NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 14 May 2026

    Cyber Security News
    1
    1
    15
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Financial Stability Risks Mount As Artificial Intelligence Fuels Cyberattacks
        "Artificial intelligence is transforming how the financial system copes with vulnerabilities and reacts to incidents. Yet it is also amplifying cyber threats that can undermine financial stability when the offensive capabilities of intruders outpace defenses. IMF analysis suggests that extreme cyber‑incident losses could trigger funding strains, raise solvency concerns, and disrupt broader markets. The financial system relies on shared digital infrastructure that’s highly interconnected, including software, cloud services, and networks for payments and other data. Advanced AI models can dramatically reduce the time and cost needed to identify and exploit vulnerabilities, raising the likelihood of simultaneously discovering and targeting weaknesses in widely used systems. As a result, cyber risk is increasingly about correlated failures that could disrupt financial intermediation, payments, and confidence at the systemic level."
        https://www.imf.org/en/blogs/articles/2026/05/07/financial-stability-risks-mount-as-artificial-intelligence-fuels-cyberattacks
        https://www.bankinfosecurity.com/imf-warns-ai-has-made-cyber-risk-financial-stability-threat-a-31679

      Industrial Sector

      • ABB AC500 V3 Stack Buffer Overflow In Cryptographic Message Syntax
        "ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-05
      • ABB AC500 V3 Multiple Vulnerabilities
        "ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypass the user management and read visualization files (CVE-2025-2595), read and write certificates and keys (CVE-2025-41659) or cause a denial-of-service (DoS) (CVE-2025-41691)."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-03
      • ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
        "ABB became aware of multiple internally discovered vulnerabilities in the WebPro SNMP card PowerValue for the product versions listed as affected in the advisory. Depending upon the vulnerability, an attacker with access to local network who successfully exploited this vulnerability could have - Unauthorized access - Insufficient Session Expiration leading to resource unavailability - Uncontrolled Resource Consumption leading to DOS attack ABB strongly advises customers to update the latest firmware of affected products."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-06
      • Fuji Electric Tellus
        "Successful exploitation of this vulnerability could allow an attacker to elevate privileges from user to system, which may then enable the attacker to cause a temporary denial of service, open files, or delete files."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-01
      • Subnet Solutions PowerSYSTEM Center
        "Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02
      • ABB Automation Builder Gateway For Windows
        "ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. The Windows gateway is accessible remotely by default. Unauthenticated attackers can therefore search for PLCs, but the user management of the PLCs prevents the actual access to the PLCs – unless it is disabled"
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-04
      • ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
        "Only Siemens, Schneider Electric, CISA, and CERT@VDE have published new ICS security advisories for the May 2026 Patch Tuesday. Siemens has published 18 new security advisories, and several of them describe critical vulnerabilities. The company has addressed critical issues in Sentron 7KT PAC1261 Data Manager (device takeover), Simatic S7 PLC web server (XSS), Ruggedcom Rox (command execution as root, old vulnerabilities in third-party components), ROS# (arbitrary file access), Simatic CN4100 (over 300 third-party component flaws), and Opcenter RDnL (missing authentication)."
        https://www.securityweek.com/ics-patch-tuesday-new-security-advisories-from-siemens-schneider-cisa/

      Vulnerabilities

      • CVE-2025-32975: The Open Directory Behind The KACE SMA Breach And 60+ Downstream Victims
        "Quest KACE Systems Management Appliance (SMA) is a widely deployed on-premises platform that enterprises use for endpoint management, handling software deployment, patch distribution, inventory, and scripted administrative control across managed devices. That privileged position makes it an exceptionally high-value target for an attacker who controls a KACE SMA appliance, which, in many environments, can reach every managed endpoint from a single trusted management plane. CVE-2025-32975 is a critical authentication bypass vulnerability in KACE SMA's SSO authentication handling mechanism with a CVSS score of 10.0. The flaw allows an unauthenticated, network-reachable attacker to impersonate legitimate users, including administrators, without supplying any credentials."
        https://hunt.io/blog/cve-2025-32975-quest-kace-sma-open-directory-60-victims
        https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html
      • Fortinet, Ivanti Patch Critical Vulnerabilities
        "Fortinet and Ivanti on Tuesday announced patches for 18 vulnerabilities across their product portfolios, including three critical-severity bugs. Fortinet published 11 advisories describing as many bugs, including two dealing with critical-severity code execution security defects. Tracked as CVE-2026-44277 (CVSS score of 9.1), the first of them is an improper access control issue in FortiAuthenticator that could be exploited remotely, without authentication, via crafted requests. “FortiAuthenticator Cloud is not impacted by the issue, and hence customers do not need to perform any action,” the company says."
        https://www.securityweek.com/fortinet-ivanti-patch-critical-vulnerabilities/
      • Chipmaker Patch Tuesday: Intel And AMD Patch 70 Vulnerabilities
        "Intel and AMD have released over two dozen advisories on May 2026 Patch Tuesday, addressing 70 vulnerabilities across their product portfolios. Intel published 13 advisories describing 24 security defects, including one critical and eight high-severity flaws. The critical bug, tracked as CVE-2026-20794 (CVSS score of 9.3), is described as a buffer overflow issue in the Data Center Graphics Driver for VMware ESXi software that could be exploited for privilege escalation and potentially for code execution. Intel’s update for the product also resolves two high-severity out-of-bounds write and read weaknesses that could lead to denial-of-service (DoS) conditions and potentially to data corruption or disclosure."
        https://www.securityweek.com/chipmaker-patch-tuesday-intel-and-amd-patch-70-vulnerabilities/
      • Windows BitLocker Zero-Day Gives Access To Protected Drives, PoC Released
        "A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. Known as Chaotic Eclipse or Nightmare Eclipse, the researcher describes the BitLocker bypass issue as functioning like a backdoor because the vulnerable component is present only in the Windows Recovery Environment (WinRE), which is used to repair boot-related issues in Windows."
        https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
        https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758
      • 1,000,000 WordPress Sites Affected By Arbitrary File Read And SQL Injection Vulnerabilities In Avada Builder WordPress Plugin
        "On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level access and above, to read arbitrary files on the server, which may contain sensitive information. The SQL injection vulnerability can be used by unauthenticated attackers to extract sensitive data from the database, such as password hashes. Props to Rafie Muhammad who discovered and responsibly reported these vulnerabilities through the Wordfence Bug Bounty Program. This researcher earned bounties of $3,386.00 and $1,067.00 for these discoveries."
        https://www.wordfence.com/blog/2026/05/1000000-wordpress-sites-affected-by-arbitrary-file-read-and-sql-injection-vulnerabilities-in-avada-builder-wordpress-plugin/
        https://www.infosecurity-magazine.com/news/avada-builder-flaws-one-million/
      • Microsoft, Palo Alto Networks Find Many Vulnerabilities By Using AI On Their Own Code
        "Microsoft and Palo Alto Networks have separately reported this week that they have seen significant results after turning AI on their own code to find vulnerabilities. Advanced AI models such as Claude Mythos have sparked debate in the cybersecurity industry about what the vulnerability discovery landscape will look like going forward. While some organizations have confirmed that these AI models are a game-changer, others are skeptical of their actual performance. Microsoft said on Tuesday that more than a dozen of the 137 vulnerabilities fixed with its latest Patch Tuesday updates were found by a new AI system called MDASH (multi-model agentic scanning harness) built by its Autonomous Code Security team."
        https://www.securityweek.com/microsoft-palo-alto-networks-find-many-vulnerabilities-by-using-ai-on-their-own-code/
        https://www.theregister.com/patches/2026/05/14/welcome-to-the-vulnpocalypse-as-vendors-use-ai-to-find-bugs-and-patches-multiply-like-rabbits/5240027
        https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html
      • One Is a Fluke, 3 Is a Pattern: MCP Back-End Vulnerabilities
        "Model Context Protocol (MCP) servers entered our lives recently but drastically improved the capabilities of AI models. (For an examination of the inner works of MCP, read our previous blog post.) If you've been paying attention, you know the security issues involved with giving AI models access to external applications. MCP servers sit at the center of that approach, and researchers quickly found ways to exploit those servers: tool description poisoning, cross-server context injection, and supply chain attacks on platforms that host them."
        https://www.akamai.com/blog/security-research/one-fluke-3-pattern-mcp-back-end-vulnerabilities
        https://www.theregister.com/security/2026/05/13/bug-hunter-tracks-down-three-serious-mcp-database-flaws-one-left-unpatched/5238916

      Malware
      Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker In Global Spying Campaign
      "Iran-linked attackers spent a week inside the network of a major South Korean electronics manufacturer in February 2026, as part of a sprawling early-year espionage campaign affecting at least nine organizations across four continents. Other targets included government agencies and an international airport in the Middle East, Southeast Asian industrial manufacturers, a Latin American financial-services provider, and educational institutions in multiple countries."
      https://www.security.com/threat-intelligence/iran-seedworm-electronics
      https://www.bleepingcomputer.com/news/security/iranian-hackers-targeted-major-south-korean-electronics-maker/

      • Sandworm Activity In Industrial Environments: What The Data Reveals
        "“Without rapid containment, Sandworm does not disengage. It accelerates.” Recent geopolitical events involving publicly disclosed attacks against national critical infrastructure across Europe and the U.S., have once again drawn attention to a highly disruptive threat actor known as Sandworm, the Russian state-sponsored group also tracked as APT44, Seashell Blizzard, and Voodoo Bear. By studying environments where Sandworm activity has been positively identified, we can extract lessons that help future victims detect intrusions earlier, recover more effectively, and — most importantly — prevent Sandworm-related incidents altogether."
        https://www.nozominetworks.com/blog/sandworm-activity-in-industrial-environments-what-the-data-reveals
        https://www.bankinfosecurity.com/russian-attacks-on-polish-water-utilities-use-fear-as-weapon-a-31681
      • FamousSparrow APT Targets Azerbaijani Oil And Gas Industry
        "Bitdefender Labs tracked a multi-wave intrusion targeting an Azerbaijani oil and gas company from late December 2025 through late February 2026. This research documents expansion of Chinese APT activity against South Caucasus energy infrastructure, attributed with moderate-to-high confidence to FamousSparrow (overlapping with the Earth Estries threat ecosystem). The operation demonstrates several notable technical and strategic characteristics, most notably an evolved DLL sideloading technique. Unlike standard DLL sideloading that relies on simple file replacement, this method overrides two specific exported functions within the malicious library. This creates a two-stage trigger that gates the Deed RAT loader’s execution through the host application’s natural control flow, further evolving the defense evasion capabilities of traditional DLL sideloading."
        https://businessinsights.bitdefender.com/famoussparrow-apt-targets-azerbaijani-oil-gas-industry
        https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html
        https://www.darkreading.com/cyberattacks-data-breaches/china-famoussparrow-apt-south-caucasus-energy-firm
      • The French 2-Step: Exposing a Multi-Stage Scam Targeting The National Railway Company In France
        "While online scams are becoming more advanced, this particular multi-stage scam stands out for its advanced social engineering. These days, it’s not uncommon to receive fake phishing emails. Generally, they are easy to spot because of the ridiculous way they try to make us believe in offers that are too good to be true. However Group-IB’s current research indicates that fraudsters can be very persuasive and meticulous both in the way they carry out their scam and their choice of victims. This blog focuses on one highly-targeted scheme to deceive customers of the French national railway company (SNCF), which is used on a daily basis by 5 millions of travelers through 15 thousand trains."
        https://www.group-ib.com/blog/french-railway-two-step-scam/
      • Sinkholing CountLoader: Insights Into Its Recent Campaign
        "McAfee Labs has recently uncovered a large scale CountLoader campaign that uses multiple layers of obfuscation and staged payload delivery to evade detection and maintain persistence in infected systems. The infection process relies on several layers of loaders, including PowerShell scripts, obfuscated JavaScript executed through mshta.exe, and in memory shellcode injection, each stage decrypting and launching the next. The attackers employ a custom encrypted communication protocol to interact with their C2 servers. By registering a backup domain used by the malware, we were able to sinkhole the traffic and observe thousands of infected machines connecting to the C2 infrastructure. Final payload deployed in this campaign is a cryptocurrency clipper, which monitors clipboard activity and replaces copied wallet addresses with attacker controlled ones to redirect cryptocurrency transactions."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/sinkholing-countloader-insights-into-its-recent-campaign/
      • GemStuffer Campaign Abuses RubyGems As Exfiltration Channel Targeting UK Local Government
        "Socket's threat research team is tracking a suspicious RubyGems campaign we’re calling GemStuffer, involving more than 100 gems that appear to use the RubyGems registry as a data transport mechanism rather than a conventional malware distribution channel. The packages do not appear designed for mass developer compromise. Many have little or no download activity, and the payloads are repetitive, noisy, and unusually self-contained. Instead, the scripts fetch pages from UK local government democratic services portals, package the collected responses into valid .gem archives, and publish those gems back to RubyGems using hardcoded API keys. In some samples, the payload creates a temporary RubyGems credential environment under /tmp, overrides HOME, builds a gem locally, and pushes it to rubygems.org. Other variants skip the gem CLI entirely and POST the archive directly to the RubyGems API."
        https://socket.dev/blog/gemstuffer
        https://thehackernews.com/2026/05/gemstuffer-abuses-150-rubygems-to.html
      • Shai-Hulud Goes Open Source: Malware Creators Leak Their Own Code To GitHub
        "Breaking News: TeamPCP has gone open source — and the copycats are already here. The group behind Shai-Hulud has leaked their own malware code to GitHub, and independent threat actors have already begun modifying it and expanding its reach. OX Security is actively tracking this as it unfolds. TeamPCP has escalated. The group behind Shai-Hulud is now spreading not just their malware, but their own source code, using what appear to be compromised GitHub accounts. Currently 2 repositories are active, but that number is growing as infections spread. New repositories can be monitored in real time using this link. Search GitHub for “A Gift From TeamPCP.”"
        https://www.ox.security/blog/shai-hulud-open-source-malware-github/
        https://www.theregister.com/security/2026/05/13/malware-crew-teampcp-open-sources-its-shai-hulud-worm-on-github/5239319
      • Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS And Elementary-Data In CI/CD Credential Theft
        "TeamPCP has been identified as running a coordinated campaign from March 19 through April 24, with at least seven distinct waves identified. It finds trusted artifacts in developer tool chains, poisons the distribution channel using that project’s own infrastructure, and harvests credentials before the project’s maintainers or security monitoring catches the substitution. The targets span five programming ecosystems and three registry types. What distinguishes the two most recent operations is how the actor reached the same outcome, despite using different methods to get there. The KICS attack was operationally complex, with simultaneous poisoning across three distribution channels, an obfuscated payload executed via a downloaded runtime, and a downstream npm hijack executed within 24 hours using stolen credentials."
        https://www.trendmicro.com/en_us/research/26/e/analyzing-teampcp-supply-chain-attacks.html
      • Undermining The Trust Boundary: Investigating a Stealthy Intrusion Through Third-Party Compromise
        "In recent years, many sophisticated intrusions have increasingly avoided using noisy exploits, obvious malware, or custom tooling, instead leveraging systems that organizations already trust within their environments. By operating through legitimate and trusted administrative mechanisms, threat actors could more easily blend seamlessly into routine operations and remain undetected. Microsoft Incident Response investigated an intrusion that followed this pattern. What initially appeared as routine administrative activity was instead found to be a coordinated campaign abusing trusted operational relationships and authentication processes to establish durable access. The threat actor in this incident leveraged a compromised third-party IT services provider and legitimate IT management tools to conduct a stealthy campaign focusing on long-term access, credential theft, and establishing a persistent foothold."
        https://www.microsoft.com/en-us/security/blog/2026/05/12/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-through-third-party-compromise/

      Breaches/Hacks/Leaks

      • When The Ransomware Gang Gets Hacked: What The Gentlemen Leak Reveals About Modern Ransomware Risk
        "On May 4, 2026, The Gentlemen’s administrator acknowledged on underground forums that their internal backend database had been compromised and leaked, likely connected to a breach of 4VPS, a hosting provider the group used to run their infrastructure. Check Point Research obtained a portion of that data before it was removed: internal chat logs, organizational rosters, ransom negotiation transcripts, and tooling discussions. It is the kind of inside view of a ransomware operation that almost never becomes available to defenders. This blog distills what CPR found, building on our initial analysis published in April 2026. For the full technical breakdown, read the complete CPR research report."
        https://blog.checkpoint.com/research/when-the-ransomware-gang-gets-hacked-what-the-gentlemen-leak-reveals-about-modern-ransomware-risk/
        https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/
        https://www.darkreading.com/threat-intelligence/gentlemen-raas-gang-data-leak
      • 716,000 Impacted By OpenLoop Health Data Breach
        "Hackers stole the personal information of 716,000 individuals during a January 2026 intrusion at telehealth platform OpenLoop Health. The incident was initially disclosed to the relevant authorities in March, but the number of impacted individuals was added to the US Department of Health and Human Services’ breach portal only this week. According to notification letters OpenLoop Health filed with the Attorney General’s Offices in California and Texas, the intrusion was discovered on January 7. “An unauthorized third party had gained access to certain OpenLoop systems and removed certain information,” the notification reads."
        https://www.securityweek.com/716000-impacted-by-openloop-health-data-breach/
        https://securityaffairs.com/192066/uncategorized/openloop-health-confirms-january-2026-data-breach-affecting-716000.html
      • TeamPCP Claims Sale Of Mistral AI Repositories Amid Mini Shai-Hulud Attack
        "Only days after the Mini Shai-Hulud supply chain attack targeted npm and PyPI packages associated with French artificial intelligence company Mistral AI, a threat actor using the TeamPCP identity is now claiming to sell what appear to be internal company repositories and source code on a hacking forum. The forum post, published a few hours ago under the TeamPCP name, advertises roughly 5GB of alleged internal repositories connected to both “mistralai” and “mistral-solutions.” The actor claims the archive contains around 450 repositories covering training systems, fine-tuning projects, benchmarking tools, dashboards, inference infrastructure, experiments, and future AI projects."
        https://hackread.com/teampcp-mistral-ai-repositories-mini-shai-hulud-attack/

      General News

      • April 2026 Phishing Email Trends Report
        "in April 2026, the most common threat in phishing email attachments was Trojan (47%). this type was distributed by disguising itself with a double extension or a legitimate file name to trick the user into executing it and installing malware on the system. they continued to spread through multiple variants and social engineering techniques."
        https://asec.ahnlab.com/en/93706/
      • Checkbox Assessments Aren't Fit To Measure To Risk
        "A rapidly evolving threat landscape with highly adaptable and increasingly sophisticated threat actors is no place for checkbox compliance assessments that merely audit organizations' security postures once a year. That's why security professionals and industry experts are calling for compliance models that take a more continuous approach, and more companies continue to emerge in the space. Industry leaders and CISOs continually poke holes in the way governance, risk management, and compliance (GRC) and third-party risk management (TPRM) assessments are conducted – and the holes are only growing bigger. Yearly assessments, with their static questionaries to determine an organization's risk level, are stagnant, the polar opposite of how attackers' behave. Threat actors can now find and exploit vulnerabilities faster and discover new vectors to conduct supply-chain attacks."
        https://www.darkreading.com/cyber-risk/checkbox-assessments-aren-t-fit-to-measure-to-risk
      • Ransomware: Over Half Of CISOs Would Consider Paying Ransom To Hackers
        "In the event of being hit by a ransomware attack, over half of cybersecurity leaders would consider paying the ransom demand to cybercriminals to end the incident and restore systems faster, according to newly released figures. Published on May 13, the report by Absolute Security suggested that 58% of CISOs would realistically think about paying the ransom, if that is what it took to help restore systems encrypted in a ransomware attack. The research suggested that CISOs in the US are more likely to consider paying a ransom demand, at 63%, than their counterparts in the UK, at just 47%."
        https://www.infosecurity-magazine.com/news/ransomware-over-half-cisos-would/
      • Global Cyber Agencies Issue New SBOMs For AI Guidance To Tackle AI Supply Chain Risks
        "Multiple government cyber agencies have a new resource defining the minimum elements for software bills of materials (SBOMs) for AI to strengthen the AI-supply chain. The aim is to help public and private sector stakeholders improve transparency in their artificial intelligence (AI) systems and supply chains. The paper, Software Bill of Materials (SBOM) for Artificial Intelligence - Minimum Elements, was published on 12 May and was written by the G7 Cybersecurity Working Group."
        https://www.infosecurity-magazine.com/news/new-sboms-for-ai-guidance-2026/
        https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/SBOM-for-AI_minimum-elements.pdf?__blob=publicationFile&v=4
      • Alleged Dream Market Admin Arrested In Germany After US Indictment
        "German and U.S. authorities arrested the alleged administrator behind Dream Market, a popular dark web forum that shut down in 2019. During a May 7 raid on three locations, German and U.S. law enforcement arrested Owe Martin Andresen, 49, on multiple charges of money laundering. An indictment unsealed this week by the DOJ accused Andresen of being the main administrator of Dream Market. The Justice Department did not respond to requests for comment about whether they will ask for him to be extradited from Germany, where he also faces charges. U.S. Attorney Theodore Hertzberg said Andresen “will be prosecuted in both Germany and the United States as a result of his actions.”"
        https://therecord.media/dream-market-admin-arrested-in-germany
      • Operating Inside The Lethal Trifecta: Blast Radius Reduction In AI Agent Deployments
        "AI agents that can read files, call APIs, and perform actions are already being deployed in enterprises. These agents often operate in the center of what Simon Willison terms ‘the lethal trifecta’: they can access private data, process untrusted content, and communicate externally, making them susceptible to data theft via indirect prompt injection – where an attacker plants instructions in content that the agent reads on behalf of a trusted user, such as an email, a web page, or a document. The agent follows the injected instructions with the user's privileges, and the user never sees the attack. The Agents Rule of Two generalizes the concept: an agent should satisfy at most two of a) processing untrusted inputs, b) accessing sensitive systems, and c) changing state externally."
        https://www.sophos.com/en-us/blog/inside-the-lethal-trifecta-blast-radius-reduction-in-ai-agent-deployments

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) a4379c79-f646-4d4d-b774-e47591b1c505-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post