ThaiCERT

392/68 Wednesday, October 8, 2025 Cybersecurity researchers have uncovered the activities of a cybercriminal group known as UAT-8099, which targets Microsoft Internet Information Services (IIS) servers to conduct SEO fraud and steal sensitive data such as passwords, configuration files, and digital certificates. Infections have been observed across multiple countries, including India, Thailand, Vietnam, Canada, and […]

391/68 Wednesday, October 8, 2025 Researchers from ESET have issued a warning to Android smartphone users in the United Arab Emirates (UAE) after discovering a spyware campaign disguised as the popular messaging apps Signal and ToTok. The spyware is distributed as APK files that victims are tricked into installing manually from fake websites and third-party […]

390/68 Wednesday, October 8, 2025 Microsoft has disclosed that a cybercriminal group tracked as Storm-1175 has been exploiting a critical vulnerability (CVSS 10.0) in Fortra’s GoAnywhere MFT (Managed File Transfer) software to conduct Medusa ransomware attacks for nearly a month. The flaw, tracked as CVE-2025-10035, stems from the deserialization of untrusted data within the software’s […]

389/68 Tuesday, October 7, 2025 Oracle has confirmed that the Cl0p ransomware group was behind attacks and data theft targeting Oracle E-Business Suite (EBS) customers, exploiting a Zero-Day vulnerability tracked as CVE-2025-61882. This critical flaw, rated CVSS 9.8, allows unauthenticated remote code execution and affects Oracle EBS versions 12.2.3 through 12.2.14, specifically within the BI […]

388/68 Tuesday, October 7, 2025 Cybersecurity researchers from StrikeReady Labs have uncovered an in-the-wild attack exploiting a Zero-Day vulnerability in Zimbra Collaboration, tracked as CVE-2025-27915 (CVSS 5.4), targeting the Brazilian military through malicious ICS calendar files. Attackers impersonated the Office of Protocol of the Libyan Navy and sent emails with weaponized ICS attachments. When opened, […]

387/68 Tuesday, October 7, 2025 Cybersecurity company GreyNoise has reported an unusual 500% spike in scanning activity targeting Palo Alto Networks login portals on October 3, 2025-the highest level seen in the past three months. The company detected scanning attempts from 1,285 unique IP addresses, up from a normal daily average of about 200. Of […]

386/68 Monday, October 6, 2025 Cybersecurity researchers have disclosed a new attack technique called CometJacking, targeting Perplexity’s Comet AI browser. The attack leverages prompt injection by embedding malicious instructions inside seemingly safe links. Once a victim clicks the link, the AI within the browser executes commands to retrieve data from connected services-such as Gmail or […]

385/68 Monday, October 6, 2025 Discord, the popular communication platform, revealed a data breach on September 20, 2025, after hackers gained access to the systems of an external customer support provider working with Discord and stole some users’ personal information. The stolen data included names, usernames, emails, contact details, IP addresses, messages and attachments sent […]

384/68 Monday, October 6, 2025 A new study by Zimperium zLabs revealed alarming findings for millions of users who rely on free Virtual Private Network (VPN) apps on iOS and Android to protect their online privacy. The analysis of nearly 800 free apps found that many not only fail to safeguard users but also expose […]

383/68 Friday, October 3, 2025 Apple has released updates for iOS and macOS to fix CVE-2025-43400, a vulnerability in the FontParser system that could cause an out-of-bounds write in memory. This flaw may lead to sudden application crashes, abnormal system behavior, or potentially allow attackers to execute arbitrary malicious code. An attacker could craft a […]