandi, but also victim profiles."
        https://www.darkreading.com/threat-intelligence/tropic-trooper-apt-takes-aim-home-routers-japanese-targets

      Breaches/Hacks/Leaks

      • Cosmetics Giant Rituals Discloses Data Breach Affecting Customers
        "Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. The company revealed the security incident in a Wednesday notice, saying that the breach was discovered earlier this month after it was alerted to unauthorized downloads of its members' data. Rituals has notified relevant authorities of the incident and has since contained the breach by blocking the attackers' access. It also added that it has yet to find evidence that the stolen information has been leaked online."
        https://www.bleepingcomputer.com/news/security/cosmetics-giant-rituals-discloses-data-breach-affecting-customers/
        https://www.securityweek.com/luxury-cosmetics-giant-rituals-discloses-data-breach/
        https://securityaffairs.com/191192/data-breach/rituals-discloses-a-data-breach-impacting-member-personal-details.html
      • Vercel Finds More Compromised Accounts In Context.ai-Linked Breach
        "Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra set of compromise indicators, alongside a review of requests to the Vercel network and environment variable read events in its logs. "Second, we have uncovered a small number of customer accounts with evidence of prior compromise that is independent of and predates this incident, potentially as a result of social engineering, malware, or other methods," the company said in an update."
        https://thehackernews.com/2026/04/vercel-finds-more-compromised-accounts.html
        https://cyberscoop.com/vercel-attack-fallout-expands/
      • Medical Data Of 500,000 Britons Put Up For Sale On Chinese Website
        "Medical data belonging to 500,000 British citizens was listed for sale on the Chinese e-commerce website Alibaba, the UK government said Thursday. The data is held by the UK Biobank charity and includes genetic sequences, blood samples, medical scans and lifestyle information. Scientists, both at universities and private companies, can be given access for research purposes under legal contracts committing them to keep it secure. Despite these protections, the data was found advertised across three separate listings on Alibaba, science minister Ian Murray told the House of Commons, at least one of which appeared to contain data from all 500,000 of the database's volunteers."
        https://therecord.media/medical-data-on-500000-britons-put-on-sale-alibaba
        https://www.theregister.com/2026/04/23/500k_biobank_volunteers_data_listed/

      General News

      • AI Threats In The Wild: The Current State Of Prompt Injections On The Web
        "At Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adversarial activity, proactively monitoring emerging threats before they can impact users. Right now, Indirect Prompt Injection (IPI) is a top priority for the security community, anticipating it as a primary attack vector for adversaries to target and compromise AI agents. But while the danger of IPI is widely discussed, are threat actors actually exploiting this vector today – and if so, how? To answer these questions and to uncover real-world abuse, we initiated a broad sweep of the public web to monitor for known indirect prompt injection patterns. This is what we found."
        https://security.googleblog.com/2026/04/ai-threats-in-wild-current-state-of.html
      • A Year In, Zoom’s CISO Reflects On Balancing Security And Business
        "In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and customers during her early months. McLeod discusses how she prepared for incident management, the dual job of handling crises and explaining them afterward, and her experience as a woman in technical leadership at Zoom. She closes with honest advice for women in security considering whether to pursue leadership roles themselves."
        https://www.helpnetsecurity.com/2026/04/23/sandra-mcleod-zoom-ciso-leadership/
      • GDPR Works, But Only Where Someone Enforces It
        "A new measurement study of web tracking across ten countries offers a reality check for anyone working on privacy compliance. Researchers crawled the same set of globally popular websites from virtual machines located in Australia, Brazil, Canada, Germany, India, Singapore, South Africa, South Korea, Spain, and California. The results show that European privacy law does reduce tracking, and that most of the reduction happens in the two jurisdictions where regulators bring cases."
        https://www.helpnetsecurity.com/2026/04/23/gdpr-enforcement-measurement-study/
      • Ransomware, Fraud, And Lawsuits Drive Cyber Insurance Claims To New Peaks
        "The 2026 InsurSec Report from At-Bay, covering more than 100,000 policy years of claims data, documents a 7% year-over-year rise in overall claim frequency and an all-time high average severity of $221,000. Ransomware severity reached $508,000, up 16% from the prior year, making it the costliest incident type by a wide margin. Remote access services served as the entry point for 87% of ransomware claims in 2025, up from 80% the year before. VPN compromises alone accounted for 73% of ransomware intrusions where an entry vector was identified, climbing from 38% in 2023 and 66% in 2024. One in three ransomware claims involved a SonicWall device."
        https://www.helpnetsecurity.com/2026/04/23/cyber-insurance-claims-report/
      • Cyber-Attacks Surge 63% Annually In Education Sector
        "Schools and universities across the globe experienced a sharp increase in attacks last year thanks to the combined threat from geopolitical tensions, ransomware and hacktivism, according to Quorum Cyber. The security service provider’s 2026 Global Cyber Risk Outlook for Higher Education is compiled from FalconFeeds.io threat intelligence data covering the period November 2023 to October 2025. It revealed that total recorded incidents increased 63%, from 260 attacks between November 2023-October 2024 to 425 in the period November 2024-October 2025. Across 67 countries, data breaches rose by 73%, hacktivist activity increased by 75% and ransomware went up by 21%."
        https://www.infosecurity-magazine.com/news/cyberattacks-surge-63-annually/
      • How Cyberattacks On Companies Affect Everyone
        "If you use the internet, you’ve likely been affected by cybercrime in some way. Even when an attack is aimed at a company, the fallout usually lands on ordinary people. The most obvious harm is stolen data. When attackers break into a business, it is usually customer information that ends up in criminal hands, and that can lead to identity theft, tax fraud, credit card fraud, and a long tail of scam attempts that can continue for months or years. For consumers, the breach itself is often just the start of the cleanup."
        https://www.malwarebytes.com/blog/privacy/2026/04/how-cyberattacks-on-companies-affect-everyone
      • Chinese Firm Claims AI-Driven Bug Discovery Near Claude Mythos Scale
        "On April 7, 2026, artificial intelligence developer Anthropic introduced its new general-purpose model Claude Mythos Preview to a restricted partnership of over 40 vetted organizations, including major technology and cybersecurity firms, as part of its defensive security initiative Project Glasswing. The company stated that the Claude Mythos model has identified thousands of high-severity vulnerabilities across widely used software, including major operating systems and web browsers. Crucially, in some cases it can autonomously develop exploits and chain vulnerabilities without human intervention. Anthropic has not released the system publicly, citing the risks associated with such capabilities and the need for further safeguards before deployment at scale."
        https://www.nattothoughts.com/p/where-is-china-in-ai-driven-vulnerability
        https://www.securityweek.com/chinese-cybersecurity-firms-ai-hacking-claims-draw-comparisons-to-claude-mythos/
      • The Behavioral Shift: Why Trusted Relationships Are The Newest Attack Surface
        "You can no longer recognize a phishing email by simply counting the typos. And you will get caught if you simply respond to a genuine-looking email without thinking. Analysis of almost 800,000 email attacks across more than 4,600 organizations shows attackers moving away from exploiting technical vulnerabilities in favor of targeting behavioral and organizational weaknesses. In short, email attackers are now targeting their victims with tailored tactics that exploit trusted relationships and routine workflows. The three primary email attack methods are phishing, business email compromise (BEC) and vendor email compromise (VEC). Phishing remains predominant, accounting for 58% of all attacks. BEC comprises 11% of attacks, while VEC (a subtype of BEC) accounts for more than 60% of all BEC attacks. Details are provided in Abnormal AI’s 2026 Attack Landscape Report."
        https://www.securityweek.com/the-behavioral-shift-why-trusted-relationships-are-the-newest-attack-surface/
        https://files.abnormalsecurity.com/production/files/2026-Attack-Landscape-Report.pdf

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) d9e3e366-6342-4dcd-a36d-9c1a7ed84a86-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post