ThaiCERT

22/69 Wednesday, January 14, 2026 Over the past six months, cybersecurity experts at Trellix have observed a significant increase in attacks targeting Facebook users using a technique known as Browser-in-the-Browser (BitB). This technique was originally introduced by security researcher mr.d0x in 2022. Attackers create fake login pop-up windows that closely mimic the real Facebook login […]

21/69 Tuesday, January 13, 2026 Spanish authorities, in cooperation with the Bavarian State Police and Europol, have dismantled a major cybercrime network, arresting 34 suspects linked to the notorious Black Axe criminal organization. Raids were carried out in key locations including Seville, Madrid, and Barcelona, where law enforcement seized cash, electronic devices, vehicles, and froze […]

20/69 Tuesday, January 13, 2026 Cryptocurrency transactions linked to illicit activity reached an all-time high in 2025, according to blockchain analytics data. Crypto addresses associated with criminal activity received at least USD 154 billion, representing a 162% increase year over year. This surge highlights a clear shift in cybercrime from purely financial motives toward broader […]

19/69 Tuesday, January 13, 2026 The FBI has issued a warning about a new tactic used by the hacker group Kimsuky (also known as APT43), which is actively targeting government agencies and educational institutions. The group is using a technique known as Quishing-phishing via QR codes. In these attacks, hackers send spear-phishing emails containing QR […]

18/69 Monday, January 12, 2026 The threat group MuddyWater has launched attacks against diplomatic, financial, telecommunications, and maritime transportation organizations in the Middle East using the RustyWater malware. The campaign relies on spear-phishing emails disguised as cybersecurity safety guidance, with a malicious Microsoft Word document attached. When victims open the document and click “Enable Content,” […]

17/69 Monday, January 12, 2026 The well-known hacking forum BreachForums, a platform used for buying, selling, and sharing stolen data—as well as trading access to corporate networks and other cybercrime services-has suffered a data breach, with its user database table leaked online. The incident affects the latest incarnation of BreachForums, which has been repeatedly taken […]

16/69 Monday, January 12, 2026 Security researchers have observed renewed activity from the threat group APT28 (also known as BlueDelta), In this campaign, the group has focused on stealing high-value credentials, primarily targeting personnel in energy and nuclear research organizations in Turkey, as well as officials in European institutions and agencies in North Macedonia and […]

15/69 Friday, January 9, 2026 Cisco has released a security update to address CVE-2026-20029 affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), which are used for network access control and identity management. The vulnerability is caused by improper handling of XML input processing in the Web Management Interface, allowing an attacker […]

14/69 Friday, January 9, 2026 Veeam has released security updates to address multiple vulnerabilities in Veeam Backup & Replication, including a critical issue tracked as CVE-2025-59470 with a CVSS score of 9.0. This vulnerability could allow remote code execution (RCE), enabling users assigned the Backup or Tape Operator roles to execute arbitrary code as the […]

13/69 Friday, January 9, 2026 A critical security vulnerability, tracked as CVE-2025-68428, has been discovered in jsPDF, a popular JavaScript library with more than 3.5 million downloads per week. The vulnerability carries a CVSS score of 9.2 and stems from Local File Inclusion (LFI) and Path Traversal flaws in the file-loading mechanism when jsPDF is […]