NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ
    1. หน้าแรก
    2. NCSA_THAICERT
    • รายละเอียด
    • ติดตาม 0
    • คนติดตาม 3
    • กระทู้ 2,367
    • กระทู้ 2,368
    • ดีที่สุด 0
    • Controversial 0
    • กลุ่ม 2

    NCSA_THAICERT

    @NCSA_THAICERT

    1
    ชื่อเสียง
    56
    ดูข้อมูลส่วนตัว
    2.4k
    กระทู้
    3
    คนติดตาม
    0
    ติดตาม
    เข้าร่วม ออนไลน์ล่าสุด
    เว็บไซต์ www.ncsa.or.th/?fbclid=IwAR0BqJEC-CJzBs98rlBxUbZkNBgp1g814xdDNNaKnHTrxfqZhPD--ksY68I

    NCSA_THAICERT เลิกติดตาม ติดตาม
    Global Moderator administrators

    Latest posts made by NCSA_THAICERT

    • ETDA Cyber Threat Intelligence 13 July 2026

      Financial Sector

      • Only 28% Of Financial Workforce MFA Is Phishing-Resistant
        "Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report. Banks and financial organizations use a mix of authentication methods, combining phishing-resistant technologies with methods that remain vulnerable to phishing attacks."
        https://www.helpnetsecurity.com/2026/07/10/financial-identity-security-trends-report/
      • Fresh ATM Crypto Software Bugs: Jackpot Or Bust?
        "A researcher has discovered nine vulnerabilities in an ATM and corporate security program. The researcher and major ATM manufacturer Diebold Nixdorf disagree, though, about whether it could allow attackers to steal cash or not. At Black Hat USA 2026, Matt Burch, principal security researcher for Atredis Partners, will present nine new vulnerabilities he discovered in CryptWare CryptoPro Secure Disk. CryptoPro, for short, is a full‑disk encryption (FDE) and pre‑boot authentication solution for Windows that, strangely, is marketed to both corporations generally and ATM manufacturers specifically."
        https://www.darkreading.com/vulnerabilities-threats/atm-crypto-software-bugs-jackpot-bust

      Healthcare Sector

      • Healthcare Ransomware Roundup: H1 2026 Stats On Attacks, Ransoms, And Data Breaches
        "During the first six months of 2026, the healthcare sector suffered an average of 2.3 ransomware attacks per day. Attacks increased by nearly 14 percent when compared to H2 2025, rising from 360 to 410. Of the 410 attacks we recorded in H1 2026, 247 were on hospitals, clinics, and other direct care providers. 163 hit businesses operating within the healthcare sector, such as pharmaceutical/medical manufacturers, medical billing providers, and healthcare tech companies. Attacks on healthcare providers rose just over three percent from H2 2025, but attacks on healthcare businesses rose nearly 35 percent."
        https://www.comparitech.com/news/healthcare-ransomware-roundup-h1-2026-stats-on-attacks-ransoms-and-data-breaches/
        https://www.darkreading.com/threat-intelligence/cybercriminals-healthcare-businesses-attacks-surge

      Industrial Sector

      • OpenPLC v3
        "Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution as the OpenPLC runtime user."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-01
      • Schneider Electric PowerChute Serial Shutdown
        "Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-02
      • Schneider Electric Easergy MiCOM Px40 Series
        "Schneider Electric is aware of a vulnerability in its Easergy MiCOM Px40 Series products. The Easergy MiCOM Px40 is a protection relay series for Medium Voltage, High Voltage and Extra High Voltage protection. Failure to apply the mitigations provided below may risk unauthorized exposure of basic device identification through the SNMP protocol."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-03

      Vulnerabilities

      • URGENT - Progress Tells ShareFile Customers To Shut Down Storage Zone Controllers Over Security Threat
        "Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external security experts. It says it has no indication of unauthorized access to any ShareFile accounts or data, and that it notified customers after learning of the threat. What Progress has not said is what the threat is or who is behind it."
        https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html
        https://www.bleepingcomputer.com/news/security/progress-urges-sharefile-customers-to-shut-down-servers-over-credible-threat/
        https://securityaffairs.com/195194/hacking/progress-told-sharefile-customers-to-pull-the-plug-on-their-servers-heres-what-we-know.html
      • Zimbra Urges Customers To Patch Critical Web Client XSS Flaw
        "The Zimbra security team urged customers to patch a critical vulnerability affecting the Classic Web Client used to access the Zimbra Collaboration suite. Zimbra is a very popular email and collaboration software suite used by hundreds of millions of people, including thousands of businesses and hundreds of government agencies worldwide. Also known as the Classic UI, this Ajax-based webmail interface is faster than Zimbra's modern web client, which requires more resources when loading large email folders. The company released Zimbra 10.1.19 this Tuesday to patch this stored cross-site scripting (XSS) security flaw, which has yet to receive a CVE ID for easy tracking. Attackers can exploit this Classic Web Client security issue through specially crafted emails that execute malicious code when the email is opened."
        https://www.bleepingcomputer.com/news/security/zimbra-urges-customers-to-patch-critical-web-client-xss-flaw/
        https://blog.zimbra.com/2026/07/patch-release-update-zimbra-10-1-19/
        https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html
        https://securityaffairs.com/195130/hacking/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes.html
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
        CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/07/10/cisa-adds-two-known-exploited-vulnerabilities-catalog
        https://securityaffairs.com/195164/security/u-s-cisa-adds-icagenda-and-balbooa-forms-flaws-to-its-known-exploited-vulnerabilities-catalog.html
      • Unfit To Boot: Breaking U-Boot's FIT Signature Verification
        "U-Boot is one of the most widely used bootloaders in the world. It runs on a huge variety of hardware, from home routers and smart cameras to the Baseboard Management Controllers (BMCs), which are commonly used to remotely manage servers in large data centres. As a bootloader, its job usually includes initialising the CPU and memory, bringing up the essential peripherals, and finally handing over execution to the next stage of the boot chain."
        https://www.binarly.io/blog/unfit-to-boot-breaking-u-boots-fit-signature-verification
        https://www.bleepingcomputer.com/news/security/new-u-boot-flaws-could-enable-stealthy-firmware-attacks/
        https://thehackernews.com/2026/07/six-new-u-boot-flaws-could-let.html
        https://securityaffairs.com/195150/security/critical-u-boot-bugs-undermine-secure-boot-on-millions-of-devices.html
      • Bypassing Tangem Card Security With a Laser Attack
        "After uncovering a genuine check bypass on the Tangem Android application and a brute-force attack on the card's authentication protocol, the Ledger Donjon turned its attention to the card itself with more advanced tools and sophisticated techniques. What we found is a critical vulnerability that lets an attacker with physical access to a single Tangem card reset its password and steal all associated funds."
        https://donjon.ledger.com/blog/bypassing-tangem-card-security-with-laser-attack/
        https://thehackernews.com/2026/07/laser-attack-resets-tangem-wallet.html
      • I Sent a WhatsApp Message To An AI Agent. It Ran My Code On The Host.
        "There's a particular feeling you get when you watch an AI agent cheerfully execute a payload you just sent it over WhatsApp. It's somewhere between fascination and dread. Like watching someone hold the front door open for a burglar because they said they were from maintenance. Last week, I sent a perfectly normal-looking debugging request to an OpenClaw AI assistant over WhatsApp. Thirty seconds later, I had arbitrary code execution on the host machine. The AI — Claude Sonnet 4, arguably the most safety-aligned model commercially available — didn't just allow it. It helped. It formatted the output nicely and asked if I needed anything else."
        https://medium.com/@chinmohannayak/i-sent-a-whatsapp-message-to-an-ai-agent-it-ran-my-code-on-the-host-adbbcbb0e0ad
        https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html
      • XRING: Crashing XQUIC With Spec-Compliant QPACK Instructions
        "During recent research into the different QUIC stacks for our active TLS scanner, JA4Scan, I found a deterministic remote crash in XQUIC, Alibaba's QUIC and HTTP/3 library, dubbed XRING. XQUIC enables HTTP/3 support for Tengine, the Nginx-based web server Alibaba runs across its cloud and CDN infrastructure, including sites like Taobao or AliPay. A remote, unauthenticated client sends spec-compliant HTTP/3 operation traffic and the server process terminates. The crash requires only 260 bytes of client traffic. Every XQUIC version is impacted. There is no patch available."
        https://foxio.io/blog/xring-crashing-xquic-with-spec-compliant-qpack-instructions
        https://thehackernews.com/2026/07/unpatched-xring-flaw-in-xquic-lets.html
      • Study Of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, And Tracking
        "Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4 billion times. The problems are basic, not sophisticated. 29 apps let user traffic leak outside the encrypted tunnel, including the DNS lookups that reveal which websites you visit. 61 apps send some data in plain text that anyone watching the traffic on that network can read."
        https://thehackernews.com/2026/07/study-of-281-free-android-vpn-apps.html
      • The ‘Ghost’ In The Database: Recovering Active ADFS Signing Keys Via Machine DPAPI
        "The "Golden SAML" technique, first described by CyberArk researchers in 2017, and further detailed by Mandiant researchers in 2021, remains one of the most effective methods for threat actors to forge identity assertions in the Microsoft ecosystem. By obtaining the private key of an ADFS token-signing certificate, an attacker can authenticate as any user to any SAML-federated application, bypassing multifactor authentication (MFA), conditional access, and all identity-based controls."
        https://cloud.google.com/blog/topics/threat-intelligence/recovering-active-adfs-signing-keys-machine-dpapi
      • We Put The Exploit In a Picture. The AI Code Reviewer Never Opened It.
        "Almost nobody reviews the pull request. We surveyed 6,480 pull requests across the 300 most active public repositories of the last ninety days, and 73% of the ones that got merged reached the default branch with no substantive human review and no bot review at all. The thing filling that gap is a new kind of reviewer: an LLM that reads every diff and comments like a human would. Cursor Bugbot and CodeRabbit are the two with real deployment. Hence, we built a pull request that steals a repository's secrets and walks straight past both of them. The trick is that the malicious instruction is not text. It is a picture."
        https://asset-group.github.io/disclosures/ghostcommit/
        https://www.bleepingcomputer.com/news/security/ghostcommit-hides-prompt-injection-in-images-to-fool-ai-agents-steal-secrets/

      Malware

      • Malicious Go Module Exposes GitHub Malware Lure Network Spanning 222 Repositories
        "Our investigation began with a malicious Go module, github[.]com/kaleidora/dnsub-scanning-tool, that posed as a DNS/subdomain scanner. The module did more than impersonate a developer utility: it exposed a Windows malware-staging chain that used hidden PowerShell execution, public dead-drop resolution, protected archive delivery, and RAT/infostealer deployment. Pivoting from that module revealed the larger finding: a GitHub-based lure network of 222 confirmed repositories across 190 accounts, built to make malicious or deceptive software projects look active, plausible, and recently maintained."
        https://socket.dev/blog/malicious-go-module-exposes-github-malware-lure-network
        https://www.securityweek.com/network-of-200-github-repositories-used-for-malware-infection/
        https://securityaffairs.com/195101/security/222-github-repositories-linked-to-fake-go-package-malware-operation.html
      • One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement
        "Suspected China- and India-nexus threat actors carried out intrusions into several Pakistani law enforcement organizations between 2024 and 2026. Our analysis of C2 netflow data revealed that suspected China- and India-nexus threat actors operating PlugX, ShadowPad, Cobalt Strike, and Remcos infrastructure have converged on this victim class. All of these threat actors were active against Balochistan Police, the principal police force serving the Pakistani province of the same name, at various points between 2024 and 2026."
        https://www.sentinelone.com/labs/one-target-china-india-espionage-converge-on-pakistani-law-enforcement/
        https://therecord.media/china-india-ran-separate-spy-campaigns-against-same-police-force
        https://thehackernews.com/2026/07/hackers-weaponize-balochistan-police.html
        https://www.securityweek.com/china-india-linked-hackers-both-targeted-same-pakistani-police-force/
      • Operation Phnom Penh: Silver Fox Ghost Distributor Targets Specific Victims With MODBEACON Custom Trojan
        ""Silver Fox / UTG-Q-1000" has long been regarded as a byword for low-sophistication, high-activity cybercriminal operations that distribute counterfeit software via SEO channels. However, behind the scenes lies an organizational structure resembling foreign Malware-as-a-Service (MaaS), composed of multiple distributors. These distributors conduct activities across Asia using counterfeit software installers distributed through SEO campaigns, leveraging variants of Ghost and WinOS (ValleyRat) trojan families. In 2025, we countered one such distributor[1], whose remote-control objective was limited to delivering fraud links in IM group chats, with no involvement in information theft or political motives."
        https://ti.qianxin.com/blog/articles/operation-phnom-penh-silverfox-ghost-distributor-targets-specific-victims-with-modbeacon-en/
        https://thehackernews.com/2026/07/new-modbeacon-rat-uses-grpc-streaming.html
      • How WP-SHELLSTORM Exposed 1.4M WordPress Sites
        "Every so often, a threat actor’s mistake hands over the keys to their entire operation. That’s what happened here: a Python SimpleHTTPServer instance, left open for 22 days, exposed the full toolkit, logs, and target lists of a professional, financially motivated cybercrime group. The SOCRadar Threat Intelligence Team found it. What turned up, now tracked as WP-SHELLSTORM, is a modern webshell access-brokerage operation: over 1.4 million targeted domains, 27 CVEs weaponized, more than 5,700 active webshells, and a second, quieter campaign hitting enterprise Java infrastructure that hasn’t surfaced in other public reporting on this actor."
        https://socradar.io/blog/wp-shellstorm-expose-1-4m-wordpress-sites/
        https://thehackernews.com/2026/07/exposed-hacker-server-reveals-wp.html
      • Attackers Exploit 'Ill Bloom' Vulnerability To Drain Over $5 Million From Cryptocurrency Wallets
        "Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out and take everything it controls. The firm has confirmed one coordinated sweep on May 27 that drained about $3.1 million from 431 wallets, and it told The Hacker News that a further $2.1 million in USDT was stolen from an exposed wallet afterward, pushing confirmed losses past $5 million."
        https://thehackernews.com/2026/07/attackers-exploit-ill-bloom.html
      • No Manners Here: The Ruthless Rise Of The Gentlemen Ransomware
        "The Gentlemen (aka Storm-2697) is a Ransomware-as-a-Service (RaaS) program active since at least July 2025. Public reporting indicates that the operators were likely active months earlier as an affiliate (known as ArmCorp) of Qilin RaaS, which Unit 42 tracks as Spikey Scorpius. Their ransomware variants are written in both C and Go programming languages, enabling the threat actors to spread their encryptors across different operating systems and virtual infrastructure. Figure 1 below illustrates the desktop wallpaper used by the ransomware after deployment."
        https://unit42.paloaltonetworks.com/the-gentlemen-ransomware/
      • Deadlock Ransomware Group
        "DeadLock is a financially motivated ransomware group that emerged in mid-July 2025. The group employs double extortion tactics, demanding ransom payments in cryptocurrencies while threatening to sell stolen data on underground markets. They utilize innovative techniques, such as blockchain smart contracts, to manage their command-and-control infrastructure, enhancing their evasion capabilities."
        https://socradar.io/free-tools/ransomware-intelligence/groups/deadlock
      • Jscrambler Npm Package Publishes Malicious Preinstall Binary
        "On July 11, 2026, version 8.14.0 of jscrambler was published to npm carrying a malicious preinstall hook that drops and executes a platform-specific native binary on Linux, Windows, and macOS. jscrambler is the official CLI client for the Jscrambler Code Integrity API, a commercial JavaScript obfuscation and web-app protection service, with a clean version history dating back to 0.1.0. The compromised release was flagged by StepSecurity's AI Release Analyzer with a suspicion score of 0 (the maximum suspicion rating) on publish."
        https://www.stepsecurity.io/blog/jscrambler-npm-package-publishes-malicious-preinstall-binary
        https://safedep.io/jscrambler-npm-supply-chain-compromise/
        https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html

      Breaches/Hacks/Leaks

      • Police Suspects Dutch Hackers Were Involved In Odido Breach
        "The Dutch National Police (Politie) says it has found "strong indications" that Dutch hackers have been involved in a February breach at the telecommunications provider Odido. "This includes a telephone conversation that was made with Odido customer service shortly before the hack. In this conversation, a Dutch-speaking man posed as Odido's IT employee. The company was then misled through phishing, after which the data theft took place," the police said in a Thursday press release."
        https://www.bleepingcomputer.com/news/security/police-suspects-dutch-hackers-were-involved-in-odido-breach/
        https://therecord.media/dutch-police-suspect-dutch-accomplice-in-odido-cyberattack
      • Fashion Mart Miinto Unzips Breach Details, Warns Shoppers To Watch For Phisherfolk
        "Danish ecommerce company Miinto admitted an intruder has been looking at its order data, according to emails it sent to customers this week. The emails, seen by The Register, do not comment on the scale of the data accessed by the perp or how exactly the breach occurred, although UK-based customers of the Copenhagen-HQ'd biz have received them. “We are writing to let you know about a security incident that may have affected some of the personal data associated with a purchase you made on Miinto,” the email states."
        https://www.theregister.com/security/2026/07/10/miinto-fesses-up-to-breach-says-customers-open-to-phishing/5269891

      General News

      • The Open Source Library Holding Up Your Stack Might Have One Maintainer
        "Every serious software product runs on code that someone else wrote and released for free. A web service leans on a cryptography library, a data pipeline pulls in a parser, and a mobile app ships a handful of small utilities that one person maintains in spare time. All of it carries the same label. A new paper argues that the single label hides differences large enough to change how each piece behaves once it lands in production. Researchers sorted open source software into fourteen sub-genres, each defined by who starts and sustains a project and to what end. Their review screened close to four thousand unique papers drawn from two scholarly indexes. The result is a typology, along with an argument that the kind of project a study samples sets how far its conclusions travel."
        https://www.helpnetsecurity.com/2026/07/10/open-source-software-library-types/
        https://arxiv.org/pdf/2607.01750
      • Most Data Brokers Won’t Tell You What Happened To Your Deletion Request
        "Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and government agencies. California gives residents a way to push back. You can ask a broker to delete your records, or to stop selling and sharing them. A team at UC Irvine decided to find out what happens when someone sends those requests to the whole California registry. The answer gives consumers little comfort. The researchers sent deletion and opt-out requests to every reachable broker on California’s public list in the fall of 2025. That worked out to 322 deletion requests and close to 360 opt-out requests. To keep real people out of the mix, they built two made-up identities, one for each request type, each with a working email address and a plausible California address."
        https://www.helpnetsecurity.com/2026/07/10/trouble-with-data-broker-deletion-requests/
        https://arxiv.org/pdf/2607.04552
      • Evolving Windows Vulnerability Management To Meet The Speed Of AI-Powered Discovery
        "Windows has adapted to emerging threats for decades, all while operating at unparalleled scale. It’s our responsibility to bring clarity, transparency and sustained investment so customers understand what is happening, what Microsoft is doing and how they can reduce their exposure. The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis. The fastest way to reduce customer exposure is to find issues before attackers can use them. Windows is expanding its ability across the platform to find issues earlier, accelerate the engineering work to fix them, strengthen validation and deliver timely, high-quality updates that keep customers protected."
        https://blogs.windows.com/windowsexperience/2026/07/09/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery/
        https://www.theregister.com/security/2026/07/10/microsoft-warns-customers-ai-will-mean-busier-patch-tuesdays/5269618
        https://www.infosecurity-magazine.com/news/microsoft-increase-number-security/
      • Armenian National Extradited To The United States Pleads Guilty To Ransomware Extortion Conspiracy
        "An Armenian national extradited from Ukraine to the United States pleaded guilty yesterday for his role in Ryuk ransomware attacks and an extortion conspiracy targeting companies throughout the United States, including a technology company operating in Oregon. Karen Serobovich Vardanyan, 34, pleaded guilty to conspiracy and computer fraud."
        https://www.justice.gov/usao-or/pr/armenian-national-extradited-united-states-pleads-guilty-ransomware-extortion-conspiracy
        https://www.bleepingcomputer.com/news/security/ryuk-ransomware-member-pleads-guilty-in-the-us-faces-15-years-in-prison/
        https://therecord.media/ryuk-operator-pleads-guilty-alphv-conspirator-sentenced
        https://cyberscoop.com/karen-vardanyan-armenian-ryuk-ransomware-guilty/
        https://securityaffairs.com/195216/uncategorized/ryuk-ransomware-member-pleads-guilty-over-attacks-on-u-s-organizations.html
      • Man Serving Federal Prison Sentence Charged With Theft Of Forfeited Cryptocurrency
        "Rossen G. Iossifov, 53, a Bulgarian national, made an initial appearance in federal court in the Eastern District of Kentucky yesterday on charges of the destruction or removal of property to prevent seizure, aiding and abetting, and conspiracy to commit money laundering. The charges stem from Iossifov’s alleged role in the unauthorized withdrawal and transfer of approximately $290,000 in cryptocurrency that had been seized and forfeited by the United States."
        https://www.justice.gov/opa/pr/man-serving-federal-prison-sentence-charged-theft-forfeited-cryptocurrency
        https://www.bleepingcomputer.com/news/security/money-launderer-accused-of-stealing-seized-crypto-while-in-prison/
      • Lessons From CISA’s Cyber Incident
        "Sharing experiences from incident response activities help other organizations learn from such experiences and enables them to take necessary precautions to prevent similar incidents from happening in their environments. For years, CISA has said this type of information exchange is critical to identifying trends and contributing to broader national awareness. Now, it is our turn. On Friday, May 15, CISA began an internal incident response when an investigative reporter inquired about internal CISA Amazon AWS GovCloud Keys and other information being made available in a public repository. The reporter received this information from a security researcher whose company continuously scans public code repositories."
        https://www.cisa.gov/news-events/news/lessons-cisas-cyber-incident
        https://www.infosecurity-magazine.com/news/cisa-incident-response-exposed-aws/
      • When Cyberattacks Turn Physical: Threats Of Violence In Digital Extortion
        "Cyberattacks have always had real‑world consequences. A ransomware incident can halt production, delay patient care or shut down public services. But until recently, most attacks relied strictly on digital leverage: encrypt data, threaten to leak it and demand payment. Threat intelligence and industry reporting now point to a clear shift toward hybrid attacks that combine cyber intrusion, psychological pressure and real-world intimidation. In practical terms, attackers are no longer satisfied with controlling systems. They are increasingly trying to control outcomes and influence decisions and behavior by introducing fear that extends beyond the network."
        https://blog.barracuda.com/2026/07/09/cyberattacks-physical-threats-ransomware-trend
      • Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018
        "Ransomnews has independently confirmed 9,291 ransomware attacks worldwide between January 2018 and July 2026, tracking incidents only when verified through victim disclosures, regulatory filings, official statements, or credible press reporting. Leak-site listings alone don’t qualify, operators inflate, duplicate, and occasionally fabricate claims. The result is a dataset that’s smaller than what most ransomware statistics cite, and more defensible. “Confirmed ransomware attacks have run at roughly 1,400 to 1,550 per year since 2023, after a visible dip in 2022. The 2020 to 2021 surge, the 2022 trough (which coincided with the Conti shutdown and the Russia-Ukraine war reshuffling the ecosystem), and the post-2023 plateau are all visible in the yearly series. The current year always shows a partial count.” reads the Ransomnews ‘s report."
        https://securityaffairs.com/195117/cyber-crime/ransomware-never-stopped-over-9000-confirmed-attacks-since-2018.html

      อ้างอิง

      Electronic Transactions Development Agency (ETDA) 19eb53a0-3599-46c5-a7a9-0537ec9ea7f8-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ETDA Cyber Threat Intelligence 10 July 2026

      Vulnerabilities

      • Chrome 150 Update Patches 27 Vulnerabilities
        "Google on Wednesday announced a Chrome 150 security update that resolves 27 vulnerabilities, including two critical-severity flaws. The two critical bugs are use-after-free issues in Chrome’s Ozone and Views components. Both were found by Google last month. The Chrome refresh resolves a total of 13 use-after-free defects, including 10 high-severity and one medium-severity weakness."
        https://www.securityweek.com/chrome-150-update-patches-27-vulnerabilities/
      • Microsoft Patches RoguePlanet Defender Zero-Day Vulnerability
        "Microsoft has released a security patch to address a Defender zero-day vulnerability known as "RoguePlanet," disclosed after the June 2026 Patch Tuesday. The flaw (tracked as CVE-2026-50656) was disclosed by a security researcher using the "Nightmare Eclipse" handle as part of an ongoing dispute with Microsoft over the company's bug bounty and vulnerability disclosure practices. They also shared a proof-of-concept exploit in a self-hosted Git repository, claiming that Microsoft had previously removed their repos hosting exploits on GitHub and GitLab."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-rogueplanet-defender-zero-day-vulnerability/
        https://thehackernews.com/2026/07/microsoft-patches-rogueplanet-defender.html
        https://www.darkreading.com/vulnerabilities-threats/microsoft-rogueplanet-zero-day-threat
        https://www.malwarebytes.com/blog/news/2026/07/microsoft-fixes-rogueplanet-zero-day-in-defender
        https://www.securityweek.com/microsoft-patches-defender-rogueplanet-vulnerability/
        https://securityaffairs.com/195016/security/microsoft-fixed-defender-flaw-rogueplanet-cve-2026-50656.html
        https://www.theregister.com/security/2026/07/09/microsoft-closes-book-on-nightmare-eclipses-rogueplanet-zero-day/5269280
        https://www.helpnetsecurity.com/2026/07/09/microsoft-releases-fix-for-rogueplanet-defender-flaw-cve-2026-50656/
      • WolfSSL, GeoVision, VTK Vulnerabilities
        "Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in WolfSSF, fourteen in GeoVision, and one vulnerability in VTK-DICOM. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy."
        https://blog.talosintelligence.com/wolfssl-vulnerabilities/
      • Palo Alto Networks Patches 13 Vulnerabilities
        "Palo Alto Networks on Wednesday published advisories describing more than a dozen vulnerabilities affecting its products. The new advisories cover 13 vulnerabilities specific to Palo Alto Networks products, as well as more than 500 flaws patched recently by Google in Chromium, which the cybersecurity giant uses for its Prisma browser. The most severe of the newly patched vulnerabilities is CVE-2026-0288. Assigned high severity and highest urgency ratings, the CVE covers multiple buffer overflows in the PAN-OS software, which powers Palo Alto’s firewalls."
        https://www.securityweek.com/palo-alto-networks-patches-13-vulnerabilities/

      Malware

      • RedHook Returns With a Dangerous Upgrade
        "RedHook is an Android Remote Access Trojan (RAT) that has re-emerged with significant improvements. While retaining core RAT functionalities, such as screen streaming and keylogging, the latest iterations demonstrate a sophisticated shift toward privilege abuse. This analysis details how RedHook abuses Android’s ADB Wireless Debugging features to autonomously obtain shell-level access (uid 2000). Also, by examining the malware’s persistence stack and its expanded command-and-control capabilities, this report provides technical insights into this evolving mobile threat. RedHook was first documented by Cyble researchers in July 2025."
        https://www.group-ib.com/blog/redhook-android-rat-upgraded/
      • How The Reddit And Discord False Report Scam Steals Accounts
        "A stranger messages you on Reddit. They say someone reported them, and the reporting account looks a lot like yours. Was it you? It wasn’t. That’s not really the point of the message. This version relies entirely on social engineering. There is no malware and no malicious links. It starts with a conversation, but the goal is to trick you into handing over a login or verification code so the scammer can access your Reddit account."
        https://www.malwarebytes.com/blog/threat-intel/2026/07/how-the-reddit-and-discord-false-report-scam-steals-accounts
        https://www.helpnetsecurity.com/2026/07/09/reddit-false-report-scam-direct-message/
      • Fake Installers, Fake Reviews, Fake Services – Real Proxies, Real Victims
        "Residential proxies are one of the hottest topics in cybersecurity today. Turns out, they are often not in residences, and they facilitate a wide range of criminal activity. In the simplest terms, a little piece of software in a TV, digital picture frame, or your phone might enable a company to sell access to your device’s bandwidth to their own customers. Those companies—proxy providers—often have affiliate programs where they pay for installation of the software. Sound familiar? It’s the same model as the advertising networks we often write about. Residential proxies are yet another tangled ecosystem full of buyers and sellers, with players in every shade of grey. This blog tells the story of a bad actor who operates an end-to-end malicious proxy business grounded in a collection of clever lookalike domains."
        https://www.infoblox.com/blog/threat-intelligence/fake-installers-fake-reviews-fake-services-real-proxies-real-victims/
        https://thehackernews.com/2026/07/fake-7-zip-installers-turn-devices-into.html
        https://securityaffairs.com/194990/malware/fake-vpn-and-7-zip-apps-turn-victims-into-residential-proxy-nodes.html
      • Compromised Injective SDK Npm Package Exfiltrates Wallet Keys And Mnemonics
        "Socket detected a malicious @injectivelabs/[email protected] release published to npm with fake telemetry functionality that exfiltrates wallet private keys and mnemonic phrases. The affected package is part of the Injective Labs TypeScript SDK and receives roughly 50,000 weekly downloads, making the incident significant for developers and applications that handle Injective wallet workflows."
        https://socket.dev/blog/compromised-injective-sdk-npm-package
        https://www.ox.security/blog/injectivelabs-npm-package-hijacked-impacting-87-dependent-packages/
        http://www.stepsecurity.io/blog/injective-npm-supply-chain-attack-18-packages-backdoored-to-steal-crypto-wallet-keys
        https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/
      • Helix, a New Name In The Data Extortion Ecosystem?
        "ReliaQuest has identified a data extortion group operating under the name "Helix." However, the playbook it runs and the identity gaps it exploits extend well beyond the group itself. Helix uses vishing to initiate contact—we've even seen the group spoof a target's direct manager by name on caller ID. Device code phishing then sidesteps Conditional Access policies, and automated tools enumerate and mass-download SharePoint libraries before bulk exfiltration triggers an alert. ReliaQuest has confirmed shared infrastructure across attacks on multiple targets, including a phishing domain with target-specific subdomains, suggesting a widespread campaign."
        https://reliaquest.com/blog/threat-spotlight-helix-new-name-in-data-extortion-ecosystem
        https://www.bleepingcomputer.com/news/security/new-helix-vishing-group-emerges-in-sharepoint-data-theft-attacks/
      • Inside Forg365: A Telegram-Distributed Sneaky 2FA-Style PhaaS Targeting Microsoft 365
        "Forg365 is a mature Microsoft 365-focused phishing-as-a-service platform that combines device-auth phishing, AiTM delivery, AntiBot evasion, campaign delivery, session persistence, AI-assisted lure creation, and post-compromise mailbox operations inside a commercial operator ecosystem."
        https://zerobec.com/blog/inside-forg365-telegram-distributed-sneaky2fa-style-phaas
        https://www.bleepingcomputer.com/news/security/new-forg365-phishing-platform-uses-ai-to-target-microsoft-365-accounts/
      • When AI Infrastructure Becomes Part Of The Attack Surface
        "Darktrace investigated a compromised AI gateway connected to Amazon Bedrock services that was later observed communicating with cryptomining infrastructure. The incident highlights how AI gateways are becoming part of the enterprise attack surface and demonstrates the importance of behavioral analysis, cloud visibility, and securing AI infrastructure alongside identities and workloads."
        https://www.darktrace.com/blog/when-ai-infrastructure-becomes-part-of-the-attack-surface
        https://www.darkreading.com/cyber-risk/ai-gateways-keys-kingdom
        https://hackread.com/ai-gateway-amazon-bedrock-hijacked-cryptomining/
      • GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver To Disable Defenses
        "Analysis of a recent GodDamn ransomware attack indicates that this seemingly new ransomware is in fact the latest rebrand of the Beast ransomware, which in itself was a rebrand of the Monster ransomware, which was first seen in 2022. The Symantec Threat Hunter Team tracks the developer behind these ransomware families as Hyadina."
        https://www.security.com/blog-post/goddamn-ransomware-beast-rebrand
        https://thehackernews.com/2026/07/goddamn-ransomware-uses-poisonx-driver.html
        https://www.darkreading.com/cyberattacks-data-breaches/goddamn-ransomware-byovd-smite-companies
        https://securityaffairs.com/195042/malware/goddamn-ransomware-uses-poisonx-to-blind-security-software.html
      • GigaWiper: Anatomy Of a Destructive Backdoor Assembled From Multiple Malware
        "In October 2025, Microsoft Threat Intelligence identified destructive wiping activity and uncovered a sophisticated Go programming language (Golang)-based backdoor we now track as GigaWiper, a versatile implant that combines robust command-and-control (C2) capabilities with multiple destructive payloads, including disk wiping, fake ransomware, and system-level sabotage. GigaWiper is particularly notable for its makeup. It’s not a single, purpose-built tool, but an amalgamation of separate malware families that were folded into GigaWiper as on-demand backdoor commands, giving threat actors the flexibility to choose their mode of destruction:"
        https://www.microsoft.com/en-us/security/blog/2026/07/09/gigawiper-anatomy-of-a-destructive-backdoor-assembled-from-multiple-malware/
        https://thehackernews.com/2026/07/new-gigawiper-windows-backdoor-bundles.html
        https://hackread.com/microsoft-gigawiper-backdoor-destroy-windows-pcs/
      • Analyzing AI-Augmented Network Enumeration
        "We recently came across an incident in early June where a threat actor used a vibe-coded PowerShell script for Active Directory (AD) enumeration. The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success of the enumeration attempt. AI-assisted tradecraft continues to change the threat landscape. Defenders should focus on the fundamental behaviors of the attack lifecycle, because while AI can change the code syntax, it can't easily change the underlying parts of an attack, like enumeration."
        https://www.huntress.com/blog/ai-coded-malware-vibe-coding-active-directory
        https://www.infosecurity-magazine.com/news/vibe-coded-malware-ai-powershell/
      • Coordinated GitHub API Enumeration And Access Token Abuse
        "Datadog Security Research is tracking several overlapping campaigns that systematically enumerate corporate GitHub organizations, repositories, and user accounts through the GitHub API. Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub "ghost" accounts that are often years old, or compromised OAuth tokens and personal access tokens (PATs) from legitimate users. Most requests target public data, making it look like ordinary API traffic. In some cases, the activity escalated past public information enumeration, appearing to successfully clone private repositories."
        https://securitylabs.datadoghq.com/articles/coordinated-github-api-enumeration/
        https://thehackernews.com/2026/07/dormant-github-accounts-help-attackers.html
      • From Invoice To AnyDesk: Uncovering a Phishing Campaign Targeting Russian Aerospace Organizations
        "The Seqrite Threat Research Team identified a targeted spear-phishing campaign disguised as a legitimate business invoice. The phishing email impersonates a legitimate Russian research institute associated with aerospace and aviation systems and is delivered using a spoofed domain designed to mimic the organization. The malicious email contains a password-protected attachment that ultimately deploys additional payloads on the victim’s system. Analysis indicates that the threat actor’s primary objective is to establish persistent remote access by silently configuring AnyDesk for unattended access, exfiltrating AnyDesk configuration data to an attacker-controlled email account and implementing persistence mechanisms to retain long-term control of the compromised host."
        https://www.seqrite.com/blog/from-invoice-to-anydesk-uncovering-a-phishing-campaign-targeting-russian-aerospace-organizations/
      • CrowdStrike Uncovers New Prompt Injection Techniques
        "Prompt injection is among the defining security challenges of the AI era. As organizations move from chatbots to AI agents, adversaries are finding more ways to manipulate the language, context, and data these systems trust. With the rise of powerful AI agents that can crawl webpages, access file stores, and even write shell commands, indirect prompt injection has emerged as a critical threat vector. Adversaries can hide these attacks in the data consumed by these agents and then hijack their capabilities to cause further damage."
        https://www.crowdstrike.com/en-us/blog/crowdstrike-uncovers-new-prompt-injection-techniques/
      • Large-Scale Exploitation Campaign Targeting Website Content Management Systems (CMS)
        "A large-scale exploitation campaign is targeting various vulnerabilities in content management systems (CMS) globally, including in Australia, with many small to medium sized Australian businesses impacted. As part of this campaign, malicious cyber actors are actively scanning websites for opportunities to deploy webshells, leveraging various vulnerabilities affecting CMS software and plugins. These vulnerabilities primarily allow unauthenticated file upload, remote code execution, server side request forgery or deserialisation."
        https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/large-scale-exploitation-campaign-targeting-website-content-management-systems-cms

      Breaches/Hacks/Leaks

      • AssuranceAmerica Data Breach Exposes Records Of 6.9 Million Drivers
        "American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. AssuranceAmerica operates through a network of over 9,500 independent agents and provides auto, renters, and commercial auto insurance coverage across 14 U.S. states. While the company has yet to publish a press release regarding the incident, it revealed in a filing with Maine's Office of the Attorney General that the data breach has exposed the information of 6,998,886 people."
        https://www.bleepingcomputer.com/news/security/assuranceamerica-data-breach-exposes-records-of-69-million-drivers/
        https://www.malwarebytes.com/blog/data-breaches/2026/07/6-9-million-drivers-license-numbers-stolen-from-assuranceamerica
        https://securityaffairs.com/195027/data-breach/assuranceamerica-breach-exposes-7-million-drivers-licenses-after-employee-account-hack.html

      General News

      • Q2 2026 Statistical Report On Malware Targeting Windows Web Servers
        "In the second quarter of 2026, the AhnLab SEcurity intelligence Center (ASEC) compiled an analysis of the current attack status for poorly managed Windows web servers and classified the malware used in these attacks. The targets were Internet Information Services (IIS) web servers and Apache Tomcat web servers running in Windows environments."
        https://asec.ahnlab.com/en/94398/
      • Statistical Report On Malware Targeting Linux SSH Servers In The Second Quarter Of 2026
        "In the second quarter of 2026, the AhnLab SEcurity intelligence Center (ASEC) collected and analyzed attack logs targeting poorly managed Linux SSH servers through honeypots. The scope of the analysis covers attack sources that progressed to executing actual malware installation commands, as well as statistics on the malware used in those attacks."
        https://asec.ahnlab.com/en/94396/
      • Statistical Report On Malware Targeting Windows Database Servers In The Second Quarter Of 2026
        "The AhnLab SEcurity intelligence Center (ASEC) analyzed attack logs from the second quarter of 2026 targeting MS-SQL server and MySQL server installations on Windows. This report summarizes the damage status, attack status, and the classification of the malware and tools used in the attacks."
        https://asec.ahnlab.com/en/94397/
      • Inside The Underground Economy: 5 Dark Web Trends Shaping The 2026 Threat Landscape
        "The dark web is no longer just a hidden marketplace for stolen credentials; it has grown far beyond that point and now affects nearly every phase of the cyberattack lifecycle. Markets that once traded only compromised accounts now also sell ransomware services, initial network access, exploit kits, phishing infrastructure, and even AI-powered attack tools. What used to be a place for selling stolen data has become the operational backbone of modern cybercrime."
        https://cyble.com/blog/dark-web-trends-2026-cyber-threat-landscape/
      • Messaging Fraud Trends Point To Smarter Attacks, Stronger Blocking
        "Fraudsters spent 2025 investing in scale. New routes, new tools, and higher message volumes moved through the SMS, voice, and chat channels that businesses rely on to reach customers. Money follows that activity. The Communications Fraud Control Association puts global telecom fraud losses at around 42 billion dollars for the year, several billion higher than its estimate for the prior year. Blocked volumes rose alongside the threat. Infobip, a communications platform that handles billions of interactions each month, reports that blocked messages grew 77% between 2024 and 2025. This means attackers pushed more traffic, and detection systems caught a wider range of it. Some markets also show better outcomes as detection infrastructure matured, a sign that defenses are catching up in places where they had lagged."
        https://www.helpnetsecurity.com/2026/07/09/infobip-messaging-fraud-trends/
      • A Single Malware File Can Outweigh An Entire AI Dataset
        "Antivirus vendors and security startups keep shipping AI features that promise to read malware the way a seasoned analyst would. The results inside security teams tell a quieter story. A new paper argues that static analysis of software, the job of deciding whether a program is malicious by examining its contents on disk, remains one of the hardest places to make generative AI work. The scale of the problem explains much of the difficulty. Standard datasets in other fields look small next to a single security sample. ImageNet, the benchmark that helped launch deep learning in computer vision, fits in about 17 GB once its images are resized down, and it holds more than a million of them. Routine static analysis means processing single files that outweigh entire datasets from other research areas."
        https://www.helpnetsecurity.com/2026/07/09/research-ai-in-cybersecurity/
        https://arxiv.org/pdf/2606.28929
      • Over 5,800 Arrests, USD 293 Million Intercepted In Global Fraud Bust
        "A global anti-fraud operation involving 97 countries and territories has led to the arrest of 5,811 individuals and the interception of USD 293 million in illicit assets. Operation First Light 2026 (15 Jan 2026 – 30 April 2026), coordinated by INTERPOL, focused on combatting social engineering scams and associated money laundering activities. Social engineering is a broad term that refers to techniques that exploit a person’s trust to obtain money or confidential information. This type of fraud can include business email compromise, sextortion, as well as romance, impersonation or investment scams."
        https://www.interpol.int/News-and-Events/News/2026/Over-5-800-arrests-USD-293-million-intercepted-in-global-fraud-bust
        https://www.bleepingcomputer.com/news/security/police-arrests-5-800-suspects-in-global-anti-fraud-crackdown/
        https://cyberscoop.com/interpol-cybercrime-crackdown-operation-first-light/
        https://www.infosecurity-magazine.com/news/china-interpol-cybercrime-crackdown/
        https://securityaffairs.com/195056/security/interpol-operation-first-light-nets-5811-arrests-and-seizes-293-million.html
        https://www.helpnetsecurity.com/2026/07/09/interpol-fraud-bust-social-engineering-scams/
      • Friendly Fire: Hijacking Defensive Cyber AI Agents For Remote Code Execution
        "We are revealing a proof-of-concept exploit that enables remote code execution in Anthropic’s Claude Code CLI (with Claude Sonnet 4.6 & 5, Opus 4.8) and OpenAI’s Codex CLI (with GPT-5.5) when employed to defensively assess the security of an open-source or third-party library. Our attack only requires an out-of-the-box configuration of Claude Code in “auto-mode” or Codex in “auto-review” and leverages prompt injections disseminated across a library’s source code that target AI-enabled cyber defense without the need for hooks, skills, plugins, MCP servers, or configuration files as an injection vector. As such, we warn against the recent initiatives that mandate the acceleration of AI-enabled defensive tools without consideration of the substantial and unmitigated risks associated with the deployment of defensive AI, especially in the context of safety-critical infrastructure—where AI is most urgently being considered for deployment."
        https://ainowinstitute.org/publications/friendly-fire-exploit-brief
        https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html
      • A New Ransomware Leader Emerges As June 2026 Attack Volumes Climb Worldwide
        "June reversed the brief calm of May. Organizations faced an average of 2,270 weekly cyber attacks, a 10% rise from the previous month and a 17% increase compared with June last year. What makes this month notable is not just the size of the jump but its reach. Rather than one region or sector absorbing the bulk of the growth, the increase showed up almost everywhere at once, suggesting attackers spread their effort wider rather than concentrating it."
        https://blog.checkpoint.com/research/a-new-ransomware-leader-emerges-as-june-2026-attack-volumes-climb-worldwide/
      • AI Agents Are a New Kind Of Identity & Most Organizations Aren't Ready
        "I recently read an opinion piece on TechTarget by Todd Thiemann, a principal analyst at Omdia, on identity security for AI agents. It is one of the clearest things I have read on this topic, but it also made me think about something that I want to dig into further because it's the most important factor in enterprise security right now, and it's not getting the attention it deserves: the development environment. Thiemann makes a point that I have been making for a while now, and it's worth repeating loudly: AI agents are not just another type of non-human identity. They are fundamentally different. If you're still treating them like a service account or an API token, you are already behind."
        https://www.darkreading.com/identity-access-management-security/ai-agents-new-kind-identity-most-organizations-not-ready
      • Iran's Cyber Crosshairs Focus Beyond Critical Infrastructure
        "For many CISOs, the headlines detailing Iranian-linked strikes on water utilities and power grids trigger a dangerous sense of immunity: "I'm not a utility; I'm not a target." There is a comforting, yet flawed, assumption that these operations are merely geopolitical theater confined to the high-stakes arena of critical infrastructure. But in the modern threat landscape, obscurity is not a defense, and "non-critical" status is not a shield. If your organization has a digital heartbeat and an Internet-facing vulnerability, you're already at risk from multiple potential threats, whether you realize it or not."
        https://www.darkreading.com/cyber-risk/iran-cyber-crosshairs-beyond-critical-infrastructure
      • As Global Conflicts Go Digital, Businesses Need Wartime Gameplans
        "Intellect Services could hardly be less interesting. A midsized, family-owned business in Ukraine that sold tax software. Its owners really can't be faulted for not anticipating that they might one day be a huge pawn in a regional cyberwar. To Russian foreign military intelligence, Intellect Services was totally interesting. The company's platform, M.E.Doc, was ubiquitous across Ukrainian businesses. Compromising M.E.Doc they could, in effect, impact most of the country's economy. And like other midsize businesses, the company wasn't likely to have any kind of exceptional cybersecurity defenses getting in Russia's way."
        https://www.darkreading.com/cybersecurity-operations/businesses-wartime-cybersecurity-gameplans
      • 78% Of CISOs Say C-Level Do Not Fully Understand Employee-Driven Cyber Risk
        "More than three quarters of CISOs across Europe say C-level senior decision-makers do not fully understand the cyber risk posed by employees, according to new research, at a time when AI is making human-targeted attacks more sophisticated, scalable, convincing and increasingly frequent. The survey of 200 CISOs across the UK, France, Germany and Sweden, carried out by MetaCompliance, the human cyber risk management company, reveals a growing disconnect between the risks organisations face at the human layer and the level of senior understanding, alignment and support needed to manage them effectively."
        https://www.metacompliance.com/company-news/78-of-cisos-say-c-level-do-not-fully-understand-employee-driven-cyber-risk
        https://www.infosecurity-magazine.com/news/cisos-fear-execs-dont-understand/
      • ENISA’s View On Cybersecurity In The Frontier AI Era
        "This publication provides national competent authorities in Member States and EU policymakers, defenders, and service providers with an initial set of recommendations to support them in their respective roles towards developing the necessary operational capabilities to face machine-speed threats. The recommendations are not an all-inclusive checklist. ENISA aims to further refine and expand these recommendations in close cooperation with Member States and EUIBAs and will align these to upcoming European Commission Action Plan."
        https://www.enisa.europa.eu/publications/enisas-view-on-cybersecurity-in-the-frontier-ai-era
        https://www.enisa.europa.eu/sites/default/files/2026-07/ENISA view on cybersecurity in the frontier AI era_en_0.pdf
      • Florida Ransomware Negotiator Who Extorted And Attacked Multiple U.S. Victims Sentenced To Prison
        "Angelo Martino, 41, of Land O’Lakes, Florida, formerly employed as a ransomware negotiator, was sentenced today to 70 months for his role in conspiring with Blackcat/ALPHV (BlackCat) actors to extort multiple victims, as well as conspiring with other former cybersecurity professionals to attack additional victims in 2023. “Angelo Martino’s victims shared heartbreaking accounts of how their businesses were nearly destroyed, while the people they hired to help them instead betrayed them to ransomware gangs,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division."
        https://www.justice.gov/opa/pr/florida-ransomware-negotiator-who-extorted-and-attacked-multiple-us-victims-sentenced-prison
        https://cyberscoop.com/digitalmint-ransomware-negotiator-angelo-martino-sentenced/
      • June 2026 Dark Web Breach Incident Trend Report
        "The June 2026 Dark Web Breach Incident Trend Report is based on major data breach cases posted on the deep web and dark web forums. Due to the nature of some sources, it was difficult to fully verify the accuracy of certain information, so the report includes content that requires further verification."
        https://asec.ahnlab.com/en/94411/
      • June 2026 Dark Web Issue Trend Report
        "The June 2026 Dark Web Issue Trend Report summarizes major issues that occurred on the deep web and dark web. Due to the nature of the sources, it is sometimes difficult to fully verify the accuracy of certain information, and this is noted accordingly."
        https://asec.ahnlab.com/en/94416/
      • June 2026 Dark Web Threat Actor Trend Report
        "The June 2026 Dark Web Threat Actor Trend Report focuses on trends among threat actors—including hacktivists—operating on the deep web and dark web. It is noted that the accuracy of some information could not be verified."
        https://asec.ahnlab.com/en/94417/

      อ้างอิง

      Electronic Transactions Development Agency (ETDA) 6b3b3c38-8813-4563-9263-cb10c24b1944-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • CISA เพิ่มช่องโหว่ iCagenda และ Balbooa Forms ที่ถูกใช้โจมตีจริงเข้า KEV

      CISA เพิ่มช่องโหว่ iCagenda และ Balbooa Forms ที่ถูกใช้โจมต.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 0394270a-b472-49ea-ab9e-ea4ddee1645a-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Zimbra เตือนช่องโหว่ XSS ใน Classic Web Client เสี่ยงรันโค้ดอันตรายผ่าน Email

      Zimbra เตือนช่องโหว่ XSS ใน Classic Web Client เสี่ยงรันโค้ดอ.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 15893241-5ec4-4f3a-ae67-cc0638f00ac1-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ตรวจพบ GigaWiper แบ็กดอร์สายพันธุ์ใหม่บน Windows ผสานความสามารถโจมตีลบข้อมูลและเรียกค่าไถ่

      ตรวจพบ GigaWiper แบ็กดอร์สายพันธุ์ใหม่บน Windows ผสาน.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 2fe6aa38-09dd-4cf0-bdc6-282f0b654e3e-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Google ออกอัปเดต Chrome 150 แก้ช่องโหว่ 27 รายการ รวมถึงช่องโหว่ระดับ Critical

      Google ออกอัปเดต Chrome 150 แก้ช่องโหว่ 27 รายการ รวมถึ.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand f2b7cbdc-a71f-4e2c-8ceb-89e1b849203c-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Mount Royal University ยืนยันเหตุข้อมูลรั่วไหล หลังแฮกเกอร์อ้างโจมตีและเรียกค่าไถ่

      Mount Royal University ยืนยันเหตุข้อมูลรั่วไหล หลังแฮกเ.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 897726ea-ecee-4c3c-a814-7a9b2ecdb19a-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • แฮกเกอร์เพียงตัวคนเดียว สามารถใช้ AI เจาะระบบคลาวด์ AWS สำเร็จได้ภายใน 72 ชั่วโมง

      แฮกเกอร์เพียงตัวคนเดียว สามารถใช้ AI เจาะระ.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 2cb3968b-ceec-4a54-84e1-f3b8c01ca5cf-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • CISA เพิ่ม 4 ช่องโหว่ที่ถูกใช้โจมตีจริงใน Adobe ColdFusion, Joomla และ Langflow เข้า KEV

      CISA เพิ่ม 4 ช่องโหว่ที่ถูกใช้โจมตีจริงใน Adobe ColdF.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 4a343551-82a6-4e37-adc1-5c89cd43d9c5-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • KDDI เผยเหตุข้อมูลรั่วไหล กระทบประชาชนกว่า 12 ล้านราย หลังแพลตฟอร์มอีเมลของ ISP ถูกโจมตี

      KDDI เผยเหตุข้อมูลรั่วไหล กระทบประชาชนกว่า 12 .png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand a4713865-2f2c-43e6-a792-919852612002-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT