ThaiCERT

237/68 Tuesday, July 1, 2025 Cybersecurity researchers have disclosed critical vulnerabilities in Airoha Bluetooth chipsets used in over 29 popular audio devices from 10 leading manufacturers, including Beyerdynamic, Bose, Sony, Marshall, Jabra, and JBL. These vulnerabilities could allow attackers to eavesdrop on conversations or even steal sensitive user data. The affected devices include wireless speakers, […]

236/68 Monday, June 30, 2025 Researchers from the STRIKE team at SecurityScorecard have uncovered a cyber-espionage campaign known as “LapDogs,” which is linked to China-nexus threat actors. The operation involves the compromise of over 1,000 SOHO (Small Office/Home Office) devices, creating a covert network called the Operational Relay Box (ORB). This network is used to […]

235/68 Monday, June 30, 2025 France’s cybercrime unit, the Brigade de Lutte contre la Cybercriminalité (BL2C), has arrested five individuals believed to be senior members of BreachForums—a notorious dark web marketplace known for trafficking in leaked data, hacking tools, and breached databases. Among the four most recently arrested suspects are individuals known by the aliases […]

234/68 Friday, June 27, 2025 Citrix has released a security update addressing a critical vulnerability (CVE-2025-6543) in its NetScaler ADC product, which carries a CVSS severity score of 9.2. The flaw is categorized as a memory overflow, which may lead to unintended code execution and potentially enable Denial-of-Service (DoS) attacks. The vulnerability affects systems configured […]

233/68 Friday, June 27, 2025 Researchers from Rapid7 have discovered eight security vulnerabilities affecting up to 748 models of printers, scanners, and label printers from five major manufacturers. Among these, 689 models are from Japanese manufacturer Brother, with 695 models affected by a critical vulnerability tracked as CVE-2024-51978, which cannot be patched via firmware. This […]

232/68 Thursday, June 26, 2025 On June 13, 2025, the U.S. Department of Homeland Security (DHS) issued a cybersecurity warning, citing an increased risk of domestic cyber threats in the wake of U.S. airstrikes targeting Iranian nuclear infrastructure. The warning comes amid escalating tensions between Iran and Israel. DHS stated that pro-Iranian hacktivist groups and […]

231/68 Thursday, June 26, 2025 Cybersecurity firm Kaspersky has identified a new strain of spyware called SparkKitty, discovered hiding in applications on both the Apple App Store and Google Play Store. The spyware’s primary objective is to steal all images from a victim’s phone—specifically looking for pictures containing cryptocurrency-related information, such as wallet recovery phrases, […]

230/68 Wednesday, June 25, 2025 Nucor Corporation, the largest steel producer in the United States and a leading recycler of scrap metal in North America, confirmed on Friday that a portion of its data was stolen during a cyberattack that occurred in May 2025. The company had previously disclosed the incident in a filing with […]

229/68 Wednesday, June 25, 2025 Citrix has released critical security patches for vulnerabilities affecting its NetScaler ADC and NetScaler Gateway products, addressing serious flaws including CVE-2025-5777, which carries a CVSS score of 9.3. This vulnerability is classified as an out-of-bounds read, resulting from insufficient input validation. It allows attackers to craft specially designed requests to […]

228/68 Tuesday, June 24, 2025 On June 20, 2025, cryptocurrency price tracking platform CoinMarketCap experienced a supply chain attack that led to the injection of a malicious wallet drainer script into its homepage. During the incident, users who visited the site encountered a fake Web3 popup that mimicked a “Connect Wallet” prompt. Upon connecting, the […]