ThaiCERT

440/68 Monday, November 3, 2025 Researchers from Sophos have reported that the China-linked cyber-espionage group Bronze Butler (also known as Tick) exploited a zero-day vulnerability in Motex Lanscope Endpoint Manager to distribute a new version of the Gokcpdoor malware designed to steal sensitive corporate information. The flaw, tracked as CVE-2025-61932, is a Request Origin Verification […]

439/68 Monday, November 3, 2025 A report from Check Point Research has revealed the emergence of a Kurdish hacktivist group known as “Hezi Rash”, which has been active since 2023 and is responsible for more than 350 cyberattacks over a two-month period. The group primarily conducts Distributed Denial-of-Service (DDoS) attacks targeting countries and websites it […]

438/68 Monday, November 3, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially confirmed that a high-severity vulnerability in the Linux kernel (tracked as CVE-2024-1086) is now being actively exploited by ransomware groups. Although the flaw was disclosed and patched in January 2024, investigations have revealed that it stems from a long-standing “use-after-free” […]

437/68 Friday, October 31, 2025 Security researchers have discovered a vulnerability in the popular WordPress plugin Anti-Malware Security and Brute-Force Firewall, which is installed on more than 100,000 websites worldwide. The flaw, tracked as CVE-2025-11705, stems from a missing capability check in the function GOTMLS_ajax_scan(), allowing users with subscriber-level access to invoke the function and […]

436/68 Friday, October 31, 2025 MITRE has announced the release of ATT&CK Framework Version 18, the globally recognized database of adversarial tactics and techniques. The latest update introduces several major enhancements—most notably in the area of Detections, with the addition of two new object types: Detection Strategies, which define high-level approaches to threat detection, and […]

435/68 Friday, October 31, 2025 Mobile security firm Zimperium has uncovered a fast-spreading cyber threat targeting Android users who use the Tap-to-Pay payment feature. Since April 2024, the company’s researchers have been tracking more than 760 malicious apps designed to exploit Near Field Communication (NFC) and Host Card Emulation (HCE) capabilities built into Android devices. […]

434/68 Thursday, October 30, 2025 Researchers at ThreatFabric have revealed details of an Android banking trojan named Herodotus, used in campaigns targeting users in Italy and Brazil. The malware was marketed on underground forums from September 7, 2025, under a Malware-as-a-Service (MaaS) model and supports Android versions 9–16. Its developers borrowed techniques from earlier trojans […]

433/68 Thursday, October 30, 2025 Researchers at Trellix revealed that the SideWinder threat group developed a new infection technique that uses PDF files and a ClickOnce-based infection chain instead of the group’s prior Word-document methods. The campaign, active between March and September 2025, targeted European embassies in India as well as organizations in Sri Lanka, […]

432/68 Thursday, October 30, 2025 A new report from cybersecurity company Netscout has revealed the discovery of “Aisuru”, a next-generation botnet evolved from the Mirai malware family. Aisuru was behind several massive Distributed Denial of Service (DDoS) attacks in October 2025, reaching an unprecedented 20 terabits per second (Tbps) and more than 4 trillion packets […]

431/68 Wednesday, October 29, 2025 Palo Alto Networks has issued a warning about a large-scale SMS phishing (smishing) campaign linked to Chinese-speaking threat actors. The operation, which began in April 2024 and continues to this day, has leveraged more than 194,000 fraudulent domains impersonating various organizations and services. These include toll payment systems, parcel delivery […]