ThaiCERT

509/68 Thursday, December 4, 2025 The GlassWorm supply-chain attack campaign has resurfaced, leveraging the Microsoft Visual Studio Marketplace and the Open VSX platform to distribute more than 24 malicious extensions. These extensions impersonate popular developer tools, including Flutter, React, Tailwind, and Vue, in an attempt to trick developers into installing them. GlassWorm was first uncovered […]

508/68 Thursday, December 4, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, a list of security flaws that have been confirmed as actively exploited in the wild and are subject to mandatory remediation timelines for government agencies. The newly added vulnerabilities […]

507/68 Thursday, December 4, 2025 South Korean police have arrested four individuals accused of hacking more than 120,000 internet-connected IP cameras across the country, including cameras installed in private residences and commercial buildings. The group allegedly stole live footage and recorded videos of victims’ private activities and sold the content to pornographic websites hosted abroad […]

506/68 Wednesday, December 3, 2025 Coupang, South Korea’s largest e-commerce company, has disclosed a major data breach affecting more than 33.7 million user accounts. The leaked data includes customer names, phone numbers, email addresses, physical addresses, and purchase histories. The company detected suspicious activity on November 18, and further investigation revealed that the intrusion may […]

505/68 Wednesday, December 3, 2025 Europol has announced the seizure of approximately $29 million worth of Bitcoin following the shutdown of “Cryptomixer,” a crypto-mixing service widely used to launder money and obscure financial trails linked to cybercrime. Since its launch in 2016, the platform is estimated to have mixed over €1.3 billion worth of Bitcoin. […]

504/68 Wednesday, December 3, 2025 A recent report from Koi Security has revealed a long-running cyber operation spanning over seven years, in which a threat group known as ShadyPanda turned popular and legitimate-looking browser extensions into spyware tools, with a combined total of over 4.3 million installations. High-profile examples include the well-known extension Clean Master, […]

503/68 Tuesday, December 2, 2025 Cybersecurity firm CloudSEK has uncovered a network of over 2,000 fake shopping websites impersonating major brands such as Amazon, Apple, Samsung, Dell, Ray-Ban, and Xiaomi, with the goal of defrauding consumers during Black Friday and Cyber Monday sales. The campaign appears to be a large-scale, coordinated operation, with multiple fraudulent […]

502/68 Tuesday, December 2, 2025 Cybersecurity firm Cleafy has reported the discovery of a new Android malware called Albiriox, developed by a Russian-speaking cybercriminal group and advertised on underground forums as a Malware-as-a-Service (MaaS) for $720 per month. The malware is classified as a banking trojan designed specifically for on-device fraud (ODF), enabling attackers to […]

501/68 Tuesday, December 2, 2025 Security researchers at Socket have issued a warning after uncovering a major expansion of the “Contagious Interview” campaign, which is linked to a North Korean state-backed threat group. The attackers have uploaded over 197 malicious npm packages into the developer ecosystem, using them to distribute a new malware family dubbed […]

500/68 Monday, December 1, 2025 Microsoft is warning users about a Windows 11 bug that began appearing after updates released in August 2025 (including KB5064081). The issue affects Windows 11 versions 24H2 and 25H2 on devices that have multiple sign-in options enabled, causing the password sign-in icon to disappear from the Lock Screen. Microsoft clarified […]