ThaiCERT

466/68 Friday, November 14, 2025 Google and Mozilla have released their latest security updates for the Chrome and Firefox browsers, addressing several high-severity vulnerabilities. In the Chrome 142 update, Google patched CVE-2025-13042, an inappropriate implementation issue in the V8 JavaScript engine. Although specific technical details have not yet been disclosed, the flaw could potentially lead […]

465/68 Friday, November 14, 2025 Security researchers at the Genians Security Center (GSC) have uncovered highly concerning findings, revealing that the KONNI hacking group – believed to be supported by North Korea and linked to Kimsuky (APT37) – has developed sophisticated attack techniques to spy on and wipe data from victims’ Android devices. The campaign […]

464/68 Thursday, November 13, 2025 Microsoft has issued its monthly Patch Tuesday security update, addressing more than 60 vulnerabilities across the company’s products – including a Zero-Day vulnerability actively exploited in the wild on Windows systems. The Zero-Day, CVE-2025-62215, is a Privilege Escalation flaw rated Important, allowing attackers to elevate their privileges to the highest […]

463/68 Thursday, November 13, 2025 SAP has released its November 2025 security updates, addressing a total of 19 vulnerabilities — including one Critical flaw (CVSS 10.0), tracked as CVE-2025-42890, affecting SQL Anywhere Monitor (Non-GUI). The vulnerability stems from insecure key and secret management due to hardcoded credentials embedded directly in the code. This flaw allows […]

462/68 Thursday, November 13, 2025 Cybersecurity researchers from Zimperium have uncovered a new Android malware called Fantasy Hub, a Remote Access Trojan (RAT) currently being sold openly on Russian-language Telegram channels under a Malware-as-a-Service (MaaS) model. The malware is designed for data theft and full device control, capable of collecting sensitive information such as SMS […]

461/68 Wednesday, November 12, 2025 Security researchers have discovered an advanced threat actor (APT) abusing the Google Find Hub (Android’s Find My Device) service to locate victims via GPS and remotely trigger factory resets to erase devices, thereby covering their tracks. After wiping devices, attackers sever victims’ accounts from services-especially messaging apps-and then use the […]

460/68 Wednesday, November 12, 2025 Cybersecurity firm Mandiant (Google) has identified active exploitation of an n-day vulnerability in Gladinet Triofox, a secure enterprise file-sharing and remote access platform, shortly after a patch was released. The critical flaw, tracked as CVE-2025-12480 with a CVSS score of 9.1, allows attackers to bypass authentication and gain access to […]

459/68 Wednesday, November 12, 2025 OWASP (Open Web Application Security Project) has announced the 2025 edition of the Top 10 Web Application Security Risks, marking a significant update since the 2021 release. The changes reflect a major shift in the threat landscape: the new list emphasizes risks arising from software supply chains and system design/configuration […]

458/68 Tuesday, November 11, 2025 The National Cyber Security Centre of Switzerland (NCSC) has issued a warning to iPhone users about a new phishing scam that pretends to notify victims that their lost device has been found. Attackers send SMS or iMessage texts using contact information that the owner previously entered into the Find My […]

457/68 Tuesday, November 11, 2025 Cybersecurity firm watchTowr has disclosed a critical vulnerability in Monsta FTP, a widely used web-based file management application commonly deployed by organizations and web administrators. The vulnerability, tracked as CVE-2025-34299, is rated Critical and allows attackers to gain access to the system without authentication (pre-auth) and perform remote code execution […]