1. รายละเอียดช่องโหว่

• ช่องโหว่ CVE-2026-20700 ช่องโหว่ด้านความปลอดภัยที่พบในระบบปฏิบัติการของ Apple เป็นช่องโหว่ประเภทการรันโค้ดโดยไม่ได้รับอนุญาต (Arbitrary Code Execution) ที่เกิดขึ้นใน dyld (Dynamic Link Editor) ช่องโหว่นี้ส่งผลกระทบต่อหลายแพลตฟอร์ม ได้แก่ ได้แก่ iOS, iPadOS, macOS, tvOS, watchOS และ visionOS หากผู้โจมตีทำการเขียนข้อมูลลงในหน่วยความจำ (memory write) ได้สำเร็จ อาจทำให้รันโค้ดอันตรายบนอุปกรณ์ที่ได้รับผลกระทบ และนำไปสู่การควบคุมอุปกรณ์ การเข้าถึงหรือเปิดเผยข้อมูลสำคัญ รวมถึงการติดตั้งมัลแวร์โดยไม่ได้รับอนุญาต

2. อุปกรณ์ที่ได้รับผลกระทบ

   • iPhone 11 และรุ่นใหม่กว่า
   • iPad Pro 12.9 นิ้ว (รุ่นที่ 3 ขึ้นไป)
   • iPad Pro 11 นิ้ว (รุ่นที่ 1 ขึ้นไป)
   • iPad Air (รุ่นที่ 3 ขึ้นไป)
   • iPad รุ่นที่ 8 ขึ้นไป
   • iPad mini รุ่นที่ 5 ขึ้นไป
   • Mac ที่ใช้ระบบปฏิบัติการ macOS Tahoe

3. แนวทางป้องกันและแก้ไข
   3.1 อัปเดตระบบปฏิบัติการให้เป็นเวอร์ชันที่ Apple ออกแพตช์แก้ไขแล้ว
   3.2 เปิดใช้งาน Automatic Updates เพื่อป้องกันความเสี่ยง
   3.3 สำหรับองค์กร ให้ดำเนินการตรวจสอบ Asset Inventory เพื่อระบุอุปกรณ์ที่ยังไม่ได้อัปเดต, ใช้ MDM (Mobile Device Management) บังคับอัปเดตแพตช์ รวมถึงตรวจสอบ Log และระบบ EDR ว่ามีพฤติกรรมต้องสงสัยหรือไม่

4. มาตรการชั่วคราว (กรณียังไม่สามารถอัปเดตได้ทันที)
   4.1 จำกัดการเข้าถึงเว็บไซต์หรือเนื้อหาที่ไม่เชื่อถือ
   4.2 ใช้งานผ่านบัญชีสิทธิ์ปกติ โดยหลีกเลี่ยงการใช้งานด้วยบัญชีผู้ดูแลระบบ เพื่อลดผลกระทบหากถูกโจมตี
   4.3 เปิดใช้งานระบบป้องกันเพิ่มเติม เช่น Firewall, Gatekeeper / XProtect (macOS) และ Lockdown Mode (กรณีผู้ใช้งานที่มีความเสี่ยงสูง)

5. แหล่งอ้างอิง
   5.1 https://dg.th/cwmjghxfau
   5.2 https://dg.th/t9yh48ld20
   5.3 https://dg.th/zflytxwpcg

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

Healthcare Sector

• A New Data Theft Gang For The Health Sector To Lose Sleep Over
  "A new cybercriminal gang appears to be targeting the healthcare industry, a sector with a reputation for paying extortionists rather than risk harm to patients. Since first surfacing on the darkweb in recent weeks, the Insomnia data theft group has chalked up 18 alleged victims on its data leak site. More than half have ties to healthcare. Among the victims listed on Insomnia's data leak site as of Wednesday, most are healthcare providers, or companies that are involved with work concerning healthcare issues, including two law firms that handle medical malpractice cases and one manufacturer of surgical and medical gear."
  https://www.bankinfosecurity.com/new-data-theft-gang-for-health-sector-to-lose-sleep-over-a-30735

Industrial Sector

• ICS Patch Tuesday: Vulnerabilities Addressed By Siemens, Schneider, Aveva, Phoenix Contact
  "Industrial giants Siemens, Schneider Electric, Aveva, and Phoenix Contact have published Patch Tuesday advisories informing customers about vulnerabilities found in their ICS/OT products. Siemens has published eight new advisories. The company has released patches and mitigations for high-severity issues in Desigo CC, Sentron Powermanager, Simcenter Femap and Nastran, NX, Sinec NMS, Solid Edge, and Polarion products. A medium-severity flaw has been found in Siveillance Video Management Servers. Exploitation of the vulnerabilities can lead to unauthorized access, XSS, DoS, code execution, and privilege escalation."
  https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-siemens-schneider-aveva-phoenix-contact/

Vulnerabilities

• 800,000 WordPress Sites Affected By Arbitrary File Upload Vulnerability In WPvivid Backup WordPress Plugin
  "On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 active installations. This vulnerability can be used by unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover. Please note that this vulnerability only critically affects users who have a generated key in the plugin settings to allow another site to send a backup to their site. This feature is disabled by default, and the key expiration can only be set to a maximum of 24 hours."
  https://www.wordfence.com/blog/2026/02/800000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-wpvivid-backup-wordpress-plugin/
• Fortinet Patches High-Severity Vulnerabilities
  "Fortinet on Tuesday published eight advisories describing security defects addressed in FortiAuthenticator, FortiClient for Windows, FortiGate, FortiOS, and FortiSandbox, including two high-severity issues. The most severe of these is CVE-2025-52436, an XSS bug in FortiSandbox that could be exploited via crafted requests to execute commands without authentication. Next in line is CVE-2026-22153, an authentication bypass in FortiOS that can be exploited under certain configurations to bypass LDAP authentication of Agentless VPN or FSSO policy."
  https://www.securityweek.com/fortinet-patches-high-severity-vulnerabilities/
• CISA Adds Six Known Exploited Vulnerabilities To Catalog
  "CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
  CVE-2026-21510 Microsoft Windows Shell Protection Mechanism Failure Vulnerability
  CVE-2026-21513 Microsoft MSHTML Framework Security Feature Bypass Vulnerability
  CVE-2026-21514 Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
  CVE-2026-21519 Microsoft Windows Type Confusion Vulnerability
  CVE-2026-21525 Microsoft Windows NULL Pointer Dereference Vulnerability
  CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability"
  https://www.cisa.gov/news-events/alerts/2026/02/10/cisa-adds-six-known-exploited-vulnerabilities-catalog
  https://securityaffairs.com/187855/security/u-s-cisa-adds-microsoft-office-and-microsoft-windows-flaws-to-its-known-exploited-vulnerabilities-catalog.html
• Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed By Intel And AMD
  "Intel and AMD’s February 2026 Patch Tuesday advisories address more than 80 vulnerabilities found recently in their products. Intel has published 18 new advisories covering more than 30 vulnerabilities. Four advisories have an overall severity rating of high. One of these advisories describes TDX vulnerabilities discovered in collaboration with Google, including a flaw that could lead to full compromise."
  https://www.securityweek.com/chipmaker-patch-tuesday-over-80-vulnerabilities-addressed-by-intel-and-amd/
• Safeguarding Foundational Technologies: How Intel And Google Collaborate To Strengthen Intel TDX
  "Foundational technologies demand an uncompromising approach to security, due to their critical role in safeguarding root of trust. For Confidential Computing technologies such as Intel Trust Domain Extensions (Intel TDX), the goal is to protect sensitive workloads, even against compromised hypervisors or malicious insiders for billions of users. Intel TDX achieves this through the enablement of Confidential Virtual Machines (CVMs) — also known as Trust Domains (TDs) — that provide strong hardware-enforced confidentiality and integrity guarantees in multi-tenant and cloud environments."
  https://www.intel.com/content/www/us/en/security/security-practices/blogs/google-collaboration-strengthen-intel-tdx.html
  https://services.google.com/fh/files/misc/intel_tdx_1.5-full_report.pdf
  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01397.html
  https://www.securityweek.com/google-intel-security-audit-reveals-severe-tdx-vulnerability-allowing-full-compromise/
• Apple Fixes Zero-Day Flaw Used In 'extremely Sophisticated' Attacks
  "Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific individuals. Tracked as CVE-2026-20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Apple's security bulletin warns that an attacker with memory write capability may be able to execute arbitrary code on affected devices."
  https://www.bleepingcomputer.com/news/security/apple-fixes-zero-day-flaw-used-in-extremely-sophisticated-attacks/
  https://support.apple.com/en-us/126347

Malware

• AgreeToSteal: The First Malicious Outlook Add-In Leads To 4,000 Stolen Credentials
  "This is the first known malicious Microsoft Outlook add-in detected in the wild. But the developer who built it isn't the attacker. In 2022, a developer built a meeting scheduling tool called AgreeTo and published it to the Microsoft Office Add-in Store. It worked. People liked it. Then the developer moved on, and the project died. The add-in stayed listed in Microsoft's store. The URL it pointed to - hosted on Vercel - became claimable. An attacker claimed it, deployed a phishing kit, and Microsoft's own infrastructure started serving it inside Outlook's sidebar. By gaining access to the attacker's exfiltration channel, we were able to recover the full scope of the operation: over 4,000 stolen Microsoft account credentials, credit card numbers, and banking security answers. The attacker was actively testing stolen credentials yesterday. The infrastructure is live as you read this."
  https://www.koi.ai/blog/agreetosteal-the-first-malicious-outlook-add-in-leads-to-4-000-stolen-credentials
  https://www.bleepingcomputer.com/news/security/microsoft-store-outlook-add-in-hijacked-to-steal-4-000-microsoft-accounts/
  https://thehackernews.com/2026/02/first-malicious-outlook-add-in-found.html
• Employee Monitoring And SimpleHelp Software Abused In Ransomware Operations
  "Net Monitor for Employees Professional is a commercial workforce monitoring tool developed by NetworkLookout. Marketed for employee productivity tracking, the software provides capabilities that extend well beyond passive screen monitoring, including reverse shell connections, remote desktop control, file management, and the ability to customize service and process names during installation. These features, while designed for legitimate administrative use, make it an attractive tool for threat actors seeking to blend into enterprise environments without deploying traditional malware."
  https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations
  https://www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/
• LummaStealer Is Getting a Second Life Alongside CastleLoader
  "Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world's most prolific information-stealing malware operations managed to survive despite being almost brought down by law enforcement less than a year ago. LummaStealer is a highly scalable information-stealing threat with a long history, having operated under a malware-as-a-service model since it appeared on the scene in late 2022. The threat quickly evolved into one of the most widely deployed infostealers worldwide, supported by a large affiliate ecosystem and a constantly adapting delivery infrastructure."
  https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader
  https://www.bleepingcomputer.com/news/security/lummastealer-infections-surge-after-castleloader-malware-campaigns/
• AI/LLM-Generated Malware Used To Exploit React2Shell
  "Darktrace identified an AI/LLM generated malware sample exploiting the React2Shell vulnerability within its Cloudypots environment. The incident shows how LLM‑assisted development enables low‑skill attackers to rapidly create effective exploitation tools. This analysis outlines the attack chain, AI‑generated payload, and the growing defensive challenges posed by accessible, AI‑enabled cyber threats."
  https://www.darktrace.com/blog/ai-llm-generated-malware-used-to-exploit-react2shell
  https://www.bankinfosecurity.com/ai-generated-malware-exploits-react2shell-for-tiny-profit-a-30734
• Mispadu Phishing Malware Baseline: Delivery Chains, Capabilities, And Common Campaigns
  "Mispadu is a long-standing Banking Trojan that has only continued to grow in popularity since its first observation in 2019. Although originally appearing in small numbers, at the time of this analysis Mispadu is the top Latin American Banking Trojan that Cofense sees. Current campaigns are seen on a weekly basis, with initial phishing emails bypassing multiple Secure Email Gateways (SEGs) to reach the inboxes of employees across the world. The most popular targeted countries continue to be Latin American, specifically Mexico and Brazil, however some instances of recipients in Europe have also been seen. The most common delivery method continues to be attached PDFs that lead to a chain of scripts before Mispadu is run using legitimate files."
  https://cofense.com/blog/mispadu-phishing-malware-baseline
• Sleeper Shells: How Attackers Are Planting Dormant Backdoors In Ivanti EPMM
  "Exploitation of Ivanti Endpoint Manager Mobile (EPMM) has been relentless since vulnerability disclosure. That’s not necessarily news. Major institutions - governments included - have already been compromised through this vector, and we’re tracking another exploitation wave as it develops. On February 4th, 2026, a coordinated campaign started across our telemetry with a differing pattern to previous mass exploitation. Rather than the smash-and-grab post-exploitation you’d expect - dropping traditional webshells, running recon and enumeration commands - this operator did something more deliberate, uploading a payload, confirming it landed, and leaving. No commands were executed, the implant was simply left in place."
  https://defusedcyber.com/ivanti-epmm-sleeper-shells-403jsp
  https://www.helpnetsecurity.com/2026/02/11/ivanti-epmm-sleeper-webshell/
• The Game Is Over: When “free” Comes At Too High a Price. What We Know About RenEngine
  "We often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware that employs advanced techniques and sophisticated infection chains. In February 2026, researchers from Howler Cell announced the discovery of a mass campaign distributing pirated games infected with a previously unknown family of malware. It turned out to be a loader called RenEngine, which was delivered to the device using a modified version of a Ren’Py engine-based game launcher. Kaspersky solutions detect the RenEngine loader as Trojan.Python.Agent.nb and HEUR:Trojan.Python.Agent.gen."
  https://securelist.com/renengine-campaign-with-hijackloader-lumma-and-acr-stealer/118891/
• Spying Chrome Extensions: 287 Extensions Spying On 37M Users
  "We built an automated scanning pipeline that runs Chrome inside a Docker container, routes all traffic through a man‑in‑the‑middle (MITM) proxy, and watches for outbound requests that correlate with the length of the URLs we feed it. Using a leakage metric we flagged 287 Chrome extensions that exfiltrate browsing history. Those extensions collectively have ~37.4 M installations – roughly 1 % of the global Chrome user base. The actors behind the leaks span the spectrum: Similarweb, Curly Doggo, Offidocs, chinese actors, many smaller obscure data‑brokers, and a mysterious “Big Star Labs” that appears to be an extended arm of Similarweb."
  https://github.com/qcontinuum1/spying-extensions
  https://www.theregister.com/2026/02/11/security_researcher_287_chrome_extensions_data_leak/
• When Paychecks Become The Prize: A Deeper Look At The Rise Of Direct Deposit Attacks
  "Ransomware may dominate headlines, but some of the most effective modern attacks don’t rely on malware at all. Instead, attackers are exploiting identity workflows, trusted access paths, and payroll self-service features to quietly steal money — one paycheck at a time. ARC Labs recently investigated an attack where an adversary redirected an employee’s salary by modifying direct deposit information in a payroll platform after compromising the user’s identity account. The attack was technically simple, operationally precise, and deliberately low-noise. This is not an anomaly. It’s a sign of where financially motivated attacks are heading."
  https://binarydefense.com/resources/blog/when-paychecks-become-the-prize-a-deeper-look-at-the-rise-of-direct-deposit-attacks
  https://www.theregister.com/2026/02/11/payroll_pirates_business_social_engineering/
• Nation-State Actors Exploit Notepad++ Supply Chain
  "Between June and December 2025, the official hosting infrastructure for the text editor Notepad++ was compromised by a state-sponsored threat group known as Lotus Blossom. The attackers breached the shared hosting provider’s environment. This allowed the attackers to intercept and redirect traffic destined for the Notepad++ update server. This infrastructure-level hijack enabled the attackers to selectively target specific users. The targets were primarily located in Southeast Asia across government, telecommunications and critical infrastructure sectors. Attackers served these targets malicious update manifests instead of legitimate software updates."
  https://unit42.paloaltonetworks.com/notepad-infrastructure-compromise/
• Silent Push Traffic Origin Data Combined With Residential Proxy Data Uncovers Suspicious Chinese VPN
  "Silent Push’s Traffic Origin exposes insights that help identify a threat actor’s true country of origin—visibility that’s otherwise inaccessible to defenders. We use a proprietary global observation network to analyze traffic signals, enabling the platform to identify the countries associated with an IP address. This reveals the traffic’s true physical origin, not just where the proxy server sits. Offering critical enrichment capabilities that businesses can use to immediately unmask global threat actors, Traffic Origin shines a light on malicious behaviors, including North Korean IT workers attempting to obtain fraudulent employment while using residential proxies to conceal their actual physical location. Customers can also use Traffic Origin to automatically assess employee logins and identify when an IP address is masking traffic from an unexpected location or country of concern."
  https://www.silentpush.com/blog/traffic-origin-chinese-vpn/
• DKIM Replay Attacks Exposed: How Cybercriminals Abuse Apple And PayPal Invoice Emails
  "Cybercriminals no longer rely on obvious phishing tricks or poorly forged emails. Instead, they increasingly abuse trusted platforms, legitimate workflows and small gaps in widely used security controls. By manipulating everyday business processes that users already trust, threat actors turn reputable infrastructure into an unwitting delivery mechanism for scams, making malicious messages far harder to spot and far more likely to succeed."
  https://www.kaseya.com/blog/dkim-replay-attacks-apple-paypal-invoice-abuse/

Breaches/Hacks/Leaks

• Georgia Healthcare Company Data Breach Impacts More Than 620,000
  "A cyberattack last year on a prominent Georgia-based healthcare company leaked the sensitive information of 626,540 people, according to a new filing with the U.S. Department of Health and Human Services. ApolloMD notified customers of a data breach in September but provided federal regulators with the full number of victims on Tuesday. The company is a medical group that provides multispecialty physician services to more than 100 hospitals. They have more than 125 practices across 18 states and treat about 4 million patients each year. The company told victims in September about the breach, and said an investigation revealed hackers were in ApolloMD’s IT environment between May 22 and May 23."
  https://therecord.media/georgia-healthcare-company-data-breach-impacts-620000

General News

• Police Arrest Seller Of JokerOTP MFA Passcode Capturing Tool
  "The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. The suspect is the third one arrested after authorities after a three-year investigation that led to dismantling the JokerOTP phishing-as-a-service (PhaaS) operation in April 2025. At the time, authorities arrested the developer of the platform, and in August, a co-developer who used the aliases 'spit' and 'defone123'."
  https://www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/
• Should CISOs Plan For Government As An Adversary?
  "Security leaders have been encouraged to view governments as partners for most of the past three decades. Regulators set the rules, law enforcement responds when incidents occur, and national cyber agencies provide guidance, indicators and frameworks. The underlying assumption has been that public authorities, while sometimes slow or clumsy, are broadly aligned with organizational interests. That assumption is becoming less reliable. This is not a political argument. It is a risk management one. When you strip away ideology and focus purely on threat modeling, there are credible scenarios where state actors control, influence or disrupt the very infrastructure your organization depends on. For CISOs, especially those operating across borders, that reality deserves sober consideration."
  https://www.bankinfosecurity.com/blogs/should-cisos-plan-for-government-as-adversary-p-4041
• SMS & OTP Bombing Campaigns: Evolving API Abuse Targeting Multiple Regions
  "Cyble Research and Intelligence Labs (CRIL) identified sustained development activity surrounding SMS, OTP, and voice-bombing campaigns, with evidence of technical evolution observed through late 2025 and continuing into 2026. Analysis of multiple development artifacts reveals progressive expansion in regional targeting, automation sophistication, and attack vector diversity. Recent activity observed through September and October 2025, combined with new application releases in January 2026, indicates ongoing campaign persistence. The campaigns demonstrate technical maturation from basic terminal implementations to cross-platform desktop applications with automated distribution mechanisms and advanced evasion capabilities."
  https://cyble.com/blog/sms-otp-bombing-campaign-targeting-multiple-regions/
• How To Stay On Top Of Future Threats With a Cutting-Edge SOC
  "The security operations center is a critical business function that must continually evolve to keep pace with new cybersecurity threats. CISOs remain under tight cost pressure, so they must be highly focused on transforming the SOC to meet their organization's future needs. One thing is certain: the capabilities of today’s SOC will not be fit-for-purpose in five or even three years' time. SOC transformation is complex, and artificial intelligence and people strategies are crucial."
  https://www.darkreading.com/cybersecurity-operations/stay-top-future-threats-cutting-edge-soc
• AI Rising: Do We Know Enough About The Data Populating It?
  "It certainly is clear that there are (considerable) business benefits to be unlocked through the use of AI. It can undeniably have a beneficial impact by automating rudimentary or labor-intensive tasks, cutting costs, boosting efficiency, enhancing decision-making through powerful data analysis, and so on. It can lead to improved customer experiences, increased innovation, better risk management, and a stronger competitive edge across various functions such as sales, marketing, and operations. All good so far. But how is this improved landscape to be achieved? The answer, fundamentally, is data."
  https://www.darkreading.com/data-privacy/do-we-know-enough-about-data-populating-ai
• Asia Fumbles With Throttling Back Telnet Traffic In Region
  "Many devices and consumer-grade routers in the Asia-Pacific region continue to use the insecure Telnet protocol, despite a recent critical vulnerability and the general insecurity of the protocol overall, underscoring the risks posed to organizations by the outdated technology. The problems persist despite recent curtailing of Telnet traffic by Internet backbone providers. In three hours on Jan. 14, Telnet traffic across the globe dropped from about 65,000 sessions per hour to 11,000 sessions per hour, an 83% decline in average traffic, according to data provided by GreyNoise, a threat intelligence firm. Yet, firms in the Asia-Pacific region saw some of the smallest decreases, suggesting that Asian network providers failed to — or decided not to — block the risky protocol, says Bob Rudis, vice president of data science at GreyNoise."
  https://www.darkreading.com/threat-intelligence/asia-fumbles-telnet-threat-traffic
  https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
  https://www.theregister.com/2026/02/11/were_telcos_tipped_off_to/
• Manipulating AI Memory For Profit: The Rise Of AI Recommendation Poisoning
  "That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. Companies are embedding hidden instructions in “Summarize with AI” buttons that, when clicked, attempt to inject persistence commands into an AI assistant’s memory via URL prompt parameters (MITRE ATLAS AML.T0080, AML.T0051)."
  https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/
  https://www.helpnetsecurity.com/2026/02/11/ai-recommendation-memory-poisoning-attacks/
  https://www.theregister.com/2026/02/12/microsoft_ai_recommendation_poisoning/
• Security Teams Are Paying For Sprawl In More Ways Than One
  "Most enterprises run security programs across sprawling environments that include mobile devices, SaaS applications, cloud infrastructure, and telecom networks. Spend control in these areas often sits outside the security organization, even when the operational consequences land directly on security teams. Tangoe’s 2026 Trends & Savings Recommendations Report connects these cost domains to recurring governance failures that create risk exposure across identity, endpoint management, and infrastructure visibility."
  https://www.helpnetsecurity.com/2026/02/11/security-teams-ai-driven-it-spend/
• Vulnerability Forecast 2026: The Year Ahead
  "Happy New Year 2026! As we turn the page on another year and raise our glasses to new beginnings, we at FIRST have been busy doing what we do best: thinking quantitatively about what lies ahead. And our forecast for 2026 is both sobering and, we hope, useful. Our prediction: 2026 will be the year we cross 50,000 published CVEs. In fact, our median forecast sits at approximately 59,000 vulnerabilities for the year—a number that should give pause to anyone responsible for patch management, detection engineering, or coordinated vulnerability disclosure."
  https://www.first.org/blog/20260211-vulnerability-forecast-2026
  https://www.infosecurity-magazine.com/news/first-forecasts-record-50000-cve/
• Spam And Phishing In 2025
  "In 2025, online streaming services remained a primary theme for phishing sites within the entertainment sector, typically by offering early access to major premieres ahead of their official release dates. Alongside these, there was a notable increase in phishing pages mimicking ticket aggregation platforms for live events. Cybercriminals lured users with offers of free tickets to see popular artists on pages that mirrored the branding of major ticket distributors. To participate in these “promotions”, victims were required to pay a nominal processing or ticket-shipping fee. Naturally, after paying the fee, the users never received any tickets."
  https://securelist.com/spam-and-phishing-report-2025/118785/
• Security In The Dark: Recognizing The Signs Of Hidden Information
  "As humans, we don’t always make the right decisions, of course. When we do, it’s generally because we are basing those decisions on accurate data. Simply put, sound decisions require deducing the correct conclusions from an accurate data set. Further, the more complete the data set we are analyzing, the better chance we have of arriving at the right decision. Nowhere is this more pertinent than in the security field. When we look to properly assess, prioritize, and mitigate risk, we need the most accurate and complete data we can get. When we don’t have that, we end up doing a lot of guess work, and that can have disastrous consequences for the organization’s security posture."
  https://www.securityweek.com/security-in-the-dark-recognizing-the-signs-of-hidden-information/
• Hacker Conversations: Professional Hacker Douglas Day
  "Douglas Day is a member of the Hacker Advisory Board at HackerOne and a full-time professional hacker. His membership of the Hacker Advisory Board is voluntary and unpaid, but more than 95% of his income comes from bug bounty hacking. The rest comes from the occasional contracted pen testing and red teaming. “I didn’t always consider myself a professional hacker, but I have always been a hacker. Now I’m both a hacker and a professional hacker.”"
  https://www.securityweek.com/hacker-conversations-professional-hacker-douglas-day/

อ้างอิง
Electronic Transactions Development Agency (ETDA)

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

เมื่อวันที่ 10 กุมภาพันธ์ 2026 Cybersecurity and Infrastructure Security Agency (CISA) ได้เพิ่มช่องโหว่ใหม่ 6 รายการลงในแคตตาล็อก Known Exploited Vulnerabilities (KEV) จากหลักฐานที่พบว่ามีการโจมตีใช้งานจริงแล้ว ดังนี้

• CVE-2026-21510 Microsoft Windows Shell Protection Mechanism Failure Vulnerability
• CVE-2026-21513 Microsoft MSHTML Framework Security Feature Bypass Vulnerability
• CVE-2026-21514 Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
• CVE-2026-21519 Microsoft Windows Type Confusion Vulnerability
• CVE-2026-21525 Microsoft Windows NULL Pointer Dereference Vulnerability
• CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability
  ทั้งนี้ คำสั่ง BOD 22-01 ของ CISA กำหนดให้มี แคตตาล็อก Known Exploited Vulnerabilities (KEV) เพื่อรวบรวมช่องโหว่ (CVEs) ที่มีความเสี่ยงสูงและถูกใช้งานโจมตีจริง หน่วยงาน Federal Civilian Executive Branch (FCEB) ต้องดำเนินการแก้ไขช่องโหว่ที่ระบุภายในเวลาที่กำหนด เพื่อปกป้องเครือข่ายจากภัยคุกคาม

ทาง CISA จะปรับปรุงและเพิ่มช่องโหว่ใหม่เข้าสู่แคตตาล็อก KEV อย่างต่อเนื่อง เพื่อให้ครอบคลุมความเสี่ยงที่ตรวจพบจริงในปัจจุบันและอนาคต

อ้างอิง
https://www.cisa.gov/news-events/alerts/2026/02/10/cisa-adds-six-known-exploited-vulnerabilities-catalog
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

Cybersecurity and Infrastructure Security Agency (CISA) ได้เผยแพร่คำแนะนำเกี่ยวกับระบบควบคุมอุตสาหกรรม (ICS) จำนวน 5 รายการ เมื่อวันที่ 10 กุมภาพันธ์ 2569 เพื่อให้ข้อมูลที่ทันเวลาเกี่ยวกับประเด็นด้านความมั่นคงปลอดภัย ช่องโหว่ และการโจมตีที่เกี่ยวข้องกับระบบ ICS โดยมีรายละเอียดดังนี้

• ICSA-26-041-01 Yokogawa FAST/TOOLS
• ICSA-26-041-02 ZLAN Information Technology Co. ZLAN5143D
• ICSA-26-041-03 AVEVA PI Data Archive
• ICSA-26-041-04 AVEVA PI to CONNECT Agent
• ICSMA-26-041-01 ZOLL ePCR IOS Mobile Application

CISA แนะนำให้ผู้ใช้งานและผู้ดูแลระบบ ตรวจสอบคำแนะนำ ICS ที่เผยแพร่ล่าสุด เพื่อศึกษารายละเอียดทางเทคนิคและแนวทางการลดความเสี่ยง (mitigations)

อ้างอิง
https://www.cisa.gov/news-events/ics-advisories
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand