ThaiCERT

386/68 Monday, October 6, 2025 Cybersecurity researchers have disclosed a new attack technique called CometJacking, targeting Perplexity’s Comet AI browser. The attack leverages prompt injection by embedding malicious instructions inside seemingly safe links. Once a victim clicks the link, the AI within the browser executes commands to retrieve data from connected services-such as Gmail or […]

385/68 Monday, October 6, 2025 Discord, the popular communication platform, revealed a data breach on September 20, 2025, after hackers gained access to the systems of an external customer support provider working with Discord and stole some users’ personal information. The stolen data included names, usernames, emails, contact details, IP addresses, messages and attachments sent […]

384/68 Monday, October 6, 2025 A new study by Zimperium zLabs revealed alarming findings for millions of users who rely on free Virtual Private Network (VPN) apps on iOS and Android to protect their online privacy. The analysis of nearly 800 free apps found that many not only fail to safeguard users but also expose […]

383/68 Friday, October 3, 2025 Apple has released updates for iOS and macOS to fix CVE-2025-43400, a vulnerability in the FontParser system that could cause an out-of-bounds write in memory. This flaw may lead to sudden application crashes, abnormal system behavior, or potentially allow attackers to execute arbitrary malicious code. An attacker could craft a […]

382/68 Friday, October 3, 2025 Canadian airline WestJet has disclosed that a cyberattack in June led to the theft of personal data belonging to over 1.2 million customers, including travel documents such as passports and government-issued IDs. The company confirmed the findings of its investigation and reported the incident to relevant authorities on September 15, […]

381/68 Friday, October 3, 2025 Cybersecurity researchers from Cleafy have uncovered a new Android malware named “Klopatra”, which disguises itself as IPTV and VPN apps to infect over 3,000 devices in Europe. Classified as both a Banking Trojan and Remote Access Trojan (RAT), Klopatra comes with advanced capabilities such as real-time screen monitoring, keylogging, clipboard […]

380/68 Thursday, October 2, 2025 Researchers from NCC Group have unveiled a new framework that leverages AI to clone a person’s voice in real time using only a few minutes of original audio samples. This advancement significantly boosts the credibility and realism of Vishing (voice phishing) attacks, putting organizations, employees, and individuals at higher risk […]

379/68 Thursday, October 2, 2025 Asahi Group Holdings, Ltd., Japan’s leading beer producer and owner of the iconic Asahi Super Dry brand, has announced a temporary suspension of operations in Japan after its systems were hit by a cyberattack. The incident has disrupted order processing, product deliveries, and customer services provided through call centers and […]

378/68 Thursday, October 2, 2025 Cybersecurity researchers have issued a warning about a new Android banking Trojan called “Datzbro”, which is being used in a scam campaign targeting elderly victims. The campaign lures seniors through Facebook groups and ads promoting travel activities or social gatherings. According to ThreatFabric, the campaign was first observed in August […]

377/68 Wednesday, October 1, 2025 Researchers from the eSentire Threat Response Unit (TRU) have reported the resurgence of the DarkCloud Infostealer with version 4.2, discovered in phishing attack attempts targeting the manufacturing sector in September 2025. The malware has been completely rewritten in VB6, after previously being sold on the cybercrime forum XSS.is (shut down […]