<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title><![CDATA[ETDA Cyber Threat Intelligence 03 July 2026]]></title><description><![CDATA[<p dir="auto"><strong>Industrial Sector</strong></p>
<ul>
<li><strong>Building More Resilient CNI: What Industry Pen Testers Told Us</strong><br />
"For those of us working in operational technology here at the NCSC, part of our job is to engage with penetration testers. Also known as ‘pen testers’, it’s their job to try to break into systems, poke holes in your infrastructure and find any weak spots. These can then be patched to improve the system’s resilience against attackers who have the same skills, but bad intentions. In this blog, we’ll explain what pen testers told us when we asked: ‘What can organisations do to make your job harder?’"<br />
<a href="https://www.ncsc.gov.uk/blogs/building-more-resilient-cni-what-industry-pen-testers-told-us" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.ncsc.gov.uk/blogs/building-more-resilient-cni-what-industry-pen-testers-told-us</a><br />
<a href="https://www.infosecurity-magazine.com/news/ncsc-tips-make-pen-testers-job/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.infosecurity-magazine.com/news/ncsc-tips-make-pen-testers-job/</a></li>
</ul>
<p dir="auto"><strong>Vulnerabilities</strong></p>
<ul>
<li><strong>New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure</strong><br />
"Threat actors began exploiting the latest CitrixBleed-like vulnerability in NetScaler ADC and NetScaler Gateways less than 24 hours after public disclosure, Scottish cybersecurity firm Lupovis reports. Tracked as CVE-2026-8451 (CVSS score of 8.8), the security defect was disclosed on June 30, when Citrix rolled out patches, and attack surface management company watchTowr published technical details on it. The bug is described as an out-of-bounds read issue affecting NetScaler appliances configured as SAML IDP and leading to memory disclosure."<br />
<a href="https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure/</a></li>
<li><strong>CISA Adds One Known Exploited Vulnerability To Catalog</strong><br />
"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.<br />
CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability"<br />
<a href="https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.cisa.gov/news-events/alerts/2026/07/01/cisa-adds-one-known-exploited-vulnerability-catalog</a><br />
<a href="https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html" target="_blank" rel="noopener noreferrer nofollow ugc">https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html</a><br />
<a href="https://www.bleepingcomputer.com/news/security/cisa-microsoft-sharepoint-rce-flaw-now-actively-exploited/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.bleepingcomputer.com/news/security/cisa-microsoft-sharepoint-rce-flaw-now-actively-exploited/</a><br />
<a href="https://www.securityweek.com/cisa-warns-of-actively-exploited-microsoft-sharepoint-vulnerability/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.securityweek.com/cisa-warns-of-actively-exploited-microsoft-sharepoint-vulnerability/</a><br />
<a href="https://securityaffairs.com/194654/security/u-s-cisa-adds-a-microsoft-sharepoint-server-flaw-to-its-known-exploited-vulnerabilities-catalog.html" target="_blank" rel="noopener noreferrer nofollow ugc">https://securityaffairs.com/194654/security/u-s-cisa-adds-a-microsoft-sharepoint-server-flaw-to-its-known-exploited-vulnerabilities-catalog.html</a><br />
<a href="https://www.theregister.com/security/2026/07/02/microsoft-said-exploitation-was-less-likely-but-cisa-just-added-sharepoint-rce-to-kev-list/5265886" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.theregister.com/security/2026/07/02/microsoft-said-exploitation-was-less-likely-but-cisa-just-added-sharepoint-rce-to-kev-list/5265886</a></li>
<li><strong>Apple’s Hide My Email Doesn’t Hide It Very Well</strong><br />
"404 Media reports that a researcher has found a vulnerability in Apple’s Hide My Email feature that could allow someone to discover a person’s real email address. That’s especially concerning because protecting your real email address is exactly what the feature is designed to do. 404 Media did not publish technical details of the vulnerability to avoid helping attackers exploit it, but said it independently verified that the issue works."<br />
<a href="https://www.malwarebytes.com/blog/news/2026/07/apples-hide-my-email-doesnt-hide-it-very-well" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.malwarebytes.com/blog/news/2026/07/apples-hide-my-email-doesnt-hide-it-very-well</a></li>
<li><strong>WinRAR Flaw Could Allow Attackers To Take Control Of Your Computer</strong><br />
"Rarlab has released a new version of the popular WinRAR tool to patch a vulnerability that can be abused in remote code execution attacks. The issue is fixed in WinRAR 7.23, but users must install the new version manually because WinRAR still does not offer automatic updates. They also need to make sure they download the version that matches their system and language preference. There are five operating system to choose from (Windows, macOS, Android, Linux, and FreeBSD), which shouldn’t be too hard. More people will struggle with choosing 64 bits, 32 bits, or ARM, which requires checking their system specifications."<br />
<a href="https://www.malwarebytes.com/blog/news/2026/07/winrar-flaw-could-allow-attackers-to-take-control-of-your-computer" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.malwarebytes.com/blog/news/2026/07/winrar-flaw-could-allow-attackers-to-take-control-of-your-computer</a></li>
</ul>
<p dir="auto"><strong>Malware</strong></p>
<ul>
<li><strong>JADEPUFFER: Agentic Ransomware For Automated Database Extortion</strong><br />
"Ransomware has had a human at the keyboard, or at least a human writing its script, since it was first established as a category of threat. The Sysdig Threat Research Team (TRT) has captured what we assess to be the first documented case of agentic ransomware: a complete extortion operation driven end-to-end by a large language model (LLM). This operator, which we have dubbed JADEPUFFER, gained initial access to an internet-facing Langflow instance through CVE-2025-3248 and ran an adaptive and fully automated campaign, ultimately pivoting to the intended target and running a destructive database-extortion playbook against the victim's production database server. JADEPUFFER is considered an agentic threat actor (ATA), or an operator whose attack capability is delivered by an AI agent rather than a human-driven toolkit."<br />
<a href="https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion</a><br />
<a href="https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html" target="_blank" rel="noopener noreferrer nofollow ugc">https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html</a><br />
<a href="https://hackread.com/sysdig-jadepuffer-first-agentic-ransomware-operation/" target="_blank" rel="noopener noreferrer nofollow ugc">https://hackread.com/sysdig-jadepuffer-first-agentic-ransomware-operation/</a><br />
<a href="https://www.theregister.com/security/2026/07/02/smooth-ai-criminal-drives-first-end-to-end-agentic-ransomware-attack/5266073" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.theregister.com/security/2026/07/02/smooth-ai-criminal-drives-first-end-to-end-agentic-ransomware-attack/5266073</a></li>
<li><strong>Fake Google And Cloudflare Verification Pages Spread Multiple Malware Families</strong><br />
"ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single mistake can install malware that steals passwords and other sensitive data, gives attackers remote access to your computer, or downloads additional malware that can take full control of your system. We uncovered multiple campaigns using the same infrastructure to deliver malware including HijackLoader, StealC, Remus, Amatera Stealer, CastleLoader, NetSupport, and a Rust-based stealer."<br />
<a href="https://www.malwarebytes.com/blog/threat-intel/2026/07/fake-google-and-cloudflare-verification-pages-spread-multiple-malware-families" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.malwarebytes.com/blog/threat-intel/2026/07/fake-google-and-cloudflare-verification-pages-spread-multiple-malware-families</a></li>
<li><strong>Indirect Prompt Injection In Web Content Targets AI Agents</strong><br />
"AI agents are increasingly changing how users interact with web content, making the content itself a growing attack surface for threat actors. Just as a human user can be socially engineered through phishing, AI agents are also susceptible to similar attacks. Indirect prompt injection (IPI) is an example of these types of attacks that embed malicious instructions in the content retrieved by an AI agent (websites, documents, email, etc.) to influence the agent’s reasoning during task execution. Zscaler ThreatLabz has observed malicious websites that impersonate legitimate services and use IPI to manipulate AI-driven workflows."<br />
<a href="https://www.zscaler.com/blogs/security-research/indirect-prompt-injection-web-content-targets-ai-agents" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.zscaler.com/blogs/security-research/indirect-prompt-injection-web-content-targets-ai-agents</a></li>
<li><strong>From CitrixBleed 2 To Cloudflared: The Tools And Techniques Behind Anubis Ransomware Attacks</strong><br />
"Throughout 2026, Arctic Wolf has investigated multiple Anubis ransomware intrusions. Although threat actor tradecraft differs between intrusions, key themes have emerged: abuse of VPN infrastructure, blending in with legitimate activity through the use of Remote Monitoring and Management (RMM) solutions, and using other legitimate binaries on victim devices. Public reporting has focused largely on the group’s ransomware-as-a-service (RaaS) model, affiliate program, and encryptor payloads. In this research publication, we provide new insight into initial access techniques in Anubis ransomware cases, including exploitation of CitrixBleed 2 (CVE-2025-5777). We also report on the stealthy use of RMM tooling to blend in with legitimate activity, as well as various other techniques used to evade safeguards in victim environments. An understanding of these behaviors provides defenders with opportunities for early detection and containment."<br />
<a href="https://arcticwolf.com/resources/blog/citrixbleed-2-to-cloudflared-the-tools-and-techniques-behind-anubis-ransomware-attacks/" target="_blank" rel="noopener noreferrer nofollow ugc">https://arcticwolf.com/resources/blog/citrixbleed-2-to-cloudflared-the-tools-and-techniques-behind-anubis-ransomware-attacks/</a><br />
<a href="https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html" target="_blank" rel="noopener noreferrer nofollow ugc">https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html</a></li>
<li><strong>Remus Stealer: A New, Not-So-New Infostealer</strong><br />
"The underground marketplace rarely stays quiet for long. A new information-stealing malware dubbed Remus Stealer has surfaced in the cybercrime underground, exhibiting significant similarities to the notorious Lumma malware family across its administration panel, stolen log files, and core code structure. Despite parallels in its code and functionality, threat actors are eagerly buying into the platform. In addition to its familiar features, it provides attackers with a distinct, modern command and control (C2) and networking infrastructure designed to slip past current security perimeters."<br />
<a href="https://flashpoint.io/blog/remus-stealer-a-new-not-so-new-infostealer/" target="_blank" rel="noopener noreferrer nofollow ugc">https://flashpoint.io/blog/remus-stealer-a-new-not-so-new-infostealer/</a></li>
<li><strong>Vect And TeamPCP Partner For Ransomware Campaigns</strong><br />
"Counter Threat Unit<img src="https://webboard-nsoc.ncsa.or.th/assets/plugins/nodebb-plugin-emoji/emoji/android/2122.png?v=2sqmsl7eedm" class="not-responsive emoji emoji-android emoji--tm" style="height:23px;width:auto;vertical-align:middle" title=":tm:" alt="™" /> (CTU) researchers investigated two interconnected threat groups known as Vect and TeamPCP. The two groups announced a formal operational partnership in late March 2026 to combine TeamPCP’s credential harvesting and data theft capabilities with Vect’s ransomware deployment infrastructure in a widespread campaign involving supply chain attacks and the extortion of multiple organizations."<br />
<a href="https://www.sophos.com/en-us/blog/vect-and-teampcp-partner-for-ransomware-campaigns" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.sophos.com/en-us/blog/vect-and-teampcp-partner-for-ransomware-campaigns</a></li>
<li><strong>Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool</strong><br />
"Insikt Group has identified new infrastructure associated with the TAG-182 threat cluster, used to disseminate MarkiRAT malware in support of Iranian government surveillance operations. It is highly likely that TAG-182 is targeting Iranians living inside and outside the country using different lures, including free download tools and fake VPN applications. The group’s operations are highly likely active across social media platforms like Instagram. As the kinetic conflict with the United States and Israel has subsided since April 2026, Iran's security apparatus is likely redirecting its focus toward intensified cyber surveillance and digital enforcement operations targeting perceived dissidents and alleged foreign collaborators."<br />
<a href="https://www.recordedfuture.com/research/nexus-tag182-disseminates-markirat" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.recordedfuture.com/research/nexus-tag182-disseminates-markirat</a><br />
<a href="https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-ir-2026-0701.pdf" target="_blank" rel="noopener noreferrer nofollow ugc">https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-ir-2026-0701.pdf</a></li>
<li><strong>The BYOVD Epidemic: How Attackers Are Weaponizing Trusted Windows Drivers To Kill Security</strong><br />
"Defense evasion has quietly become one of the most consequential stages of an advanced cyber intrusion. As security products have grown harder to beat, attackers have changed their tactics. Rather than attempting to fly under the radar, they are opting to switch off security altogether. With ransomware attacks, in particular, attempting to disable security software is now a standard part of the attack chain. One technique has come to dominate the area of defense evasion and, over the past three years, it has become something close to an epidemic. The Bring Your Own Vulnerable Driver (BYOVD) technique lets attackers abuse flaws in legitimate, validly signed kernel drivers to seize control of the Windows kernel itself and operate at the highest level of privilege on a machine."<br />
<a href="https://www.security.com/threat-intelligence/byovd-vulnerable-drivers" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.security.com/threat-intelligence/byovd-vulnerable-drivers</a></li>
</ul>
<p dir="auto"><strong>Breaches/Hacks/Leaks</strong></p>
<ul>
<li><strong>Medtronic Notifies Customers Impacted By ShinyHunters Data Breach</strong><br />
"Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. The company previously confirmed that its IT systems were compromised by hackers, and the infamous data extortion group ‘ShinyHunters’ claimed the attack. The threat actor said that they were holding 9 million Medtronic records with personally identifiable information (PII) and internal corporate data."<br />
<a href="https://www.bleepingcomputer.com/news/security/medtronic-notifies-customers-impacted-by-shinyhunters-data-breach/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.bleepingcomputer.com/news/security/medtronic-notifies-customers-impacted-by-shinyhunters-data-breach/</a><br />
<a href="https://www.theregister.com/security/2026/07/02/pacemaker-manufacturer-medtronic-warns-patients-cybercrooks-may-have-swiped-health-data/5265768" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.theregister.com/security/2026/07/02/pacemaker-manufacturer-medtronic-warns-patients-cybercrooks-may-have-swiped-health-data/5265768</a></li>
</ul>
<p dir="auto"><strong>General News</strong></p>
<ul>
<li><strong>Under Pressure: Insights From The 2026 Exposure Gap Report</strong><br />
"Risk is concentrating. The 2026 Exposure Gap Report shows vulnerabilities claiming a larger share of critical exposure, and that shift has real implications for how security teams prioritize their response. Two findings are central to this change. Vulnerabilities now represent a much larger share of critical exposure, and only a small percentage of vulnerability alerts are validated as exploitable. Together, these findings show why prioritization depends on context, validation, and a clear understanding of which exposures require action."<br />
<a href="https://blog.checkpoint.com/exposure-management/under-pressure-insights-from-the-2026-exposure-gap-report/" target="_blank" rel="noopener noreferrer nofollow ugc">https://blog.checkpoint.com/exposure-management/under-pressure-insights-from-the-2026-exposure-gap-report/</a></li>
<li><strong>The Endpoint Recovery Gap Many Teams Discover During An Incident</strong><br />
"In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once. Haas walks through what a well-planned recovery looks like, where the bottlenecks appear, and why restoring trusted user access matters more than counting blocked threats. He also shares how security leaders can convince a CFO to fund recovery capability before an incident proves it was worth the spend."<br />
<a href="https://www.helpnetsecurity.com/2026/07/02/matthias-haas-igel-endpoint-recovery-gap/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.helpnetsecurity.com/2026/07/02/matthias-haas-igel-endpoint-recovery-gap/</a></li>
<li><strong>Catching Ransomware On The Wire Before It Locks The File Server</strong><br />
"Corporate networks keep sensitive files off individual workstations and store them on shared servers that staff reach through mapped network drives. That arrangement hands ransomware operators a target worth chasing. A single compromised laptop can begin encrypting files that live on a server across the building, and the encryption travels over the network as ordinary file-sharing traffic. Endpoint detection tools watch the machine they run on. When the encryption lands on a remote file server, the server does little of the visible work. It accepts read and write commands from a client and carries them out, the same way it serves any legitimate user. The agent on the server records normal operation. The agent on the client sees an application touching mapped files. Damage settles in the gap between the two machines, where each agent has a poor view."<br />
<a href="https://www.helpnetsecurity.com/2026/07/02/shared-storage-ransomware-detection-research/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.helpnetsecurity.com/2026/07/02/shared-storage-ransomware-detection-research/</a><br />
<a href="https://arxiv.org/pdf/2606.30586" target="_blank" rel="noopener noreferrer nofollow ugc">https://arxiv.org/pdf/2606.30586</a></li>
<li><strong>What The AI Patch Gap Means For Enterprise Security</strong><br />
"Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source code paths and routed verified findings to the projects that own them. Tuskira studied what happens to those findings once they reach human hands. The program reported 1,596 verified vulnerabilities, spread across hundreds of projects over a window of about nine weeks. Six external security research firms triaged the findings before they reached maintainers."<br />
<a href="https://www.helpnetsecurity.com/2026/07/02/open-source-ai-patch-gap/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.helpnetsecurity.com/2026/07/02/open-source-ai-patch-gap/</a></li>
<li><strong>Cybercrime In Australia 2025</strong><br />
"In 2025, 10,593 online Australians participated in the Australian Cybercrime Survey. Nearly half of all respondents reported having been a victim of some form of cybercrime in the 12 months prior to the survey. This included online abuse and harassment (24.9% of respondents), followed by malware (21.5%), identity crime and misuse (20.6%) and fraud and scams (11.4%). One in five respondents experienced multiple types of cybercrime. Between 2024 and 2025, the proportion of respondents who had been a victim of online fraud and scams increased."<br />
<a href="https://www.aic.gov.au/publications/sr/sr59" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.aic.gov.au/publications/sr/sr59</a><br />
<a href="https://www.darkreading.com/cybersecurity-analytics/aussies-face-reduced-cybercrime-risk-pressure-shifts-smbs" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.darkreading.com/cybersecurity-analytics/aussies-face-reduced-cybercrime-risk-pressure-shifts-smbs</a></li>
<li><strong>Apple Reverses Age-Old Patch Policy To Keep Up With AI</strong><br />
"Apple is changing its approach to security patching, in response to the growing threat of accelerated artificial intelligence (AI) attacks. The company has historically saved big, bundled sets of bug fixes for new versions of its operating system (OS). That's set to change. The company released a variety of security updates June 29 for iPhones, iPads, Macbooks, and the Safari browser, untethered to any major version releases. It's hardly the first time it's released security updates out-of-band, but the motivation was different this time. According to Reuters, the company said "it was adapting to the reality that, given the ability of artificial intelligence to speed the development of malicious hacking tools, it ⁠needed to reduce the time between when updates were first made public and when they were put into customers' hands.""<br />
<a href="https://www.darkreading.com/cybersecurity-operations/apple-patch-policy-ai" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.darkreading.com/cybersecurity-operations/apple-patch-policy-ai</a></li>
<li><strong>When Too Much Security Data Became The Risk</strong><br />
"For years, conventional wisdom in security operations was simple: collect everything. Logs were cheap. Storage was plentiful. And the more data a team had, the more confident it could feel about detection and forensics. That assumption quietly broke as organizations scaled. At Vensure Employer Solutions, a privately held HR services and payroll provider supporting more than 95,000 businesses, telemetry volume did not just grow; it exploded. Rapid acquisitions, expanding infrastructure, and a growing customer base turned routine firewall traffic into a relentless stream of raw data flowing into the company's security information and event management (SIEM) environment."<br />
<a href="https://www.darkreading.com/cyber-risk/too-much-security-data-risk" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.darkreading.com/cyber-risk/too-much-security-data-risk</a></li>
<li><strong>Researcher Behind 'Exploitarium' Explains Release Of Undisclosed Zero-Day Exploits</strong><br />
"A pseudonymous security researcher has released over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects without disclosing them to the maintainers first. The dump, called ‘Exploitarium,’ was shared publicly on GitHub by an individual going by name ‘bikini’ and ‘ashdfrkl’ on Discord. First published on June 27, the repository initially included around 15 exploits, before the researcher updated it over the next few days with new entries."<br />
<a href="https://www.infosecurity-magazine.com/news/researcher-exploitarium-exploits/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.infosecurity-magazine.com/news/researcher-exploitarium-exploits/</a></li>
<li><strong>Missed Incidents, Persistent Threats, And Response Gaps: Insights From Compromise Assessment Projects</strong><br />
"The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis (including darknet sources), tool-aided endpoint scanning, a systematic review of security event logs and network traffic, and, when necessary, an initial incident response and digital forensic investigation. This report focuses on missed incidents – threats that remained undetected for weeks, months, or even years."<br />
<a href="https://securelist.com/compromise-assessment-findings-2025/120542/" target="_blank" rel="noopener noreferrer nofollow ugc">https://securelist.com/compromise-assessment-findings-2025/120542/</a></li>
<li><strong>How To Conduct a Successful Audit Of AI-Driven Software Development</strong><br />
"Traditionally, an audit independently examines records, processes and controls to verify compliance and assess financial and operational integrity. In the modern world, such an approach should extend to the software development lifecycle (SDLC) – especially in the age of artificial intelligence (AI) or large language model (LLM)-assisted code. Chief Information Security Officers (CISOs) and their teams need proof that developers are producing protected products, because one in five organizations has experienced a serious security incident directly tied to AI-generated code. Getting to the root of the problems requires visibility into who is leveraging AI, what tools they are using and where AI-generated code is introduced into the SDLC. This is considered the ADLC: the agentic development lifecycle."<br />
<a href="https://www.securityweek.com/how-to-conduct-a-successful-audit-of-ai-driven-software-development/" target="_blank" rel="noopener noreferrer nofollow ugc">https://www.securityweek.com/how-to-conduct-a-successful-audit-of-ai-driven-software-development/</a></li>
<li><strong>Google’s Continued Disruption Of Malicious Residential Proxy Networks</strong><br />
"Today, in coordination with the FBI, Lumen, and others, Google took action against the NetNut residential proxy network, also known as Popa. This action builds on our disruption of the IPIDEA proxy network that took place in January 2026, and is a continuation of Google’s objective to dismantle malicious residential proxy networks."<br />
<a href="https://cloud.google.com/blog/topics/threat-intelligence/google-continued-disruption-residential-proxy-networks" target="_blank" rel="noopener noreferrer nofollow ugc">https://cloud.google.com/blog/topics/threat-intelligence/google-continued-disruption-residential-proxy-networks</a><br />
<a href="https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html" target="_blank" rel="noopener noreferrer nofollow ugc">https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html</a></li>
</ul>
<p dir="auto"><strong>อ้างอิง</strong></p>
<p dir="auto">Electronic Transactions Development Agency (ETDA) <img src="/assets/uploads/files/1783061469662-820e18b2-6258-4b01-aaf0-f765073f98dc-image.png" alt="820e18b2-6258-4b01-aaf0-f765073f98dc-image.png" class=" img-fluid img-markdown" /></p>
]]></description><link>https://webboard-nsoc.ncsa.or.th/topic/3055/etda-cyber-threat-intelligence-03-july-2026</link><generator>RSS for Node</generator><lastBuildDate>Fri, 03 Jul 2026 10:05:42 GMT</lastBuildDate><atom:link href="https://webboard-nsoc.ncsa.or.th/topic/3055.rss" rel="self" type="application/rss+xml"/><pubDate>Fri, 03 Jul 2026 06:51:20 GMT</pubDate><ttl>60</ttl></channel></rss>