ThaiCERT

549/68 Friday, December 26, 2025 A cyberattack campaign has been detected using typosquatting, in which attackers deliberately register look-alike domains with misspellings to deceive users of Microsoft Activation Scripts (MAS)—an open-source PowerShell script commonly used to activate Windows and Office. In this campaign, attackers registered the domain get.activate[.]win (missing the letter “d”) to impersonate the […]

548/68 Thursday, December 25, 2025 A new macOS malware strain known as MacSync Stealer has been discovered masquerading as the installer for a chat application called zk-call, designed to appear legitimate. The installer is digitally code-signed and notarized by Apple, using a fraudulent Developer Team ID, allowing the operating system to treat it as trusted […]

547/68 Thursday, December 25, 2025 Cybersecurity researchers have disclosed a critical vulnerability in the n8n workflow automation platform, tracked as CVE-2025-68613, with a CVSS score of 9.9 (Critical). Under certain conditions, this vulnerability could allow an attacker to execute arbitrary code on affected systems. n8n is a widely used workflow automation platform, with approximately 57,000 […]

546/68 Thursday, December 25, 2025 Recent reports have uncovered a new wave of WebRAT malware that has shifted its targets from gamers-previously infected via cheats for games such as Roblox or Counter-Strike-to software developers and security administrators. Attackers have created fake GitHub repositories claiming to host proof-of-concept (PoC) exploit code for newly disclosed vulnerabilities, such […]

545/68 Tuesday, December 24, 2025 A new strain of Android malware known as “Wonderland” (also referred to as WretchedCat) has been observed spreading in Uzbekistan. The TrickyWonders group has shifted its tactics from directly tricking victims into installing malware to using dropper applications disguised as legitimate apps, such as fake Google Play apps or file […]

544/68 Tuesday, December 24, 2025 The International Criminal Police Organization (Interpol) has announced the successful outcome of a large-scale international operation known as Operation Sentinel, conducted between 27 October and 27 November in cooperation with law enforcement agencies from 19 countries. The operation resulted in the arrest of 574 suspects, the seizure and freezing of […]

543/68 Wednesday, December 24, 2025 Cybersecurity researchers have disclosed a new supply chain attack targeting software developers, involving malicious packages distributed through popular package repositories. One of the threats identified is a package named “lotusbail” on the npm repository, which has been downloaded more than 56,000 times since May 2025. While the package functions as […]

542/68 Tuesday, December 23, 2025 Cybersecurity researchers have observed renewed activity from a sophisticated advanced persistent threat (APT) group known as Infy, also referred to as “Prince of Persia.” The group has a long history of cyber-espionage operations, and its latest resurgence shows an expansion of targets across multiple regions worldwide. In this campaign, the […]

541/68 Tuesday, December 23, 2025 Waymo, Alphabet’s autonomous driving technology company, has announced a temporary suspension of its robotaxi service in San Francisco following a widespread power outage that left multiple self-driving vehicles stranded on city streets. A Waymo spokesperson said the company decided to halt operations as a safety precaution and is working closely […]

540/68 Tuesday, December 23, 2025 The UK government has acknowledged a data breach resulting from a cyberattack. Chris Bryant, Minister of State at the Department for Business, stated that officials moved quickly to close the security vulnerability as soon as it was detected and that an urgent investigation is underway. The compromised data is related […]