NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ
    1. หน้าแรก
    2. NCSA_THAICERT
    • รายละเอียด
    • ติดตาม 0
    • คนติดตาม 3
    • กระทู้ 2,377
    • กระทู้ 2,378
    • ดีที่สุด 0
    • Controversial 0
    • กลุ่ม 2

    NCSA_THAICERT

    @NCSA_THAICERT

    1
    ชื่อเสียง
    56
    ดูข้อมูลส่วนตัว
    2.4k
    กระทู้
    3
    คนติดตาม
    0
    ติดตาม
    เข้าร่วม ออนไลน์ล่าสุด
    เว็บไซต์ www.ncsa.or.th/?fbclid=IwAR0BqJEC-CJzBs98rlBxUbZkNBgp1g814xdDNNaKnHTrxfqZhPD--ksY68I

    NCSA_THAICERT เลิกติดตาม ติดตาม
    Global Moderator administrators

    Latest posts made by NCSA_THAICERT

    • CISA เผยแพร่คำแนะนำด้านระบบควบคุมอุตสาหกรรม (ICS) จำนวน 5 รายการ

      Cybersecurity and Infrastructure Security Agency (CISA) ได้เผยแพร่คำแนะนำเกี่ยวกับระบบควบคุมอุตสาหกรรม (ICS) จำนวน 5 รายการ เมื่อวันที่ 14 กรกฏาคม 2569 เพื่อให้ข้อมูลที่ทันเวลาเกี่ยวกับประเด็นด้านความมั่นคงปลอดภัย ช่องโหว่ และการโจมตีที่เกี่ยวข้องกับระบบ ICS โดยมีรายละเอียดดังนี้

      • ICSA-26-195-01 ABB Advant Master Online Builder
      • ICSA-26-195-02 ABB Ability Edgenius
      • ICSA-26-195-03 ABB T-MAC Plus
      • ICSA-26-195-04 Rockwell Automation 1715 EtherNet/IP Communications Module
      • ICSA-25-352-01 Inductive Automation Ignition (Update A)

      อ้างอิง
      https://www.cisa.gov/news-events/ics-advisories c6e2e267-7840-4c4e-aa21-fd663bcc6015-image.png

      โพสต์ใน OT Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • CISA เพิ่มช่องโหว่ที่ถูกใช้โจมตี 4 รายการลงในแคตตาล็อก

      เมื่อวันที่ 14 กรกฏาคม 2569 Cybersecurity and Infrastructure Security Agency (CISA) ได้เพิ่มช่องโหว่ใหม่ 4 รายการลงในแคตตาล็อก Known Exploited Vulnerabilities (KEV) จากหลักฐานที่พบว่ามีการโจมตีใช้งานจริงแล้ว มีรายละเอียดดังนี้

      • CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
      • CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability
      • CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
      • CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability

      อ้างอิง
      https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-adds-four-known-exploited-vulnerabilities-catalog

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 554f257a-9846-40a0-b0e2-2eb315006ebd-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ETDA Cyber Threat Intelligence 15 July 2026

      Industrial Sector

      • ABB T-MAC Plus
        "ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. An attacker who successfully exploited any of these vulnerabilities could potentially compromise the system in different ways."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-03
      • Rockwell Automation 1715-AENTR EtherNet/IP Adapter
        "Successful exploitation of this vulnerability could allow an attacker to read or delete files, stop tasks, modify memory, and change I/O states, potentially impacting the confidentiality, integrity, and availability of the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-04
      • ABB Advant Master Online Builder
        "ABB became aware of vulnerability in the products versions listed as affected in the advisory, where an incorrect version of Online Builder (ONB) was included in the media. An update is available that resolves the vulnerability, see details in Recommended immediate actions."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-01
      • ABB Ability Edgenius
        "ABB is aware of public reports of a vulnerability CVE‑2026‑31431 (Copy Fail) in the product versions listed as affected in the advisory. An update is available that resolves a publicly reported vulnerability. CVE‑2026‑31431 (Copy Fail) is a Linux kernel vulnerability that may allow a locally authenticated user or compromised container workload to gain elevated (root) privileges on affected systems. Once root access is obtained, the attacker can effectively gain complete control of the system"
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-195-02

      New Tooling
      Chatto: Open-Source Team Messenger With Privacy At Its Core
      "Teams that want their group chats off commercial platforms have a growing menu of self-hosted options. Chatto joined that group when its developer released the code under an open-source license and posted binaries for anyone to run on their own hardware. The software aims at the same ground as the large team messaging services, and it keeps message data on infrastructure the operator controls. Installation runs through a single executable. An operator drops the binary onto a machine, runs it, and gets a working chat server that serves its own web frontend. Builds exist for Linux on x86_64 and ARM64, macOS, and Windows. A basic setup needs no separate database, and larger deployments scale out with Docker Compose or Kubernetes."
      https://www.helpnetsecurity.com/2026/07/14/chatto-self-hosted-chat-app-privacy/
      https://github.com/chattocorp/chatto

      Vulnerabilities

      • SonicWall Warns Of SMA1000 Flaws Exploited In Zero-Day Attacks, Patch Now
        "SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. CVE-2026-15409 is a critical (CVSS 10.0) server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface that allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations. CVE-2026-15410 is a high-severity (CVSS 7.2) post-authentication code injection flaw in the SMA1000 Appliance Management Console that could allow a remote authenticated administrator to execute arbitrary operating system commands."
        https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-flaws-exploited-in-zero-day-attacks-patch-now/
        https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008
        https://www.helpnetsecurity.com/2026/07/14/sonicwall-sma-attacks-via-cve-2026-15409-cve-2026-15410/
      • SAP Warns Of Critical Flaws In NetWeaver And Commerce Cloud
        "SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. The first critical issue patched this month is a memory corruption security issue (tracked as CVE-2026-44747) stemming from an out-of-bounds write weakness in the NetWeaver Application Server ABAP (AS ABAP), the runtime environment, application server, and development platform for core SAP enterprise software."
        https://www.bleepingcomputer.com/news/security/sap-warns-of-critical-flaws-in-netweaver-and-commerce-cloud/
        https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html
        https://thehackernews.com/2026/07/sap-patches-cvss-99-netweaver-abap-flaw.html
        https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver-approuter-commerce-cloud/
      • 7 Severe Vulnerabilities Patched In VMware Avi Load Balancer
        "Broadcom announced on Tuesday that new VMware Avi Load Balancer updates patch several critical and high-severity vulnerabilities. VMware Avi Load Balancer is a software-defined platform that provides load balancing, application security, and analytics for applications in hybrid and multi-cloud environments. According to Broadcom, two external researchers recently discovered that the VMware product is affected by seven potentially serious vulnerabilities."
        https://www.securityweek.com/7-severe-vulnerabilities-patched-in-vmware-avi-load-balancer/
        https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37926
      • CISA Urges SharePoint Hardening After New Exploitations
        "CISA is aware of active exploitation of vulnerabilities CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, enabling cyber threat actors to gain unauthorized access to on-premises SharePoint Server instances. These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware. Organizations should monitor affected SharePoint Servers closely for any signs of exploitation or unusual activity."
        https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations
      • Microsoft July 2026 Patch Tuesday Fixes Massive 570 Flaws, 3 Zero-Days
        "Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed. Patch Tuesday addresses 59 "Critical" vulnerabilities, 48 of which are remote code execution, 9 are elevation of privilege, 1 is a security bypass, and 1 is a spoofing."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/
        https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2026/
        https://thehackernews.com/2026/07/microsoft-patches-record-622-flaws.html
        https://www.darkreading.com/vulnerabilities-threats/records-broken-patch-tuesday-raises-triage-stakes
        https://cyberscoop.com/microsoft-patch-tuesday-july-2026/
        https://www.securityweek.com/microsoft-patches-record-622-vulnerabilities-including-two-exploited-zero-days/
        https://securityaffairs.com/195347/security/patch-tuesday-security-updates-for-july-2026-the-largest-update-ever-621-cves-in-one-month.html
      • Adobe Patches Critical ColdFusion Vulnerabilities
        "Adobe on Tuesday rolled out security updates for 12 products to address 88 vulnerabilities, including critical-severity bugs in ColdFusion, Commerce, Experience Manager, and Illustrator. Out of 13 security defects resolved in ColdFusion, eight – CVE-2026-48318, CVE-2026-48322, CVE-2026-48284, CVE-2026-48321, CVE-2026-48325, CVE-2026-48319, CVE-2026-48324, and CVE-2026-48327 – are critical issues that could lead to arbitrary code execution and privilege escalation."
        https://www.securityweek.com/adobe-patches-critical-coldfusion-vulnerabilities/
      • CISA Adds Four Known Exploited Vulnerabilities To Catalog
        "CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-15409 SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
        CVE-2026-15410 SonicWall SMA1000 Appliances Code Injection Vulnerability
        CVE-2026-56155 Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
        CVE-2026-56164 Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-adds-four-known-exploited-vulnerabilities-catalog
      • Progress Confirms ShareFile Zero-Day Flaw Behind Storage Zone Shutdown
        "Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw. Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a "credible external security threat." At the time, the company temporarily disabled access to all ShareFile accounts using Storage Zone Controllers while it investigated the incident with cybersecurity experts."
        https://www.bleepingcomputer.com/news/security/progress-confirms-sharefile-zero-day-flaw-behind-storage-zone-shutdown/
      • Cursor 0day: When Full Disclosure Becomes The Only Protection Left
        "Sometimes security research uncovers deeply technical vulnerabilities that require pages of explanation. This isn't one of those cases. This bug is simple. A developer opens a repository in Cursor on Windows, and if that repository contains a malicious git.exe in the project root, Cursor will execute it automatically. There are no clicks, prompts, approval dialogs, or warnings. The result is arbitrary code execution."
        https://mindgard.ai/blog/cursor-0day-when-full-disclosure-becomes-the-only-protection-left
        https://www.darkreading.com/application-security/cursor-ide-malicious-code-poisoned-repos
      • Tego AI Finds Anthropic’s Claude Tag Slack Integration Can Trigger Unauthorized Enterprise Actions
        "Drop a line of text into the right Slack channel and Claude will act on it. It doesn't matter who you are — in the workspace or not, in the channel or not, a human or not. A bot, a webhook, an RSS feed, a scraped web page: if the text contains @Claude, the agent wakes up and starts following instructions, under your organization's own credentials."
        https://www.tego.ai/blog/tego-ai-finds-anthropics-claude-tag-slack-integration-can-trigger-unauthorized-enterprise-actions
      • Forgotten UEFI Shims Undermining Secure Boot
        "ESET researchers identified 11 old and forgotten UEFI shim bootloaders at versions 0.9 and below that can be used to bypass UEFI Secure Boot on any UEFI-based machine that trusts Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate authority (CA) certificate, regardless of the installed operating system (OS). Reported shims can be exploited to execute untrusted code during system boot, enabling attackers to deploy malicious UEFI bootkits (such as Bootkitty, HybridPetya, or BlackLotus) even on systems with UEFI Secure Boot enabled. We reported our findings to CERT/CC in February 2026, and the vulnerable UEFI applications were revoked on Microsoft’s June 9th, 2026 Patch Tuesday."
        https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/
        https://thehackernews.com/2026/07/11-old-microsoft-signed-linux-uefi.html
        https://www.helpnetsecurity.com/2026/07/14/eset-uefi-secure-boot-bypass/
      • ClaudeBleed Reopened: Browser Extensions Can Still Push Claude For Chrome To Read Your Gmail
        "We identified two vulnerabilities in Anthropic's Claude for Chrome browser extension that remain unpatched in v1.0.80, eight releases after we reported them to Anthropic in May. The first is a working attack delivered via any browser extension. Any browser extension with a content script on claude.ai can trigger Claude to execute one of nine prompts that read the victim's Gmail, Google Docs, and Calendar, by injecting a DOM element and dispatching a synthetic click. CVSS 7.7 High in default mode (coerced approval), 9.6 Critical when the user has previously enabled "Act without asking" (silent execution)."
        https://www.manifold.security/blog/claude-for-chrome-extension-bypass
        https://thehackernews.com/2026/07/claude-for-chrome-flaw-lets-other.html
        https://www.securityweek.com/unpatched-claude-for-chrome-flaw-lets-extensions-read-gmail-calendar/
      • Study Of 85 Crypto Wallet Extensions Finds Address Leaks And Cross-Site Tracking Risks
        "Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or email, the same leaks can put a real name to an "anonymous" crypto identity. This is not a hack. The wallets behave exactly as they were built to. The 85 extensions together have about 35 million users listed on the Chrome Web Store."
        https://thehackernews.com/2026/07/study-of-85-crypto-wallet-extensions.html
        https://arxiv.org/abs/2607.06141

      Malware

      • Malicious GitHub Campaign: Fake “Arctic Wolf” And 290+ Brand-Impersonation Repositories Deliver BoryptGrab-Lineage Infostealer
        "Since 26 June 2026, an unattributed threat actor has published at least 292 deceptive brand-impersonation GitHub pages and .github repositories that mimic legitimate software and trusted security tooling vendors, including a fake Arctic Wolf GitHub page. Each repository hosts a marketing-styled README document, with a concealed download link that routes victims to a malicious “secure download” page. The payload is a pure smash-and-grab in-memory infostealer, with a 41-entry cryptocurrency wallet path table and 19+ targeted browser names for broad, financially driven credential collection. Stolen data is packaged into a ZIP archive and exfiltrated to a C2 with an IP residing in Russia, on a hosting provider repeatedly associated with malware operations."
        https://arcticwolf.com/resources/blog/fake-github-repositories-deliver-boryptgrab-lineage-infostealer/
        https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/
      • LastPass, Bitwarden Users Targeted With Fake Security Alerts
        "LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review. LastPass emphasizes that its systems have not been compromised and that the phishing emails did not originate from its infrastructure, despite the attackers using domains designed to appear as legitimate company services."
        https://www.bleepingcomputer.com/news/security/lastpass-bitwarden-users-targeted-with-fake-security-alerts/
      • The Jalisco Toolkit And AI-Powered Phishing Surge
        "ReliaQuest recently identified two phishing toolkits, “Jalisco” and “OmegaLord”—named in their own command-and-control (C2) panels—while investigating phishing campaigns targeting Microsoft 365 environments. Their discovery reflects a broader shift: An expanding ecosystem of purpose-built tools and AI-powered phishing-as-a-service (PhaaS) kits is lowering the barrier to sophisticated phishing campaigns that bypass MFA, putting techniques that once required significant skill within reach of threat actors of any level."
        https://reliaquest.com/blog/threat-spotlight-jalisco-toolkit-and-ai-powered-phishing-surge
        https://www.bleepingcomputer.com/news/security/new-phishing-kits-target-microsoft-365-accounts-evade-mfa/
        https://www.bankinfosecurity.com/phishing-toolkits-harvest-entra-tokens-in-real-time-a-32220
      • Report: Accelerating ClickFix Attacks Evade Antivirus And EDR Defenses
        "ReversingLabs (RL), the trusted name in file and software security, today published new threat intelligence research on ClickFix, a fast-growing social engineering technique that tricks users into infecting their own computers. The research is detailed in a new report, “Copy, Paste, Compromise: The Tale of ClickFix” by RL researcher Toni Dujmović and the RL threat intelligence team."
        https://www.reversinglabs.com/press-releases/clickfix-attacks-evade-antivirus-and-edr
        https://www.darkreading.com/cyberattacks-data-breaches/clickfixs-ecosystem-demands-new-defense
      • The Scam Will Go On: Beware Of Fake Offers For Celine Dion Concert Tickets
        "The return of a global icon like Celine Dion to the stage is more than just another concert, for fans, it is a once in a lifetime historic return. But where there is massive demand and widespread excitement, fraudsters see a golden opportunity. In this research, Group-IB discovered a sophisticated multi-layered scam scheme targeting fans eager to secure their tickets for Celine Dion’s upcoming French tour. Group-IB analysts tracked a coordinated effort that blends high-pressure social engineering with technical digital manipulation. From scammers directly embedding themselves into online fanbase communities, to a network of professional fraudulent websites, built on the looks of official ticketing platforms, the “game” is played to perfection."
        https://www.group-ib.com/blog/fake-concert-ticket-scam-celine-dion/
      • Upwind Finds Coordinated Supply Chain Campaign Compromising Multiple AsyncAPI Npm Packages
        "Software supply chains have become an increasingly attractive target for attackers because a single compromise can ripple across countless development environments. Instead of breaking into individual organizations, threat actors are increasingly seeking access to the trusted infrastructure used to distribute software, allowing malicious code to spread through legitimate channels. New research from Upwind offers another example of that shift. The cloud security company disclosed findings from an investigation into a coordinated attack that affected multiple official AsyncAPI npm packages, revealing compromises across repositories and publishing pipelines rather than a single isolated package."
        https://hackread.com/upwind-supply-chain-compromise-asyncapi-npm-packages/
      • Warning: Scammers Are Using FaceTime To Empty Bank Accounts
        "Apple is urging users to treat any suspicious FaceTime call or message as untrusted, especially if it involves payments, refunds, password resets, or requests for personal information. This warning appears in a broader Apple support article about scams that target iPhone and iPad users through social engineering. Apple says attackers may contact people by phone calls, FaceTime, text messages, or emails while pretending to represent a trusted organization."
        https://www.malwarebytes.com/blog/news/2026/07/warning-scammers-are-using-facetime-to-empty-bank-accounts
      • LabubaRAT: A Rust Based Remote Access Tool Masquerading As NVIDIA Software
        "Blackpoint’s Adversary Pursuit Group (APG) discovered a previously undocumented malware sample that we are tracking as LabubaRAT, a Rust based remote access tool masquerading as NVIDIA software. The executable, nvidia-sysruntime.exe, used NVIDIA themed metadata and runtime naming, but its internal behavior showed a configurable implant built to register infected systems, receive operator tasking, execute commands, transfer files, capture screenshots, and proxy traffic."
        https://blackpointcyber.com/blog/labubarat-a-rust-based-remote-access-tool-masquerading-as-nvidia-software/
        https://thehackernews.com/2026/07/labubarat-masquerades-as-nvidia.html
      • Lucide Proxy: Turning Student Web Proxies Into DDoS Bots
        "We deobfuscated a massive campaign of 148 npm packages, including ilovefemboys, miguelphonk, and charlie-kirk. Disguised as student web proxies under names like Riverbend Tutoring, these packages hid mutable remote code execution vectors and a high-performance Wisp-compatible WebSocket traffic generator. They were designed to silently enlist visiting browsers into distributed denial-of-service botnets while generating aggressive popunder advertising revenue."
        https://research.jfrog.com/post/lucide-proxy-npm-malware-campaign/
        https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html
      • Defending SaaS-Based Applications Against ShinyHunters OAuth Abuse
        "In a series of campaigns observed between mid-2025 and mid-2026, Microsoft identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing) and supply chain compromise, to target customer SaaS-based applications such as Salesforce instances. The threat actors abused trusted OAuth relationships for unauthorized access, data exfiltration, and persistence. Two primary intrusion paths were observed including vishing techniques targeting OAuth consent and supply chain compromise through trusted workflows and integrations such as Salesloft and Gainsight. Abuse of these access paths led to inherited user and application privileges, allowing successful enumeration and querying of customer relationship management (CRM) records while evading conventional authentication detections."
        https://www.microsoft.com/en-us/security/blog/2026/07/13/defending-saas-based-applications-against-shinyhunters-oauth-abuse/
        https://thehackernews.com/2026/07/microsoft-maps-year-long-shinyhunters.html
      • Not Every Fox Is Silver: Inside An AtlasRAT Loader Chain
        "Public analyses of AtlasRAT are limited, and this report documents a four-stage loader chain and RAT capabilities not previously described in existing public reports. The chain operates entirely through memory execution throughout all stages, minimizing disk activity."
        https://asec.ahnlab.com/en/94479/

      Breaches/Hacks/Leaks

      • Synopsys Finds No Evidence Of Data Breach Amid Bosch Hack Claims
        "Silicon-to-systems design firm Synopsys says it has found no evidence of a data breach after a cybercrime group claimed to have hacked its systems and gained access to valuable data belonging to one of its major customers, Bosch. A new ransomware group named D1R in recent days listed Synopsys and Bosch on its Tor-based leak website. The cybercriminals claimed to have exploited a vulnerability in Synopsys’ website to access a corporate client database containing 40,000 entries, and they are threatening to leak the stolen data unless a ransom is paid."
        https://www.securityweek.com/synopsys-finds-no-evidence-of-data-breach-following-bosch-hack-claims/

      General News

      • June 2026 Threat Trend Report On APT Groups
        "The June 2026 Threat Trend Report on APT Groups summarizes the trend of state-sponsored threat groups actively incorporating generative AI, cloud services, OAuth tokens, and commercial MaaS (Malware-as-a-Service) platforms into their attack operations. A key finding is that the scope of attacks has expanded beyond traditional Malware infections to include account and token theft, exploitation of legitimate services, and compromises of supply chains and cloud environments."
        https://asec.ahnlab.com/en/94441/
      • Spanish Police Take Down €140 Million Cyber Fraud Ring, Arrest Four
        "The Spanish Police dismantled a cybercrime and money-laundering organization that made €140 million ($160 million) from investment fraud and business email compromise (BEC) attacks. As part of the law enforcement operation, four people were arrested in Spain, Portugal, and Panama. The police describe the operation as an industrial-level scheme as it involved at least 800 bank accounts, 120 business accounts, and 67 external accomplices who acted as “money mules.”"
        https://www.bleepingcomputer.com/news/security/spanish-police-take-down-140-million-cyber-fraud-ring-arrest-four/
      • 6 GHz Wi-Fi Flaws Could Disrupt Critical Systems
        "The technology keeping 6 GHz Wi-Fi from interfering with critical infrastructure has a number of security issues — and researchers are starting to sound the alarm. Researchers from Pennsylvania State University and Idaho National Laboratory will discuss their findings in a session called "Blind Trust in the 6 GHz Band: Weaponizing Wi-Fi Automated Frequency Coordination (AFC)" at Black Hat USA 2026. Two pieces of technology are at the center of this research: the cutting edge 6 GHz Wi-Fi spectrum and AFC, which regulates the 6 GHz band and keeps its powerful signal from interfering with radio towers, cellular backhaul, and spectrum-adjacent public safety networks."
        https://www.darkreading.com/perimeter/6-ghz-wi-fi-flaws-disrupt-critical-systems
      • Manage Vendor Risk In a Few Practical Steps
        "Third-party information risk reaches beyond cybersecurity. A third-party failure can create operational disruption, privacy impact, regulatory exposure, contractual loss, business interruption, reputational harm, customer impact, uninsured financial loss, and continuity failure. The issue for boards and senior management is exposure: what risk the enterprise carries because information, systems, processes, and dependencies sit outside their control."
        https://www.darkreading.com/cyber-risk/manage-vendor-risk-in-a-few-practical-steps
      • Frontier AI: The Genie's Out Of The Bottle, But Where's The Rulebook?
        "As frontier artificial intelligence (AI) models grow more powerful and unpredictable, three states are racing to rein them in with new disclosure laws. Illinois Gov. JB Pritzker recently signed Senate Bill 315 (SB315), the Artificial Intelligence Safety Measures Act, in an effort to boost reporting requirements for frontier AI models that generate more than $500 million in annual revenue. New York and California also recently enacted similar disclosure laws."
        https://www.darkreading.com/cybersecurity-operations/frontier-ai-genie-out-of-bottle-where-rulebook
      • Context Bombs: Stopping AI Attackers In Their Tracks.
        "AI agents can now run complex cyberattacks on their own: given a foothold, the strongest models can escalate privileges and exfiltrate data within minutes. Canaries - decoy resources we plant to catch intruders - reliably spot these agents in the act, but spotting an attack isn't the same as stopping it. So we tried something more ambitious: a context bomb - a short string, hidden in a canary, that trips an AI agent's safety guardrails and stops it in its tracks."
        https://agentic.tracebit.com/context-bombs/
        https://www.helpnetsecurity.com/2026/07/14/context-bombs-for-defensive-prompt-injection/
      • The Best Defense Against AI Attacks Turns Out To Be a Skeptical Human
        "Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% of practitioners in 2026, up from half the field a year earlier. The 2026 SANS AI Survey, drawn from 536 IT and security professionals, describes what that commitment costs to keep. Reliability trailed adoption over the year. Sixty-three percent of practitioners report significant shortcomings when AI detects or responds to threats, well above the share who said so a year earlier. The failures cluster around false positives, trouble spotting new threats, and confident output that turns out wrong. Teams running AI in production describe this as the routine experience."
        https://www.helpnetsecurity.com/2026/07/14/ai-attacks-skeptical-human/
      • Fake Smart Home Residents Could Stand In For Real Ones In Security Research
        "Smart home security research runs on a scarce ingredient: recordings of how real people use the gadgets in their homes. Getting that data means wiring up someone’s house and watching for months, which is slow, costly, and about as invasive as it sounds. So the datasets stay small and cover a thin slice of how people live. A group from Leipzig University and ipoque, a Rohde & Schwarz company, has a workaround that sounds a little strange at first. Let a language model play the resident. Hand it a persona and a house, let it decide how that person moves through a morning, and have it produce the device commands that follow. Simulate the person, and the lights and locks come along for the ride."
        https://www.helpnetsecurity.com/2026/07/14/iot-smart-home-security-research/
        https://arxiv.org/pdf/2607.08231
      • A Guide To The Convergence Of Electronic Warfare And Cyber Operations
        "Cyberspace is recognized as a critical warfighting domain. Operations in the electromagnetic (EM) spectrum have also long been an important piece of the arsenal. Recent advances in software-defined radio (SDR), radio frequency system on chip (RF SoC), and artificial intelligence (AI) have demonstrated that electronic warfare (EW) techniques can be even more potent and readily available. For example, manipulation of intelligently adaptive radio signals could disable adversaries’ sensors and communication systems. Beyond the boundaries of the battlefield, the Pentagon signaled the need for EM capability in 2020, with the DoD Electromagnetic Spectrum Superiority Strategy and Joint Publication 3-85: Joint Electromagnetic Spectrum Operations."
        https://www.sei.cmu.edu/blog/a-guide-to-the-convergence-of-electronic-warfare-and-cyber-operations/
      • NATO Logistics, Ukrainian Troops Are Top Subjects Of Russian Camera Hacks, Advisory Says
        "Russian state-backed hackers are systematically compromising internet-connected security cameras across Europe and Ukraine to gather intelligence on NATO military logistics and identify Ukrainian troops for battlefield targeting, Dutch intelligence agencies warned. In a public advisory, the Netherlands' General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD) said at least one Russian intelligence service has been carrying out cyber-espionage operations against internet-accessible cameras in the Netherlands, other NATO and EU member states and Ukraine."
        https://therecord.media/russian-intelligence-compromising-cameras-nato-ukraine-netherlands
      • Five Charged In NCA Investigation Into Fraud Platform Responsible For Millions Of Scam Calls
        "Five people have been charged as part of a National Crime Agency investigation into Russian Coms, a group which made products used by criminals to defraud victims all over the world. The platform, established in 2020, started as a handset and then moved to a web-based application, with both products being marketed and sold. They allowed criminals to hide their identity by appearing to call from pre-selected numbers. These would often be of financial institutions, telecommunications companies and law enforcement agencies with the aim of stealing funds and personal details from victims."
        https://www.nationalcrimeagency.gov.uk/news/five-charged-in-nca-investigation-into-fraud-platform-responsible-for-millions-of-scam-calls
        https://www.infosecurity-magazine.com/news/five-charged-in-russian-coms-fraud/
        https://www.helpnetsecurity.com/2026/07/14/russian-coms-nca-charges-scam-calls/
      • New Tutorials On Underground Hacking Forums Have Roughly Doubled
        "Underground hacking forums are producing more original tutorials again, with growing attention on financial fraud, particularly the theft and fraudulent use of payment card data, known as carding, and cash-out techniques. Radware analyzed 8,870 tutorial posts published across 24 deep- and dark-web forums between December 2022 and April 2026. After removing reposts, the dataset contained 3,034 unique hacking and fraud guides."
        https://www.helpnetsecurity.com/2026/07/14/underground-hacking-forums-tutorials-research/

      อ้างอิง

      Electronic Transactions Development Agency (ETDA) 8ec5fc99-cdd8-42e2-a6bf-fe526302b02e-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • พบการโจมตี Supply Chain แฝงมัลแวร์ขโมยข้อมูลในแพ็กเกจ npm ของ Jscrambler

      พบการโจมตี Supply Chain แฝงมัลแวร์ขโมยข้อมูลในแพ็.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 73c62533-75ad-42a7-b123-adddc6bb3367-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Lidl เผยเหตุข้อมูลลูกค้า Online Shop รั่วไหล หลังถูกโจมตี

      Lidl เผยเหตุข้อมูลลูกค้า Online Shop รั่วไหล หลังถูก.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 5c43e9f2-5426-4633-ae72-da471907cd32-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Google และ Microsoft ถอดส่วนขยาย ModHeader ออกจากระบบ หลังพบโค้ดแฝงดักเก็บข้อมูลประวัติการท่องเว็บ

      Google และ Microsoft ถอดส่วนขยาย ModHeader ออกจากระบบ หลังพ.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand a4dcca12-7980-4f63-8daf-42d650a6256b-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • RedHook มัลแวร์ Android ใช้ Wireless ADB เพื่อควบคุมอุปกรณ์ที่ติดมัลแวร์

      RedHook มัลแวร์ Android ใช้ Wireless ADB เพื่อควบคุมอุปกรณ์ท.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 21c82368-6855-46a6-88d2-25ca72594cf8-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ตำรวจเนเธอร์แลนด์พบเบาะแสเกี่ยวข้องเหตุแฮก Odido กระทบลูกค้ากว่า 6 ล้านราย

      ตำรวจเนเธอร์แลนด์พบเบาะแสเกี่ยวข้องเหตุ.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 6715a6e7-b810-4a58-ad67-e728729a8778-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • เตือนภัยแคมเปญโจมตีระบบจัดการเนื้อหาเว็บไซต์ (CMS) ทั่วโลก มุ่งเป้าฝัง Webshell เพื่อยึดระบบ

      เตือนภัยแคมเปญโจมตีระบบจัดการเนื้อหาเว็.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand a64cb882-b902-4472-963c-650d1bf4bec9-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ETDA Cyber Threat Intelligence 14 July 2026

      Vulnerabilities

      • Full Broker Takeover, No Login Required: Miggo Discovers Critical RabbitMQ Vulnerabilities Putting Application Data At Risk
        "Miggo's security team discovered two critical access-control flaws in RabbitMQ: one that leaks the broker's confidential OAuth secret to an unauthenticated attacker in a single request, a direct path to full broker takeover in the configurations that use that secret, and one that lets any logged-in user silently read other tenants' data. Both are now patched."
        https://www.miggo.io/post/full-broker-takeover-no-login-required-miggo-discovers-critical-rabbitmq-vulnerabilities-putting-application-data-at-risk
        https://www.securityweek.com/rabbitmq-vulnerability-threatens-enterprise-systems/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2008-4128 Cisco IOS Cross-Site Request Forgery Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/07/13/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/195262/security/u-s-cisa-adds-a-cisco-ios-flaw-to-its-known-exploited-vulnerabilities-catalog.html
      • New MemGhost Attack Plants Persistent False Memories In AI Agents Through One Email
        "Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an ordinary-looking reply and never learns their assistant was tampered with. The researchers named the attack stealth memory injection and built a tool that writes the emails automatically. The paper, "When Claws Remember but Do Not Tell," landed on arXiv on 6 July 2026."
        https://thehackernews.com/2026/07/new-memghost-attack-plants-persistent.html
        https://arxiv.org/abs/2607.05189v1

      Malware
      Beware Of Phishing Emails Disguised As Money Transfer Confirmations
      "Recently, the AhnLab SEcurity intelligence Center (ASEC) identified a case of phishing emails that disguise themselves as payment confirmation notices. These emails impersonate employees of a specific company in Korea and trick recipients into opening a malicious XLS file attached to the email, which is disguised as a payment confirmation notice."
      https://asec.ahnlab.com/en/94432/

      • Beware Of Phishing Emails Disguised As Project Proposals
        "The AhnLab SEcurity intelligence Center (ASEC) recently confirmed that phishing emails disguised as project proposals are being circulated. The body of the email pretends to request that the proposal and confirmed delivery schedule be submitted as soon as possible, and prompts the recipient to download the attached compressed file."
        https://asec.ahnlab.com/en/94433/
      • One Misconfigured Server, Three Active Campaigns: Full Exposure Of Three AiTM Phishing Operators
        "On a late April 2026 afternoon, a routine internet scan flagged an open directory on 185.163.204.7: a server located in Budapest, running python3 -m http.server 8080 on a public interface with directory listing enabled. What was exposed was not a misconfigured web root, it was a complete operational snapshot of a live attack platform. Phishing configurations, credential harvesting logs, backup archives, RMM installers, combolists and the operator's own Telegram session files were all publicly accessible. The command that left it open was still sitting in the .bash_history file, readable through the same listing. Behind the open directory was an active threat actor running an Evilginx-based Adversary-in-the-Middle (AiTM) phishing platform and a SimpleHelp remote management console, all on the same host."
        https://blog.lexfo.fr/opendir-to-phishing-operator.html
        https://thehackernews.com/2026/07/misconfigured-server-reveals-three.html
        https://www.infosecurity-magazine.com/news/open-directory-exposes-evilginx/
      • CrashStealer: C++ MacOS Infostealer Posing As Crash Reporter
        "In early May, a suspicious macOS sample uploaded to VirusTotal surfaced through our sample-processing pipeline, and Jamf Threat Labs began tracking it. It impersonated Apple's crash reporting framework and, at that point, looked like an infostealer still in development. By early July we were seeing in-the-wild detections of the payload matching one of our in-house rules, indicating the project had matured from development into active use. We track this malware under the name CrashStealer."
        https://www.jamf.com/blog/crashstealer-macos-infostealer-analysis/
        https://www.bleepingcomputer.com/news/security/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/
        https://thehackernews.com/2026/07/crashstealer-macos-malware-uses.html
      • US And Allies Warn Of Russian Critical Infrastructure Attacks
        "Cybersecurity agencies from the United States and eight other countries have issued a joint warning that Russian state hackers are targeting vulnerable and poorly configured routers to infiltrate critical infrastructure networks. The joint advisory, co-authored by the NSA, FBI, and CISA, along with 15 other agencies from Australia, the United Kingdom, Canada, New Zealand, Estonia, Finland, France, and Italy, attributes the attacks to hackers from the Russian Federal Security Service (FSB) Center 16."
        https://www.bleepingcomputer.com/news/security/us-and-allies-share-defense-tips-against-russian-hackers-targeting-critical-infrastructure/
        https://www.ic3.gov/CSA/2026/260713.pdf
        https://www.darkreading.com/endpoint-security/weak-security-fuel-russian-cyberattacks
        https://cyberscoop.com/russian-fsb-cisco-joint-cybersecurity-advisory/
        https://www.infosecurity-magazine.com/news/russian-state-hackers-vulnerable/
      • Software Developers Are The Target. New Trojan Attacks Supply Chains And Inflicts Multifaceted Damage On Infected PCs
        "A new trojan engaging in supply chain attacks has recently come under the scrutiny of our antivirus laboratory. The malware primarily targets C++ and C# project files. This malicious sample is particularly dangerous as its payload incorporates multiple damaging features, allowing it to steal data, access clipboard content, operate as a backdoor, engage in rogue mining. and also infect other files. First discovered in the last quarter of 2025, the malware has been updated and upgraded by its makers ever since. It mainly spreads over the Internet via infected executable files and Python scripts. The infection process is quite complex, so let’s examine the entire sequence phase by phase."
        https://news.drweb.com/show/?i=15276&lng=en
        https://hackread.com/siggen-backdoor-windows-developers-visual-studio-projects/
      • OAuth Client ID Spoofing: Why Fake Client IDs Are Gaining Traction For Stealthy Enumeration
        "What if attackers could enumerate your entire organization's accounts without generating a single successful sign-in event? The Entra sign‑in logs are a primary telemetry source for identifying malicious authentication activity, including user enumeration, password spraying, and initial access attempts. To evade detection, attackers routinely distribute requests using rotating user agents (as seen in UNK_CustomCloak) and proxy services that cycle source IPs per request. Proofpoint researchers have identified multiple campaigns where attackers extend this evasive tradecraft by spoofing the OAuth client ID (application ID), a globally unique identifier (GUID) assigned to applications. The identifier is passed as client_id in authentication requests and recorded as the application ID in Entra sign-in logs."
        https://www.proofpoint.com/us/blog/threat-insight/oauth-client-id-spoofing-why-fake-client-ids-are-gaining-traction-stealthy
        https://www.infosecurity-magazine.com/news/novel-spoofing-technique-targets/
        https://www.helpnetsecurity.com/2026/07/13/entra-id-oauth-client-id-spoofing/
      • Fake Crypto Gift Card Sites Are Getting Harder To Spot
        "You want to turn some crypto into a gift card. You search, click a promising result, and land on a site that looks polished and legitimate: a dark theme, trust badges, and promises of instant delivery and no ID checks. You wouldn’t think to question it. But a professional-looking website isn’t proof that it’s legitimate."
        https://www.malwarebytes.com/blog/threat-intel/2026/07/fake-crypto-gift-card-sites-are-getting-harder-to-spot
      • Google And Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
        "Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain. The analysis came from Stripe OLT, a UK security firm, which checked the code against Google's own Web Store signature and confirmed the collector shipped inside the genuine extension, not a counterfeit."
        https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html

      Breaches/Hacks/Leaks

      • Centers Laboratory Data Breach Affects 540,000 Individuals
        "Healthcare diagnostics company Centers Laboratory (Centers Lab NJ LLC) has informed the US government that a data breach discovered nearly one year ago affects more than 540,000 individuals. According to a data breach notice posted on its website, the New Jersey-based provider of testing and laboratory services for healthcare organizations discovered an intrusion in its IT environment in August 2025. An investigation showed that threat actors had gained “limited access” to Centers Laboratory systems between August 9 and August 14, exfiltrating personal and protected health information, including names, dates of birth, SSNs, driver’s license or state identification numbers, passport numbers, and health insurance and medical information."
        https://www.securityweek.com/centers-laboratory-data-breach-affects-540000-individuals/
      • Japan's Largest Taxi Operator Shuts Systems After Cyberattack
        "Japan's largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company's taxi dispatch system, which remains offline as of today. Nihon Kotsu is Japan's largest taxi and chauffeur (hire) operator by group revenue, with annual revenue of roughly $1 billion (¥155 billion)."
        https://www.bleepingcomputer.com/news/security/japans-largest-taxi-operator-shuts-systems-after-cyberattack/
      • Lidl Discloses Online Shop Breach After Service Provider Hack
        "German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breach at a service provider. Lidl, owned by Schwarz Group, the largest food retailer in Europe, has over 376,000 employees and operates 12,000 stores across Europe and the United States. The discount giant notified affected customers of the incident over email last week and published separate notifications on its support websites in Belgium and the Netherlands."
        https://www.bleepingcomputer.com/news/security/lidl-discloses-online-shop-breach-after-service-provider-hack/
        https://securityaffairs.com/195270/data-breach/lidl-notified-online-shop-customers-in-germany-belgium-and-the-netherlands-of-a-data-breach.html
        https://www.helpnetsecurity.com/2026/07/13/lidl-data-breach-customer-data/
      • Russian Celebrity Journalist Ksenia Sobchak Says Hackers Accessed Telegram Channels Via Email Breach
        "Hackers briefly took control of several Telegram channels belonging to the controversial Russian journalist and media executive Ksenia Sobchak last week, publishing what they claimed were excerpts from her private correspondence. The posts appeared on Sobchak's Telegram channels, Sobchak and Bloody Lady, last week. Her news channel, Caution, News, later said the posts were published by hackers who had compromised the channels."
        https://therecord.media/ksenia-sobchak-russian-hackers-leak

      General News

      • 99.9% Of Fixable AI Vulnerabilities Remain Unpatched
        "Organizations build, deploy, and operate AI in the cloud, but basic cybersecurity hygiene is often sacrificed for speed, according to Orca Security’s 2026 State of AI Security Report. Fifty-six percent of AI adopters have deployed agent frameworks into production, and 51.5% use AI to build custom applications. Orca also found that 81.2% of companies running AI packages have at least one known vulnerability, and 99.9% of AI vulnerability alerts with an available fix remain unpatched. These findings show how quickly AI has become operational infrastructure without a corresponding increase in security maturity."
        https://www.helpnetsecurity.com/2026/07/13/ai-infrastructure-security-risks-report/
      • Enterprises Are Rethinking Where Their AI Applications Run
        "Growing demand for compute capacity, power, cooling and low-latency connectivity is prompting organizations to reassess where AI applications run, according to CoreSite. Public cloud continues to support experimentation and rapid deployment, while colocation is increasingly used for workloads that require predictable performance, dedicated infrastructure or close proximity to cloud services and enterprise data."
        https://www.helpnetsecurity.com/2026/07/13/colocation-for-ai-workloads-report/
      • Why SBOMs, Signing, And Provenance Still Don’t Tell You If Software Is Safe
        "We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises to invest in SBOMs, signing and provenance. All of that matters, but it is not enough. The current software trust model still stops short of the question that determines risk at execution: What is this code capable of doing if it runs?"
        https://www.helpnetsecurity.com/2026/07/13/sbom-zero-trust-for-code/
      • Cyber / Russia: Statement By The High Representative On Behalf Of The European Union Denouncing Russia’s Malicious Cyber Ecosystem Targeting The EU, Its Member States And International Partners
        "The EU and its member states denounce Russia’s malicious cyber activities and leveraging of a cyber ecosystem encompassing state and non-state actors, ranging from intelligence services to cybercriminals groups, hacktivists and private companies. Today, we expose the 16th Centre of Russia’s Federal Security Service (FSB) as controlling a variety of cyber threat groups including TURLA. For years, the FSB has conducted a wide range of malicious cyber activities with growing severity affecting the EU, its member states, as well as international partners, notably Ukraine. These activities have included infiltration of governmental networks and sabotage of critical infrastructure."
        https://www.consilium.europa.eu/en/press/press-releases/2026/07/13/cyber-russia-statement-by-the-high-representative-on-behalf-of-the-european-union-denouncing-russia-s-malicious-cyber-ecosystem-targeting-the-eu-its-member-states-and-international-partners/
        https://www.bleepingcomputer.com/news/security/eu-and-uk-hit-russia-with-first-joint-cyber-sanctions-package/
        https://therecord.media/russia-blamed-for-poland-grid-cyberattack-in-joint-uk-eu-sanctions-package
        https://www.bankinfosecurity.com/eu-uk-sanction-russian-nation-state-hackers-a-32213
        https://cyberscoop.com/eu-uk-russian-cyberespionage-sanctions/
        https://www.securityweek.com/eu-targets-russian-intelligence-officers-accused-of-running-a-yearslong-cyber-spying-campaign/
        https://securityaffairs.com/195242/intelligence/eu-targets-fsb-linked-hackers-in-new-sanctions-over-cyber-sabotage.html
        https://www.helpnetsecurity.com/2026/07/13/eu-uk-russia-cyber-activity-sanctions/
      • AI-Generated Code Has Made Security Debt a Governance Problem
        "AI-generated code is part of everyday software development. Developers use it to prototype, refactor, troubleshoot, and move from idea to implementation with less friction than ever before. The productivity gains are undeniable, which means that security leaders now face a hard question: whether their organizations can govern the risk that AI creates at that same speed. That challenge is rooted in scale. AI changes how quickly software can be created, while many application security programs still depend on controls designed for a slower development model."
        https://cyberscoop.com/governing-ai-code-security-risks-op-ed/
      • 'Yellow Teams' Are Defining The Future Of AI Security
        "A small number of engineering teams are developing the defenses that organizations will need against future advanced AI attacks. They're also building the frameworks attackers will utilize to carry out those attacks. In April, Anthropic invited more than 50 organizations to participate in its Project Glasswing initiative to preview Claude Mythos, which the company claimed at the time was the most advanced cybersecurity AI. OpenAI followed suit shortly after, inviting organizations to play with its own GPT 5.5 under the Daybreak program."
        https://www.darkreading.com/cybersecurity-operations/yellow-teams-defining-future-ai-security
      • Hacker Conversations: Jesse McGraw (GhostExodus), From Blackhat Hacker To Redemption
        "Jesse McGraw isn’t a hacker; at least, not by his own definition. He accepts he was a hacker, and a blackhat hacker, and that he still retains the mindset of a hacker. But he is no longer a hacker, he says. He realized he was a hacker while in high school. “My one and only friend was a hacker, and I had never seen anything like what he did.” Before then, McGraw had thought computers were just something used for word processing; a tool that could be used for its intended purpose. Then he saw this person programming in math class."
        https://www.securityweek.com/hacker-conversations-jesse-mcgraw-ghostexodus-from-blackhat-hacker-to-redemption/
      • Treasury Sanctions Malware And Infrastructure Providers Supporting Ransomware Attacks Against Americans
        "Today, the Office of Foreign Assets Control (OFAC) is designating two individuals and one entity enabling ransomware actors’ and other cybercriminals’ malign activities, notably ransomware attacks against Americans. These include First VPN Service (1VPNS), a virtual private network (VPN) provider selling services to ransomware groups, and its administrator, Dmytro Rashevskyi (Rashevskyi). OFAC is also designating Yegeniy Vladimirovich Silayev (Silayev), an individual who sells “cryptors,” which are tools used to disguise ransomware and other malware as safe programs to prevent security systems from detecting or deactivating them. Ransomware groups utilizing these individuals’ services have caused billions of dollars in losses to U.S. businesses and critical infrastructure providers."
        https://home.treasury.gov/news/press-releases/sb0559
        https://therecord.media/first-vpn-administrator-us-sanctions-ransomware-groups
      • AI Security Threats In 2026: Annual Insights From Check Point Research
        "For years, the cyber security industry tracked AI as a force multiplier: something that made existing attack techniques faster, cheaper, and more accessible. That framing was accurate. But the annual AI Security Report 2026 from Check Point Research documents a transition that goes further. AI has crossed from assistant to operator. Where it once helped attackers prepare, it now runs the operation. What follows is a structured review of the report’s key findings, grounded in original incidents and case studies from the past twelve months."
        https://blog.checkpoint.com/ai-security/ai-security-threats-in-2026-insights-from-check-point-research/

      อ้างอิง

      Electronic Transactions Development Agency (ETDA) 68cdc970-377f-4b0d-b739-a36d4d9818e2-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT