ThaiCERT

377/68 Wednesday, October 1, 2025 Researchers from the eSentire Threat Response Unit (TRU) have reported the resurgence of the DarkCloud Infostealer with version 4.2, discovered in phishing attack attempts targeting the manufacturing sector in September 2025. The malware has been completely rewritten in VB6, after previously being sold on the cybercrime forum XSS.is (shut down […]

376/68 Wednesday, October 1, 2025 A research team from Koi Security has disclosed the first-ever discovery of a Malicious Model Context Protocol (MCP) Server being used in the wild, posing a significant risk of a software supply chain attack. The malicious npm package, named “postmark-mcp”, was uploaded on September 15, 2025, by a developer identified […]

375/68 Wednesday, October 1, 2025 Interpol announced on Friday that Operation Contender 3.0, a two-week international operation conducted across 14 African countries, resulted in the arrest of 260 cybercrime suspects. The dismantled networks were involved in romance scams and sextortion schemes, extorting money through intimate images. The total estimated damage was around USD 2.8 million, […]

374/68 Tuesday, September 30, 2025 The Medusa ransomware group has claimed responsibility for an attack on the systems of Comcast Corporation, a major U.S. media and technology company with core businesses in broadband, television, and film. The group alleges it has stolen more than 834.4 gigabytes of data and is demanding a ransom of $1.2 […]

373/68 Tuesday, September 30, 2025 The cyberattack against Co-op in April had widespread consequences, leaving store shelves empty, exposing customer data, and causing the company to suffer over $275 million (approx. £206 million) in lost revenue. The food division was hit the hardest, with prolonged product shortages lasting several weeks. While Co-op was able to […]

372/68 Tuesday, September 30, 2025 The ongoing cyberattacks by the Akira ransomware group, targeting SonicWall SSL VPN appliances, have become increasingly concerning due to their sophistication. Researchers recently discovered that attackers could successfully log into accounts even when Multi-Factor Authentication (MFA) with OTP codes was enabled. Initially, the attacks were suspected to involve a zero-day […]

371/68 Monday, September 29, 2025 Researchers from Noma Labs have disclosed a critical vulnerability in Salesforce Agentforce, dubbed “ForcedLeak” (CVSS 9.4), which could be exploited through indirect prompt injection attacks to gain access to sensitive CRM data. The flaw affects organizations that have enabled the Web-to-Lead feature, stemming from insufficient AI context validation, over-compliance with […]

370/68 Monday, September 29, 2025 Researchers from Forcepoint X-Labs have issued a warning about a new email campaign that uses fake invoices as lures to distribute the XWorm RAT (Remote Access Trojan). This malware allows attackers to remotely control infected machines and steal sensitive user data. The phishing emails are sent with the subject line […]

369/68 Monday, September 29, 2025 Cybersecurity experts have discovered an attack in which hackers used SEO poisoning and search engine ads to promote fraudulent websites offering downloads of Microsoft Teams. Once installed, the victim’s computer becomes infected with the Oyster malware, providing attackers with an initial foothold into the organization’s network. The Oyster malware-also known […]

368/68 Friday, September 26, 2025 KNP Logistics Group (formerly Knights of Old), a historic UK transport company with a legacy of over 158 years, was forced to shut down in June 2025 after falling victim to the Akira ransomware gang. The attackers gained access to the company’s systems through a single weak employee password, without […]