NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ
    1. หน้าแรก
    2. NCSA_THAICERT
    • รายละเอียด
    • ติดตาม 0
    • คนติดตาม 3
    • กระทู้ 2,359
    • กระทู้ 2,360
    • ดีที่สุด 0
    • Controversial 0
    • กลุ่ม 2

    NCSA_THAICERT

    @NCSA_THAICERT

    1
    ชื่อเสียง
    56
    ดูข้อมูลส่วนตัว
    2.4k
    กระทู้
    3
    คนติดตาม
    0
    ติดตาม
    เข้าร่วม ออนไลน์ล่าสุด
    เว็บไซต์ www.ncsa.or.th/?fbclid=IwAR0BqJEC-CJzBs98rlBxUbZkNBgp1g814xdDNNaKnHTrxfqZhPD--ksY68I

    NCSA_THAICERT เลิกติดตาม ติดตาม
    Global Moderator administrators

    Latest posts made by NCSA_THAICERT

    • CISA เพิ่ม 4 ช่องโหว่ที่ถูกใช้โจมตีจริงใน Adobe ColdFusion, Joomla และ Langflow เข้า KEV

      CISA เพิ่ม 4 ช่องโหว่ที่ถูกใช้โจมตีจริงใน Adobe ColdF.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 4a343551-82a6-4e37-adc1-5c89cd43d9c5-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • KDDI เผยเหตุข้อมูลรั่วไหล กระทบประชาชนกว่า 12 ล้านราย หลังแพลตฟอร์มอีเมลของ ISP ถูกโจมตี

      KDDI เผยเหตุข้อมูลรั่วไหล กระทบประชาชนกว่า 12 .png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand a4713865-2f2c-43e6-a792-919852612002-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • เตือนภัยกลุ่มแฮกเกอร์ UAT-7810 ใช้ยมัลแวร์ LONGLEASH พุ่งเป้าโจมตีเราเตอร์เพื่อสร้างเครือข่ายพรางตัว

      เตือนภัยกลุ่มแฮกเกอร์ UAT-7810 ใช้ยมัลแวร์ LONGLEASH .png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 02052452-58fc-47b1-abaf-f7731bb5acb1-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Cyber Threat Intelligence 09 July 2026

      Vulnerabilities

      • Foxit PDF Reader Flaws Enable Arbitrary Code Execution
        "Foxit shipped Foxit PDF Reader 2026.1.2 and PDF Editor 2026.1.2 for Windows. The release fixes 28 security flaws. Twenty of them can lead to arbitrary code execution when someone opens a crafted PDF. So far, no vendor or researcher has confirmed active exploitation or a public proof-of-concept."
        https://securityonline.info/foxit-pdf-reader-code-execution/
      • IonStack Part II: GhostLock, a Stack-UAF That Has Existed In ALL Linux Distributions For 15 Years
        "GhostLock (CVE-2026-43499) is a Linux kernel vulnerability found by VEGA that exists in every major distribution since 2011. Triggering the bug does not require any special kernel config or privilege. By turning it into a 97% stable privilege escalation and container escape, Google has rewarded us $92,337 in kernelCTF. This writeup covers the technical details of the exploit."
        https://nebusec.ai/research/ionstack-part-2/
        https://thehackernews.com/2026/07/15-year-old-ghostlock-flaw-enables-root.html
      • GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
        "New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a second commit with the same files, author, and date, and a valid signature, GitHub still stamps "Verified." Everything a reviewer would check matches. The commit's hash does not. That matters because so many systems treat a verified commit hash as a permanent, unique name for its contents."
        https://thehackernews.com/2026/07/github-verified-commits-can-be.html
        https://arxiv.org/abs/2607.02820

      Malware

      • CAI Cloud Worm Gives Competitors' Malware The Boot, Then Steals Secrets And Mines For Coin
        "There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ credentials and mines for cryptocurrency while killing competitors’ processes, including similar secret-harvesting malware. It’s called Cloud AI Infrastructure Attack Framework (CAI), and it’s a centralized botnet that targets cloud-native developer tools like Docker, Kubernetes, Redis, etcd, Kubelet, and Ray for credential theft and cryptomining. The scripts “are heavily inspired” by the likes of other similar credential-stealing worms that have wreaked havoc across cloud environments and supply chains this year, “using code comments like ‘PCPJack-aligned,’” according to security researcher Michael R."
        https://www.theregister.com/cyber-crime/2026/07/07/cai-cloud-worm-gives-competitors-malware-the-boot-then-steals-secrets-and-mines-for-coin/5267856
      • What If You Received An Email About Transferring Your Kakao Account? Check This First.
        "Recently, a phishing email disguised as an official Kakao account transfer notification has been identified. The email attempts to instill anxiety by claiming that the user’s Kakao account is scheduled to be transferred, and prompts the user to click on the “Verify Account” link included in the body of the message. If a user enters their email address and password on the linked phishing page, the entered credentials may be transmitted to an external server controlled by the threat actor. In this article, we’ll examine the phishing tactics used in these Kakao account migration emails and the precautions users should take."
        https://asec.ahnlab.com/en/94388/
      • Files Locked Behind a White Padlock: A Warning From WhiteLock Ransomware
        "If files start getting locked one by one and even remote access tools stop working, your system may already be infected with ransomware. The recently identified WhiteLock ransomware encrypts key files on Windows systems and then generates a ransom note demanding payment. A key characteristic of this ransomware is that it communicates with external servers during the encryption process and terminates Services related to remote access tools—such as AnyDesk and TeamViewer—to prevent victims from responding remotely. In this article, we’ll examine the main operating mechanisms of WhiteLock ransomware and the security considerations to keep in mind when responding to a ransomware attack."
        https://asec.ahnlab.com/en/94390/
      • Coordinated Npm And PyPI Campaign Typosquats Popular Secure Payment Apps
        "Socket’s AI scanner detected a cluster of npm and PyPI malware published on July 7, 2026. The 17 packages, published nearly simultaneously, target SDK developers and users of the popular PaySafe, Skrill and Neteller payment applications. Ultimately, the packages perform credential and token theft, exfiltrating stolen data to AWS infrastructure."
        https://socket.dev/blog/npm-pypi-campaign-typosquats-popular-secure-payment-apps
        https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/
      • Vishing Actors Target Entra Passkey Enrollment
        "Since April 2026, a threat actor tracked as O-UNC-066 (also known as "Pink" by Palo Alto Networks Unit 42) has deployed a panel-controlled phishing kit targeting the passkey enrollment process for Microsoft 365 customers. Okta has observed the targeting of enterprise organizations across the food and beverage, technology, healthcare, automotive, construction, and aviation industries by this cluster of activity. The primary motivation of the threat actors is data extortion. The threat actor registers domains that incorporate the word passkey as part of a voice-enabled phishing (“vishing”) scheme. The threat actor then calls targeted users on the phone in an attempt to persuade them that they need to register a new passkey."
        https://www.okta.com/en-au/blog/threat-intelligence/vishing-actors-target-microsoft-entra-passkey-enrollment-/
        https://www.bleepingcomputer.com/news/security/entra-passkey-enrollment-vishing-targets-microsoft-365-users/
      • Inside An AI-Assisted Cloud Attack: Familiar Techniques At Unfamiliar Speed
        "This case study shows that AI-enabled attackers do not necessarily need novel malware or zero-days. The real shift is speed, scale, and orchestration: familiar cloud attack techniques were executed faster and across more surfaces than defenders could comfortably contain."
        https://www.sygnia.co/blog/inside-an-ai-assisted-cloud-attack/
        https://www.darkreading.com/cloud-security/lone-attacker-ai-breach-aws-cloud-environment
        https://www.infosecurity-magazine.com/news/threat-actor-agentic-ai-cloud/
      • Meta Phishers Abuse Business Account Manager Service
        "Huntress is tracking a threat actor who has figured out how to manipulate a legitimate service offering from Meta to send a spam lure email that passes validation. The phishing group conducting this operation began as late as November 2025 but have recently added new infrastructure and a new spin to the attack: starting in June, they modified their phishing lure to incorporate a chatbot, run through a fraudulent account on Facebook Messenger, and began sending credentials to a private Telegram channel."
        https://www.huntress.com/blog/meta-business-manager-phishing
        https://www.infosecurity-magazine.com/news/phishing-facebook-fake-verification/
      • Beware Of Agentic Botnets: Scalable Untargeted Promptware Attacks Via Universal And Transferable Adversarial HalluSquatting
        "We show that attackers can exploit predictable LLM hallucinations of resource identifiers to launch scalable, untargeted prompt injection attacks without requiring any direct channel to LLM applications. By preemptively registering hallucinated resources—a technique we call adversarial hallucination squatting (HalluSquatting)—we demonstrate remote tool execution and remote code execution at scale across a range of popular agentic LLM applications, which could be exploited to the establishment of a botnet."
        https://sites.google.com/view/agentic-botnets/home
        https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html
      • New Ghost Phishing Wave Is Breaking Traditional Email Security
        "A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft 365 access, sensitive data, and response time are already at stake."
        https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html
      • ClickFix To Cash-Out: Anatomy Of a Mexican Banking-Fraud Toolkit
        "A Mexican banking fraud operation we're tracking as REF6045 doesn't run on autopilot. A human operator is behind the wheel, monitoring infected machines and deciding what happens next. Victims are infected through fake CAPTCHA pages that trick them into running a single command, which installs SCMBANKER, a PowerShell toolkit with components dating back to at least October 2025. Once installed, the operator can see when a victim opens a banking session, lock the screen behind a fake bank warning, push the victims towards live phone interaction, redirect the browser, or replace account numbers copied to the clipboard. For a full takeover, they can also deploy a commercial remote-access tool."
        https://www.elastic.co/security-labs/mexican-banking-fraud-scmbanker-ref6045
        https://thehackernews.com/2026/07/scmbanker-malware-uses-clickfix-lures.html
      • Targeted Phishing Attacks On Manufacturing Companies
        "We have identified a new targeted phishing campaign in which cybercriminals attempted to attack manufacturing companies. The attack employed a multi-stage approach — before sending the phishing link directly, the attackers engaged in correspondence with the victim to lower their guard. The email texts were apparently generated using large language models. As of this post’s publication, the attack is still ongoing, so we recommend staying vigilant!"
        https://www.kaspersky.com/blog/manufacturing-phishing-2026/56097/

      Breaches/Hacks/Leaks

      • Moody Bible Institute Breach Leaves 2.3M Accounts Needing Salvation, Says Cyber Expert
        "Data on more than 2.3 million people associated with Moody Bible Institute (MBI) has been exposed online after the Christian college was targeted by ShinyHunters. The attack was first disclosed by MBI in June, and the extortion crew later leaked the stolen data. Have I Been Pwned has since added the cache to its breach notification database, putting a figure on the number of exposed accounts. MBI is one of many victims of ShinyHunters' pay-or-leak attacks in 2026, and while the organization has not explicitly commented on whether it negotiated with the criminals, the leak suggests that the group's extortion demands were not met."
        https://www.theregister.com/security/2026/07/06/moody-bible-institute-breach-leaves-23m-accounts-needing-salvation-says-cyber-expert/5266827
      • Mount Royal University Confirms Breach As Hackers Claim Attack
        "Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university's network. In an update published on its website, MRU states that it has engaged technical teams and external cybersecurity experts to investigate the incident and to support recovery efforts following a cyberattack on June 17. The incident disrupted a broad range of university systems, including online services, internet access, and certain internal systems."
        https://www.bleepingcomputer.com/news/security/mount-royal-university-confirms-breach-as-hackers-claim-attack/
      • Telco Giant KDDI Says Data Breach Affects Over 12 Million People
        "Japanese telecommunications giant KDDI revealed that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country. KDDI is the second-largest mobile telecommunications provider in Japan, with 45,000 employees and annual revenue of $32.4 billion. The company disclosed last month that it blocked the attackers' access and implemented defensive measures after discovering the incident on June 17, and revealed that the breach impacted the STNet, JCOM, Chubu Telecommunications C, NIFTY Corporation, and BIGLOBE ISP operators.

      https://www.bleepingcomputer.com/news/security/japanese-telecom-giant-kddi-says-data-breach-affects-12-million-people/

      General News

      • Orbia CISO Miranda Ritchie On Building Security Into Sustainable Infrastructure
        "In this interview with Help Net Security, Miranda Ritchie, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment and the environment, and how spread-out sites and aging control hardware widen the risk. Ritchie describes tying security to safety culture, embedding cyber teams early in new projects, and treating nothing as trusted just because it sits on the network. Her view: speed and security can support each other."
        https://www.helpnetsecurity.com/2026/07/08/miranda-ritchie-orbia-industrial-cybersecurity/
      • When AI Agents Look Like Attackers: What Behavioral Telemetry Tells Us
        "AI coding agents (Claude Code, Cursor, Codex, and others built on skill packs such as GStack) are showing up in customer environments. They write code, install dependencies, automate browser tasks, and troubleshoot failures by trying alternative approaches. From the perspective of an endpoint behavioral engine, some of that activity is indistinguishable from typical activity seen on customer networks – or, in some cases, from actions that might be undertaken by an active adversary."
        https://www.sophos.com/en-us/blog/2607_agents_vs_telemetry
        https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html
      • GitHub Copilot Refuses Harmful Requests In Chat, Then Writes Them In Code
        "An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple. The models they tested through Copilot, Claude from Anthropic, and Gemini from Google, refused almost every harmful request when asked directly. Reframed as steps in a normal coding task, they produced the harmful answers in all 816 of the study's workflow runs."
        https://thehackernews.com/2026/07/github-copilot-refuses-harmful-requests.html
        https://arxiv.org/abs/2607.03968
        https://www.theregister.com/security/2026/07/08/github-copilot-sorry-dave-i-cant-do-that-harmful-thing-unless-you-ask-me-in-code/5268654
      • GhostApproval: A Trust Boundary Gap In AI Coding Assistants
        "The value of AI coding assistants is simple and straightforward: the agent proposes an action, then you approve. Before any file is modified, a confirmation dialog appears: the Human-in-the-Loop safety net that keeps you in control. But what if the controls you see aren’t the controls you’re actually operating? Symbolic links have been a security headache since the early days of Unix. From /tmp race conditions to privilege escalation exploits, symlinks have a long history of bypassing security boundaries by making one path silently resolve to another. It's a well-documented attack primitive - CWE-61 dates back decades. So what happens when you apply this classic trick to AI coding assistants?"
        https://www.wiz.io/blog/ghostapproval-a-trust-boundary-gap-in-ai-coding-assistants
        https://www.theregister.com/security/2026/07/08/bug-in-top-ai-coding-agents-shows-that-unix-era-security-headaches-never-really-die/5268025
      • ESET Threat Report H1 2026
        "The first half of 2026 shows how attackers continue to improve the efficiency and scalability of their operations. Rather than relying on entirely new methods and tools, they are quickly adapting established techniques to new platforms, technologies, and user behaviors. Artificial intelligence is playing a growing role in this development. In H1 2026, ESET analyzed nearly 900,000 AI skills – small functional components used by AI agents – and identified tens of thousands of suspicious and thousands of outright malicious instances. The number of AI skills within this new ecosystem is growing rapidly “as we speak”, further expanding the attack surface."
        https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2026/
        https://www.helpnetsecurity.com/2026/07/08/eset-ai-threat-trends-report/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 8a083dec-a552-43d8-ab84-a505b569a61c-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • BeyondTrust เตือนช่องโหว่ Critical ใน RS และ PRA เสี่ยงถูกข้ามการยืนยันตัวตน

      BeyondTrust เตือนช่องโหว่ Critical ใน RS และ PRA เสี่ยงถูกข้.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand be8fa15a-be16-4485-9e7b-385cd91ed8de-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ช่องโหว่ Backdoor ในเราเตอร์ Tenda เปิดทางผู้โจมตี Bypass Login และได้สิทธิ์ผู้ดูแลระบบ ยังไม่มีแพตช์แก้ไข

      ช่องโหว่ Backdoor ในเราเตอร์ Tenda เปิดทางผู้โจมตี By.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 19eada3b-a673-4e12-baee-424507a89c83-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ผู้ไม่หวังดีพุ่งเป้าสแกนช่องโหว่ความรุนแรงระดับวิกฤตบน Gitea Docker หลังการเปิดเผยข้อมูลเพียง 13 วัน

      ผู้ไม่หวังดีพุ่งเป้าสแกนช่องโหว่ความรุน.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 80258978-dbe1-4272-9dbe-848ef3288907-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • CISA เพิ่มช่องโหว่ที่ถูกใช้โจมตี 1 รายการลงในแคตตาล็อก

      เมื่อวันที่ 7 กรกฏาคม 2569 Cybersecurity and Infrastructure Security Agency (CISA) ได้เพิ่มช่องโหว่ใหม่ 1 รายการลงในแคตตาล็อก Known Exploited Vulnerabilities (KEV) จากหลักฐานที่พบว่ามีการโจมตีใช้งานจริงแล้ว มีรายละเอียดดังนี้

      • CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability

      ทาง CISA จะปรับปรุงและเพิ่มช่องโหว่ใหม่เข้าสู่แคตตาล็อก KEV อย่างต่อเนื่อง เพื่อให้ครอบคลุมความเสี่ยงที่ตรวจพบจริงในปัจจุบันและอนาคต

      อ้างอิง

      https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-one-known-exploited-vulnerability-catalog

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • CISA เพิ่มช่องโหว่ที่ถูกใช้โจมตี 3 รายการลงในแคตตาล็อก

      เมื่อวันที่ 7 กรกฏาคม 2569 Cybersecurity and Infrastructure Security Agency (CISA) ได้เพิ่มช่องโหว่ใหม่ 3 รายการลงในแคตตาล็อก Known Exploited Vulnerabilities (KEV) จากหลักฐานที่พบว่ามีการโจมตีใช้งานจริงแล้ว มีรายละเอียดดังนี้

      • CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
      • CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability
      • CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability

      อ้างอิง
      https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-three-known-exploited-vulnerabilities-catalog
      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 788160c0-7841-4cfc-9a7e-b950c61fc1c4-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Cyber Threat Intelligence 08 July 2026

      Industrial Sector

      • Hydro-Québec Le Circuit Electrique Charging Station Backend
        "Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-01
      • Siemens SINEC OS
        "SINEC OS before V4.0 contains multiple vulnerabilities. Siemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05
      • Hitachi Energy PROMOD V
        "Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or unauthorized access."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-02
      • Hitachi Energy e-Mesh EMS
        "Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-03
      • Siemens Mendix Studio Pro
        "Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-04
      • Labcenter Proteus 9
        "Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-06
      • Digi International PortServer TS, Digi One SP IA
        "Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-07
      • Threat Landscape For Industrial Automation Systems. Q1 2026
        "The percentage of ICS computers on which malicious objects were blocked continued to decrease, reaching 19.6% in Q1 2026. This is the lowest value in three years, and it is 1.4 times lower than in Q2 2023."
        https://securelist.com/industrial-threat-report-q1-2026/120643/

      New Tooling

      • Apple Container: Open-Source Tool For Linux Containers On The Mac
        "Developers on Apple silicon Macs have run Linux containers through software built around a single shared virtual machine for years. Apple’s open-source Container project gives each Linux workload its own lightweight virtual machine. Container is written in Swift and tuned for Apple silicon. It creates and runs Linux containers as lightweight virtual machines, and it works with OCI-compatible images, so a developer can pull from and push to any standard registry. Images built with it run in any other OCI-compatible application. Under the hood, it draws on the Containerization Swift package for low-level container, image, and process management."
        https://www.helpnetsecurity.com/2026/07/07/apple-container-open-source-linux-mac/
        https://github.com/apple/container

      Vulnerabilities

      • Security Advisory Bulletin 066
        "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device."
        https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc
      • BeyondTrust Warns Of Critical Flaws In Remote Access Software
        "BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication. The first vulnerability, tracked as CVE-2026-40138, affects the company's RS remote desktop and assistance platform (versions 25.3.2 or earlier) and the PRA enterprise cybersecurity solution (versions 25.3.2 or earlier). This vulnerability stems from an improper authentication weakness in the authentication subsystem, and successful exploitation enables attackers without privileges to bypass access controls and access targeted appliances, including accounts with elevated privileges."
        https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-critical-flaws-in-remote-access-software/
        https://www.beyondtrust.com/trust-center/security-advisories/bt26-03
        https://thehackernews.com/2026/07/beyondtrust-patches-critical-auth.html
      • Tenda Firmware (multiple Versions) Contains Hidden Authentication Backdoor
        "Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain full administrative control without valid credentials."
        https://kb.cert.org/vuls/id/213560
        https://thehackernews.com/2026/07/certcc-warns-of-hidden-admin-backdoor.html
        https://www.bleepingcomputer.com/news/security/hidden-backdoor-in-tenda-router-firmware-grants-admin-access/
        https://securityaffairs.com/194878/security/hidden-tenda-router-backdoor-grants-admin-access-no-patch-available.html
      • CISA Adds Three Known Exploited Vulnerabilities To Catalog
        "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
        CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability
        CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-three-known-exploited-vulnerabilities-catalog
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/07/07/cisa-adds-one-known-exploited-vulnerability-catalog
      • Rogue Agent: How a Single Code Block Could Hijack Your AI Conversations In Google’s DialogFlow
        "Varonis Threat Labs discovered a critical vulnerability in Google Cloud Platform’s (GCP) Dialogflow CX service, Google’s flagship conversational AI platform for building interactive experiences across voice and text chatbots. We’ve named this latest discovery Rogue Agent. The vulnerability allowed attackers to exploit the Code Blocks feature to inject persistent malicious code into the Dialogflow agents’ pipeline, silently exfiltrating conversations and conducting large-scale phishing campaigns. To initiate, the exploit requires a single edit permission known as dialogflow.playbooks.update on one agent."
        https://www.varonis.com/blog/rogue-agent-dialogflow-attack
        https://www.darkreading.com/application-security/dialogflow-cx-rogue-agent-flaw-enabled-ai-chatbot-data-theft
        https://thehackernews.com/2026/07/rogue-agent-flaw-could-have-let.html
      • GitLost: How We Tricked GitHub’s AI Agent Into Leaking Private Repos
        "Noma Labs discovered a critical prompt injection vulnerability within GitHub’s new Agentic Workflows, allowing an unauthenticated attacker to silently pull data from private repositories by posting a crafted GitHub Issue in a public repository belonging to the same organization as the private repositories. Noma Labs named the vulnerability GitLost."
        https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/
        https://thehackernews.com/2026/07/public-github-issue-could-trick-github.html
        https://www.darkreading.com/cyber-risk/gitlost-leaks-private-data-github-agentic-workflows
        https://hackread.com/gitlost-github-ai-agent-leaking-repository-data/
      • WriteOut: Abusing The Sandbox For a Critical Cross-Tenant Vulnerability In Writer AI
        "Every AI platform tells you the same comforting bedtime story. Don't worry, the code runs in a sandbox. Whatever the model generates, whatever the user uploads, whatever the agent decides to do at 2 a.m. with no human watching, it's all safely boxed in. The box is the boundary. Enter Writer AI, an enterprise platform where teams build their own AI agents. We found a way to turn Writer's own sandbox against its users: an agent could hand an attacker the keys to any account on the platform. We dubbed it WriteOut, and Writer has since fixed it. Until they did, an outsider could go from having no access to taking over any Writer AI organization inside industry-leading enterprises, with nothing more than a link."
        https://www.sandsecurity.ai/blog/writeout-writer-ai-cross-tenant
        https://thehackernews.com/2026/07/writer-ai-flaw-could-let-agent-previews.html

      Malware

      • Vidar Infostealer Being Spread Through Phishing Emails
        "First identified in 2018, Vidar operates under a Malware-as-a-Service (MaaS) model and continues to be distributed through various attack cases to this day. AhnLab SEcurity intelligence Center (ASEC) has been monitoring cases of Vidar distribution targeting Korea, and this report summarizes the Vidar distribution cases identified in the first half of 2026."
        https://asec.ahnlab.com/en/94363/
      • Connecting Scattered Spider: Defining A Cybercrime Collective Through Shared TTPs
        "Scattered Spider has attracted a lot of attention in recent years, including the mass media, especially after being attributed as the responsible party for a number of high profile attacks. Its initial days can be traced back to 2022, when notorious attacks started being attributed to Scattered Spider, such as the attack which compromised around 125 Twilio customers in August 2022 or the Caesars Palace and MGM Resort incidents in September 2023. These high profile attacks have led to law enforcement agencies taking action against the so-called Scattered Spider members. However, attacks attributed to Scattered Spider never stopped, with CISA and other organizations releasing advisories warning about its attacks even in 2025."
        https://www.group-ib.com/blog/connecting-scattered-spider/
        https://thehackernews.com/2026/07/court-filing-reveals-windows-device-id.html
        https://www.infosecurity-magazine.com/news/scattered-spider-as-cybercrime/
      • One Email Closer To The Edge: UNK_MassTraction & The Physics Of Exploitation
        "Beginning in May 2026, Proofpoint observed a new cluster of activity – tracked as UNK_MassTraction – exploiting CVE-2024-42009, a cross-site scripting vulnerability in Roundcube. The campaign targeted physics and engineering departments at major US and Canadian universities, with a focus on administrators and professors in departments with either national security ties, or entities studying astrophysics and particle physics. While the targeting appeared specific to these departments, the exploit only requires that the email is opened in the mail client to achieve access to the mailserver so the recipients may have been inconsequential."
        https://www.proofpoint.com/us/blog/threat-insight/one-email-closer-edge-unkmasstraction-physics-exploitation
        https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html
        https://www.bankinfosecurity.com/chinese-cyberespionage-exploits-university-roundcube-servers-a-32165
        https://cyberscoop.com/china-espionage-attacks-us-canada-universities-proofpoint/
        https://www.infosecurity-magazine.com/news/china-aligned-cluster-roundcube/
      • UAT-7810 Continues Building ORB Networks Using New Malware
        "Talos assesses with high confidence that UAT-7810 is a China-nexus threat actor based on the infrastructure that it provides to secondary China-nexus APTs such as UAT-5918. Open-source reporting has also illustrated overlapping tooling between UAT-5918 and UAT-7810. However, at this time, Talos considers UAT-5918 and UAT-7810 separate APT actors tasked with their own set of objectives and targets. Talos’ latest findings on UAT-7810 indicate that the threat actor continues to develop their custom-made malware dubbed “SHORTLEASH” with a newer version already being developed and hosted on attacker-controlled infrastructure. We track this new version of SHORTLEASH as “LONGLEASH.”"
        https://blog.talosintelligence.com/uat-7810/
        https://www.bleepingcomputer.com/news/security/chinese-hackers-develop-longleash-malware-to-expand-orb-network/
      • RedWing: A Mobile Malware-As-a-Service Operation
        "The zLabs team has uncovered RedWing, a new Android spyware variant offered as a Malware-as-a-Service (MaaS) through a Telegram channel and appears to have links to Russian threat actors. Malicious operators distribute this rental-based malware through mobile-targeted phishing sites. A substantial number of the associated payloads and droppers currently evade detection by conventional security tools. This discovery looks like a new variant of the oblivion malware, due to the similarity on the dropper stage and some of the overlays used."
        https://zimperium.com/blog/redwing-a-mobile-malware-as-a-service-operation
        https://thehackernews.com/2026/07/redwing-maas-packages-android-bank.html
      • DEBULL: Storm-2372-Style Microsoft Device-Code Phishing With GraphSpy Post-Exploitation
        "The tradecraft has strong characteristics previously described in Microsoft Storm-2372 reporting: messaging or Teams-style lures, device-code authentication, Microsoft Authentication Broker usage, geo-plausible infrastructure, and device-registration relevant follow-on activity. We do not attribute the campaign directly to Storm-2372. We assess that the operator is using Storm-2372-style tradecraft through a reusable tooling layer we track as DEBULL. Follow-up analysis exposed the backend behind the campaign. The same IP that created the attacker-side Microsoft Authentication Broker session also served a DEBULL login panel directly."
        https://zerobec.com/blog/debull-storm-2372-microsoft-device-code-phishing-graphspy
        https://thehackernews.com/2026/07/debull-tooling-abuses-microsoft-device.html
      • Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders And File Inflation
        "In April 2026, Unit 42 researchers identified a financially motivated campaign delivering Vidar stealer and the XMRig cryptocurrency miner to consumer and small- and medium-sized business victims worldwide. Attackers lure victims via malvertising to pages for downloading files that impersonate cracked versions of copyright-protected software. Upon execution, the loader drops and runs both Vidar stealer and XMRig. Vidar stealer targets information like browser credentials, cookies and crypto wallets. XMRig mines Monero cryptocurrency."
        https://unit42.paloaltonetworks.com/vidar-stealer-xmrig-miner-campaign-analysis/

      Breaches/Hacks/Leaks

      • Accenture Confirms Breach After Hacker Offers Stolen Data For Sale
        "IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. "We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery," Accenture told BleepingComputer. Accenture is a global professional services company that provides consulting, technology, cloud, engineering, and managed services to businesses and governments worldwide."
        https://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/
      • County Government Reportedly Paid $1 Million To Cyber Extortion Group
        "A government entity in the US reportedly paid a $1 million ransom to the Kairos cyber extortion group to prevent the public dissemination of information stolen in a May 2025 intrusion, Ransom-ISAC reports. A leaked negotiation transcript shows that the extortion group demanded $3 million in cryptocurrency from the victim organization, but eventually settled for $1 million. Kairos claimed to have stolen over 2 terabytes of data, or approximately 1.6 million files, after accessing the victim’s environment in a brute-force attack."
        https://www.securityweek.com/county-government-reportedly-paid-1-million-to-cyber-extortion-group/
      • Major Japanese Telco Says Cyberattack Exposed 12 Million Emails
        "One of Japan's largest telecommunications providers said Monday that a cyberattack targeting an email platform it operates for internet service providers exposed more than 12.2 million customer email addresses and 7.6 million passwords. The company said the breach affected an email system used to manage customer email accounts, webmail services and email storage for five Japanese internet service providers. KDDI first disclosed the unauthorized access in June but only confirmed the scale of the data exposure after completing its forensic investigation and submitting a report to Japan's communications ministry earlier this week."
        https://therecord.media/major-japanese-telco-cyberattack-12-million-emails

      General News

      • Q2 2026 Vulnerability Trends Report
        "A total of 20,701 new CVEs were reported in the second quarter of 2026. Of these, 2,317 were “Critical” vulnerabilities with a CVSS score of 9.0 Or higher, accounting for 11.2% Of the total. Medium- and high-risk vulnerabilities, including those rated “High,” accounted for 51.7% Of the total. While the overall volume remained similar to Q1, the number of “Critical” vulnerabilities—which can cause immediate damage—increased by 62.5% From 1,426 in Q1."
        https://asec.ahnlab.com/en/94360/
      • Windows Platform Security For AI Agents
        "AI agents are no longer just answering questions, they are taking actions across systems with increasing autonomy. As they become persistent participants in how software runs, they introduce new risk to control and trust, challenging the security assumptions that have defined computing for decades. Developers are building agents that read files, invoke services, modify environments and chain operations together at increasing speed. That capability is powerful, but it raises a critical question: how do you ensure these systems remain trustworthy when they operate autonomously, at scale, on real data?"
        https://blogs.windows.com/windowsdeveloper/2026/06/02/windows-platform-security-for-ai-agents/
        https://www.helpnetsecurity.com/2026/07/07/microsoft-execution-containers-ai-agents-constraints/
      • Power Shortages Could Slow AI Data Center Expansion
        "AI adoption is increasing demand for data center capacity at the same time operators are running into limits around power, equipment, land, and permitting, according to NTT Data. Access to electricity is becoming a deciding factor in where new data centers are built, when new capacity comes online and how quickly AI projects can expand."
        https://www.helpnetsecurity.com/2026/07/07/ai-data-centers-demand-expansion/
      • CISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader And Original Thinker
        "Tarah Wheeler is CISO at TPO Group. TPO is an acronym for technology, policy and operations, and the firm provides cybersecurity consultancy for high-stakes organizations such as critical industries and federal agencies. But despite this elevated position, her journey was far from typical. “I absolutely did not choose this career on purpose,” she said. “No, I fell backwards into it. I feel like this career dragged me into an alley, coshed me over the head, and said, ‘You’re one of us now. kid’.” For Americans unfamiliar with British slang, the ‘cosh’ phrase would be better understood as ‘hit me over the head with a baseball bat’ – and it may be worth noting that although born in Washington, Wheeler is currently studying at Oxford in the UK."
        https://www.securityweek.com/ciso-conversations-tarah-wheeler-cybersecurity-leader-thought-leader-and-original-thinker/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) db681405-4874-44b2-8b40-19c467a38620-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT