NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 16 July 2026

    Cyber Security News
    1
    1
    13
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • ICS Patch Tuesday: Vulnerabilities Fixed By Siemens, Schneider, Rockwell
        "Industrial giants Siemens, Schneider Electric, and Rockwell Automation have published July 2026 Patch Tuesday advisories to inform customers about vulnerabilities found in their ICS products. Siemens published nine new advisories, including six that cover critical vulnerabilities (based on CVSS score). A CVSS score of 10 has been assigned to a token invalidation vulnerability in Opencenter X that allows an attacker to bypass authentication and gain full access to the application. Critical vulnerabilities have also been patched or mitigated by Siemens in Mendix, Sidis Secured SmartPlug, Simatic S7-1500, Cadra, and Desigo CC. The security holes, many of which affect third-party components, can be exploited to launch DoS attacks, execute code, obtain sensitive data, and escalate privileges."
        https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-fixed-by-siemens-schneider-rockwell/

      New Tooling

      • SingGuard-NSFA: Open-Source Guardrails For Agentic AI
        "SingGuard-NSFA is an open-source guardrail framework aimed at operational threats in agent workflows. Four models ship at 0.8B, 2B, 4B, and 9B parameters, all built on Qwen3.5 base backbones. The NSFA risk taxonomy organizes threats along the CIA triad of confidentiality, integrity, and availability. It defines 185 risk variants grouped under a smaller set of top-level domains and mid-level categories, cross-validated against three OWASP guidelines."
        https://www.helpnetsecurity.com/2026/07/15/singguard-nsfa-open-source-agentic-ai-guardrails/
        https://github.com/inclusionAI/SingGuard-NSFA

      Vulnerabilities

      • Zoom Warns Of Critical Account Takeover Vulnerability
        "Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts. Discovered internally, the security issue is tracked as CVE-2026-53412 and received a severity score of 9.8 out of 10. In an advisory this week, the messaging platform says that the flaw affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0."
        https://www.bleepingcomputer.com/news/security/zoom-warns-of-critical-account-takeover-vulnerability/
        https://www.zoom.com/en/trust/security-bulletin/zsb-26014/
      • Vulnerabilities Patched By Fortinet, Ivanti, ServiceNow
        "Fortinet, Ivanti, and ServiceNow on Tuesday rolled out patches for 15 vulnerabilities across their products. ServiceNow resolved a critical remote code execution (RCE) flaw in the ServiceNow AI platform that can be exploited without authentication. The bug is tracked as CVE-2026-6875 (CVSS score of 9.5). “ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners,” the company said. Ivanti released fixes for two security defects in its data aggregation and visualization tool Xtraction, tracked as CVE-2026-14902 and CVE-2026-14903."
        https://www.securityweek.com/vulnerabilities-patched-by-fortinet-ivanti-servicenow/
      • Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates
        "Google and Mozilla have released fresh Chrome 150 and Firefox 152 updates that resolve critical-severity vulnerabilities. Mozilla rolled out Firefox 152.0.6 with patches for two critical security defects, warning that exploit code has been published for both. The bugs are tracked as CVE-2026-15718 and CVE-2026-15719, and are described as an invalid pointer in the ‘JavaScript: WebAssembly’ component and a site isolation issue in the ‘DOM: Navigation’ component."
        https://www.securityweek.com/critical-vulnerabilities-patched-with-fresh-chrome-150-firefox-152-updates/
        https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2023-4346 KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability
        CVE-2026-46817 Oracle E-Business Suite Improper Privilege Management Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/07/15/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • PromptFiction: One-Click Claude Desktop Vulnerability
        "A single click on a trusted-looking link runs an attacker's instructions inside Claude Desktop. No confirmation, no review. Claude Desktop registers a claude:// URL scheme. Click a link that uses it and the app opens, takes a prompt from the link, and submits it. The user never sees the full prompt, and never approves it. We proved it with a decoy ASCII-art tool: the link it hands you carries a request you can read and an instruction you cannot. The same channel can plant a hidden prompt, exfiltrate conversation history, read the file system, or execute code."
        https://www.oasis.security/resources/reports/claude-url-scheme-prompt-injection
        https://pages.oasis.security/rs/106-PZV-596/images/promptfiction-claude-desktop-technical-report.pdf?version=0
        https://www.darkreading.com/vulnerabilities-threats/claude-flaw-malicious-prompts-ai-agents
        https://hackread.com/promptfiction-flaw-auto-prompts-claude-desktop/
      • The Cursor Deeplink Vulnerability That Turns a “review This PR” Click Into Remote Code Execution
        "A crafted cursor:// link installs an attacker-controlled MCP server that executes unsandboxed commands under your account. The install dialog is supposed to be the safeguard, but it doesn’t reliably show the command being approved. The attack comes in two variants. Both hide the real command inside the dialog, one also disguises the link as a routine code review. Cursor’s own triage named the root cause in writing, closed the report as a duplicate, but the latest build is still vulnerable. An attacker, posing as a teammate, sends you a link to review a pull request. You click it, Cursor opens, and a dialog asks you to install an MCP server with a command that looks routine. You approve it the way you approve a dozen prompts a day. The MCP server is attacker-controlled, and it now runs commands as you, with no sandbox between it and your files, your tokens, and your shell."
        https://adversa.ai/blog/cursor-security-deepjack-deeplink-vulnerability-mcp-rce/
        https://www.darkreading.com/application-security/2-click-cursor-exploit-dev-environment-takeover
      • An AI Overthinking Attack Can Tie a Robot Up For Over a Minute
        "Robots that read the world through cameras now lean on large vision-language models to interpret what they see and decide what to do next. These models handle images and text together, so any words that fall inside the camera frame become part of the input. A stop sign, a street name, a sticker on a wall. Researchers at Michigan Technological University have shown that this reading habit opens a door for attackers, and the door leads to a denial-of-service problem that looks nothing like the ones most defenders track."
        https://www.helpnetsecurity.com/2026/07/15/robot-ai-overthinking-attack/
        https://arxiv.org/pdf/2607.01518
      • Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
        "Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a core system component that manages user accounts and environments. "The PoC requires another standard user credential and a third username (which can be an administrator account)," Chaotic Eclipse said. "If the PoC is successful, it will end up mounting the target user hive in the current user classes root.""
        https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html
        https://securityaffairs.com/195418/hacking/chaotic-eclipse-unveils-legacyhive-exploit-affecting-fully-patched-windows-systems.html
        https://www.theregister.com/security/2026/07/15/microsofts-serial-tormentor-drops-legacyhive-0-day/5271723

      Malware

      • Case Study: Distribution Of a CoinMiner Targeting Linux SSH Servers Via Malware Distribution Via Network Transmission
        "The AhnLab SEcurity intelligence Center (ASEC) is monitoring attacks targeting poorly managed Linux servers using multiple honeypots. Recently, ASEC identified cases where malware with propagation capabilities was used to install the XMRig CoinMiner. In these attack cases, malware such as ShellBot, MIG LogCleaner, and XHide were used. The threat actors created and used downloaders and propagation malware written in the Go programming language; they also built and used scripts with Shc (Shell Script Compiler). The same threat actors appear to have been carrying out these attacks since at least 2023."
        https://asec.ahnlab.com/en/94484/
      • Six Minutes To Compromise: How ‘Patriot Bait’ Actor Used AI To Build And Deploy a C&C Botnet
        "TrendAI™ Research obtained and analyzed 200 Gemini CLI session logs from the Russian-speaking threat actor known as “bandcampro” that provided a month-long window (March 19-April 21, 2026) into the actor's daily AI-assisted operations. The logs documented how the threat actor used an AI agent to migrate a command-and-control (C&C) server, and to control a small-scale botnet, among other hacking activities. The actor used Google Gemini CLI to deploy and operate a C&C infrastructure to control eight computers in a dental clinic and access their OpenDental database."
        https://www.trendmicro.com/en_us/research/26/g/actor-behind-patriot-bait-used-ai-to-deploy-c2-botnet.html
        https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/
      • Coordinated AsyncAPI Supply Chain Attack: Miasma RAT Delivered Via Compromised CI/CD Pipelines In Two Repositories
        "On July 14, 2026 at 07:10 UTC, three packages in the AsyncAPI generator monorepo (@asyncapi/[email protected], @asyncapi/[email protected], and @asyncapi/[email protected]) were published to npm carrying an obfuscated dropper that fires the moment the library is loaded, not on install. The packages were published through the project's own legitimate GitHub Actions release workflow and carry valid npm OIDC provenance attestations, because the attacker didn't steal an npm token: they gained push access to the repository's next branch and let the project's real CI/CD pipeline do the publishing for them."
        https://www.stepsecurity.io/blog/compromised-next-branch-pushes-malicious-asyncapi-generator-generator-helpers-and-generator-components-to-npm
        https://www.ox.security/blog/asyncapi-npm-organization-compromised-2m-weekly-downloads-affected/
        https://safedep.io/asyncapi-generator-supply-chain-attack-miasma-rat/
        https://socket.dev/blog/asyncapi-supply-chain-attack
        https://www.bleepingcomputer.com/news/security/-asyncapi-npm-packages-infected-with-credential-stealing-malware/
        https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html
        https://securityaffairs.com/195395/security/asyncapi-npm-supply-chain-attack-malware-injected-into-packages-with-2-million-weekly-downloads.html
      • When Routine Becomes The Threat: The Evolution Of Finance-Themed Phishing
        "Finance-themed phishing campaigns are evolving toward process-oriented messaging tactics, in which email subject lines are utilizing more process-driven language rather than pressure-driven. Threat actors are shifting away from messaging that uses overt emotional urgency and toward ordinary business language that mirrors daily financial workflows. We are seeing these campaigns more frequently, which may indicate a shift towards a more widely adopted approach. This trend also presents detection challenges, making these messages harder to distinguish as they closely resemble legitimate finance-related email correspondences such as invoices, remittance notices, procurement requests, contract revisions, and vendor follow-ups that are likely to bypass AI-based security email gateways (SEGs) and other email security technologies."
        https://cofense.com/blog/when-routine-becomes-the-threat-the-evolution-of-finance-themed-phishing
      • Cyberstalkers Are Exploiting Chrome Sync To Spy On Victims
        "Emma* (not her real name) thought she’d finally found a way out. Late one night, while her partner was asleep, she spent twenty minutes searching for a family lawyer and reading through a domestic abuse support website, careful to close the tabs afterwards. Two days later, her partner brought it up. He knew which website she’d visited and exactly when. Emma had been careful to only ever use her own device, and she hadn’t noticed any new apps appear on her phone. What she didn’t know was that weeks earlier, during a few unattended minutes with her phone, he had opened the Chrome app and quietly signed it into a Google account of his own."
        https://www.certosoftware.com/insights/cyberstalkers-exploiting-chrome-sync-to-spy/
        https://cyberscoop.com/google-chrome-sync-cyberstalking-exploit/
      • The Agentic Attacker: One Objective, One Prompt, Forty Minutes, Domain Admin – Game Over
        "In a controlled enterprise lab, we tested how far an agentic attack stack could go by harnessing a frontier model with an agent platform, MCP-enabled tooling, operational context, and enough autonomy to execute a complete attack path. We demonstrated a complete end-to-end attack chain, from external access to Domain Administrator privileges, using an agentic attack stack in a controlled Active Directory environment. A condensed video demonstration of the successful execution is included as part of this research."
        https://www.catonetworks.com/blog/the-agentic-attacker-one-objective-one-prompt-forty-minutes-domain-admin-game-over/
        https://cyberscoop.com/ai-cybersecurity-harness-autonomous-hacking/
      • SeasonalInvite: New Phishing Campaign Abuses eCards And RMM
        "A phishing campaign we named SeasonalInvite has been deploying and abusing commercial Remote Monitoring and Management (RMM) tools on victims since at least January 2026, using social engineering themes tied to the seasonal calendar. The campaign targets both Windows and macOS users. This investigation confirmed abuse of four RMM tools: ConnectWise ScreenConnect, LogMeIn Resolve, Kaseya, and O&O Syspectr. We identified 959 eCard-themed domains and a Traffic Distribution System (TDS) using 2,658 gate pages to route victims to phishing pages while blocking automated security scanners."
        https://www.forescout.com/blog/seasonalinvite-new-phishing-campaign-abuses-ecards-and-rmm/
        https://www.infosecurity-magazine.com/news/seasonalinvite-phishing-ecards-rmm/
      • OkoBot: New Sophisticated Malware Framework Targets Cryptocurrency Users
        "In January 2026, we identified multiple attacks involving unknown malware that captures the contents of cryptocurrency wallet windows. During the investigation, we reconstructed the complete infection chain, which consisted of four tightly linked stages initiated by the execution of the previously described malicious PowerShell script TookPS. However, this campaign differs from previous activity in that it uses a new framework to deliver all malicious modules and orchestrate them via an SSH tunnel. In total, the framework includes more than 20 malicious payloads and implants, covering a wide variety of functions. At the time of writing, the threat remains active."
        https://securelist.com/okobot-framework-targets-cryptocurrency-wallets/120660/
        https://thehackernews.com/2026/07/okobot-malware-framework-injects-seed.html
      • ClaudeFix: Shared Claude Chats Meet ClickFix
        "ClickFix is a widely employed attack technique, first seen in 2024, where a victim is instructed to paste-and-run instructions on their system to “fix” a problem or install software. The seemingly benign instructions are, in fact, malicious and lead to the deployment of malware onto the victim’s system. Zscaler Threat Hunting has identified recent ClickFix attacks abusing Anthropic’s Claude platform through the use of shareable Claude chats to host these instructions, which marks a shift from typical attacks. As AI platforms have grown in popularity, threat actors have increasingly abused legitimate features such as shareable chats to lend credibility to malicious content. In this blog post, the Zscaler Threat Hunting team examines a MacSync Stealer campaign distributed through shared Claude chats."
        https://www.zscaler.com/blogs/security-research/claudefix-shared-claude-chats-meet-clickfix
      • Bind Link Abuse: One Windows Feature, Many Ways To Blind Your EDR
        "Windows includes a file-system virtualization feature that can redirect one local path to another without modifying the original file or leaving a persistent filesystem artifact. It is implemented by bindflt.sys, the Bind Filter minifilter driver, and used legitimately by Store apps, Windows Sandbox, and Windows containers. Bitdefender Labs documented and named three new techniques that an attacker running as a local administrator can use to blind EDR sensors and bypass built-in Windows defenses such as AMSI and AppLocker."
        https://businessinsights.bitdefender.com/bind-link-abuses-windows-feature-edr-evasion-technique
        https://www.securityweek.com/windows-bind-link-attacks-can-hide-malware-from-edr-tools/
      • TuxBot v3: Inside An IoT Botnet Framework With LLM-Assisted Development
        "We identified a previously undocumented modular internet-of-things (IoT) botnet framework named TuxBot v3 Evolution. The malware authors leveraged an LLM to assist in their code development, yielding mixed results. While the AI complied with their request to generate botnet code, it included a safety disclaimer that the developer failed to remove before shipping. Although the LLM clearly aided in constructing the botnet, several functions in the analyzed samples failed to work correctly. While a manual code review could have easily resolved these errors, the authors neglected this step. However, it is highly likely that corrected, more polished iterations exist, which significantly elevates the potential threat posed by this malware."
        https://unit42.paloaltonetworks.com/tuxbot-v3-evolution-iot-botnet/
        https://thehackernews.com/2026/07/tuxbot-v3-evolution-shows-signs-of-llm.html
      • 'The Bots Are Alive!' Jailbroken Gemini Spun Up New C2 Server For Russian Fraudster In Just 6 Minutes
        "A jailbroken Google Gemini did 90 percent of the work in a credential- and cryptocurrency-stealing spree, including spinning up a new command-and-control (C2) server in just six minutes, according to a TrendAI report shared exclusively with The Register. The human behind the heist – a solo Russian-speaking miscreant known as “bandcampro” – acted as the manager of the cyber-fraud operation, which targeted hardcore Trump supporters and conspiracy theorists."
        https://www.theregister.com/research/2026/07/14/the-bots-are-alive-jailbroken-gemini-spun-up-new-c2-server-for-russian-fraudster-in-just-6-minutes/5270131
      • Clubfoot Wolf Launches Massive Offensive On Russian Businesses
        "In May and June 2026, the Clubfoot Wolf cluster conducted a large‑scale campaign targeting Russian organizations across the following sectors: manufacturing, retail, e‑commerce, agriculture, IT, transportation, healthcare, and science. The primary targets were Russian wholesale distributors of chemical products. The adversary also attacked several organizations in Belarus."
        https://bi.zone/eng/expertise/blog/clubfoot-wolf-massovo-komprometiruet-rossiyskie-kompanii/
      • Suspected Chinese Operators Use Claude Code And DeepSeek To Target Government And Financial Systems Across Four Countries
        "In June 2026, a pivot from known TencShell C2 infrastructure led us to an open directory exposing an active intrusion campaign. TencShell is a Go-based implant derived from the open-source Rshell framework, first documented by Cato CTRL in May 2026 and assessed there as suspected China-linked. The directory held victim source code, custom exploit scripts, operational logs, and cloned login pages, with the attack notes written in Simplified Chinese. What caught our attention was the tooling behind it. Claude Code and DeepSeek-v4-pro ran as working parts of the intrusion, not tools off to the side. They handled reasoning for bypass techniques, reworked exploits after failed attempts, and built the phishing pages used to harvest credentials. That puts this campaign alongside Anthropic's November 2025 disclosure of a China-linked operation that used Claude Code to automate large-scale intrusions."
        https://hunt.io/blog/chinese-operators-claude-deepseek-government-intrusion
      • No Single Pane Of Glass: Anatomy Of An Azure Permission Takeover
        "The Sysdig Threat Research Team (TRT) recently watched as an attacker started with a single leaked service-principal credential and, by the next morning, owned the tenant. This attacker took complete, dual-plane control of the tenant with Global Administrator (GA) ownership of the directory and root-level access over every resource. They planted persistence across dozens of identities and took the keys to the telemetry pipeline that was supposed to be watching them. Stopping this attack was easy. However, analyzing the attack was actually quite complex, and it came down to one question with many answers:"
        https://www.sysdig.com/blog/no-single-pane-of-glass-anatomy-of-an-azure-permission-takeover

      Breaches/Hacks/Leaks

      • Infostealer Malware Triggers Major Database Breach At The Argentine Football Association
        "When the Argentine Football Association (AFA) suffered a significant cyberattack, media outlets were quick to cover the fallout. The breach resulted in sensitive database leaks and unauthorized communications originating from official AFA domains, causing severe reputational and operational damage. The incident was also widely reported on X, including from accounts like Polymarket with tens of thousands of likes."
        https://www.infostealers.com/article/infostealer-malware-triggers-major-database-breach-at-the-argentine-football-association/
        https://www.theregister.com/security/2026/07/13/world-cup-grudge-attackers-may-have-scored-argentine-fa-access-via-year-old-infostealer-infection/5270302

      General News

      • Establishing a Coordinated Vulnerability Disclosure Program To Work With Security Researchers
        "Developed by CISA, the National Security Agency (NSA) and international partners, this joint guidance contains best practices for software manufacturers and online service providers to design and implement a coordinated vulnerability disclosure (CVD) program for working with external security researchers that includes a clear vulnerability disclosure policy (VDP) and process for triaging, remediating and assigning Common Vulnerabilities and Exposures (CVE) identifiers to reported vulnerabilities. The guidance also provides considerations for leveraging third-party intermediaries, like CISA or other national computer security incident response teams, to substitute or supplement a CVD program."
        https://www.cisa.gov/resources-tools/resources/establishing-coordinated-vulnerability-disclosure-program-work-security-researchers
        https://www.cisa.gov/sites/default/files/2026-07/joint-guide-establishing-a-cvd-program-to-work-with-security-researchers_508c.pdf
      • June 2026 Infostealer Trend Report
        "This report summarizes the distribution channels, number of Infostealers, number of detections, and information on companies disguised by new Infostealers collected during June 2026. The collected samples were obtained through an automated data collection system, an email honeypot system, and an automated malware C2 analysis system operated by ASEC (AhnLab SEcurity intelligence Center)."
        https://asec.ahnlab.com/en/94486/
      • Dutch Police Bust Investment Fraud Ring Stealing Over €100 Million
        "The Dutch Police announced the arrest of multiple individuals suspected of being part of an international investment fraud scheme estimated to have tens of thousands of victims. The group is believed to have operated 20 call centers, with more than 700 people posing as financial advisers. Authorities estimate that the criminal organization at one point made more than 100 million euros ($114 million) per month. The call centers were located in different places across multiple countries, and each hosted several teams with distinct roles and targeting focuses."
        https://www.bleepingcomputer.com/news/security/dutch-police-bust-investment-fraud-ring-stealing-over-100-million/
        https://therecord.media/dutch-police-dismantle-global-crypto-investment-scam
      • US Charges Alleged Operators Of Russian Bulletproof Hosting Service
        "U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof hosting (BPH) services to ransomware gangs that caused over $62 million in damages to victims worldwide. BPH providers lease servers that help hinder disruption efforts targeting their malicious activities, including malware delivery, command-and-control operations, phishing attacks, and illicit content hosting. They market themselves as "bulletproof" by ignoring victims' complaints and subsequent law enforcement takedown requests."
        https://www.bleepingcomputer.com/news/security/us-charges-alleged-russian-bulletproof-hosting-service-operators/
        https://www.bankinfosecurity.com/feds-target-widely-used-russian-bulletproof-hosting-services-a-32230
        https://www.securityweek.com/us-charges-russian-individuals-and-firms-for-running-cybercrime-services/
      • The State Of Ransomware 2026: Payments Are Dropping But Encryption Is Climbing
        "This year's data has a few eyebrow-raising departures from the patterns of past State of Ransomware reports. Exploited vulnerabilities lost their three-year grip on the top root-cause spot. Median ransom demands and payments both dropped, yet the average recovery bill still climbed. And small organizations (100-250 employees) are falling further behind their larger peers on the one metric that matters most: stopping the attack before data gets encrypted. The seventh annual Sophos State of Ransomware report is based on a vendor-agnostic survey of 2,158 IT and security leaders whose organizations were hit by ransomware in the last 12 months."
        https://www.sophos.com/en-us/blog/sophos-state-of-ransomware-2026
        https://www.darkreading.com/identity-access-management-security/identity-attacks-overtake-exploits-top-ransomware-cause
        https://www.infosecurity-magazine.com/news/compromised-logins-ransomware-entry/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 0f940cfe-606c-472c-ac6d-a3d012ad250a-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post