Kimsuky Exploits BlueKeep Vulnerability to Target Systems in South Korea and Japan, Focusing on Software, Energy, and Financial Industries

150/68 Wednesday, April 23, 2025 Cybersecurity researchers from AhnLab Security Intelligence Center (ASEC) in South Korea have detected a new cyberattack campaign linked to Kimsuky, a North Korean threat actor. The group is exploiting the BlueKeep vulnerability (CVE-2019-0708) in Microsoft Remote Desktop Services (RDP) to breach systems in South Korea and Japan. This campaign, dubbed […]

ThaiCERT

April 23, 2025

Scallywag Network Exploits WordPress Plugins to Generate 1.4 Million Fake Ad Requests Daily

149/68 Wednesday, April 23, 2025 Cybersecurity firm HUMAN, a leader in bot detection and ad fraud prevention, has uncovered “Scallywag,” a large-scale ad fraud operation embedded within WordPress plugins. The scheme leverages piracy websites and URL shortening services to generate fraudulent traffic. The group utilized four WordPress plugins—Soralink, Yu Idea, WPSafeLink, and Droplink—developed between 2016 […]

ThaiCERT

April 23, 2025

Hackers Target SonicWall SMA Devices Using 2021 Vulnerability Since January 2025

148/68 Tuesday, April 22, 2025 Researchers from Arctic Wolf have issued a warning about an ongoing cyberattack campaign targeting SonicWall Secure Mobile Access (SMA) devices. The attacks, active since January 2025, exploit CVE-2021-20035, a known OS command injection vulnerability in the SMA100 management interface. This flaw allows an authenticated attacker to execute arbitrary system commands […]

ThaiCERT

April 22, 2025

ASUS Confirms Critical Vulnerability in AiCloud Routers, Urges Immediate Firmware Update

146/68 Monday, April 21, 2025 ASUS has issued a security advisory regarding a critical vulnerability in its routers that have the AiCloud feature enabled, tracked as CVE-2025-2492 with a CVSS severity score of 9.2. The flaw stems from improper authentication control, potentially allowing unauthorized remote attackers to take control of the router’s functions. To mitigate […]

ThaiCERT

April 21, 2025

New Android Malware “SuperCard X” Steals Credit Card Data via NFC Relay Attacks

145/68 Monday, April 21, 2025 Cybersecurity firm Cleafy has uncovered a new threat dubbed “SuperCard X”, a Malware-as-a-Service (MaaS) tool targeting Android devices through NFC relay attacks. The malware is designed to steal credit card data and use it for fraudulent transactions at ATMs or point-of-sale (POS) terminals. The campaign has ties to Chinese-speaking threat […]

ThaiCERT

April 21, 2025

Cheap Android Phones from China Found Preloaded with Trojanized WhatsApp and Telegram to Steal Cryptocurrency

144/68 Friday, April 18, 2025 Researchers at Doctor Web have uncovered that several low-cost Android smartphones from China come preloaded with malware during the manufacturing process. The malicious apps include trojanized versions of WhatsApp and Telegram, which are embedded with crypto clipper malware. This malware monitors the clipboard and automatically replaces copied cryptocurrency wallet addresses […]

ThaiCERT

April 18, 2025

Apple Patches Two Zero-Day Vulnerabilities Exploited in Targeted iPhone Attacks

143/68 Friday, April 18, 2025 Apple has released an emergency security update to address two actively exploited zero-day vulnerabilities found in targeted attacks against iPhones. The company confirmed the attacks were highly sophisticated and urged users to update their devices immediately. The first vulnerability, CVE-2025-31200, resides in CoreAudio, where specially crafted media files could allow […]

ThaiCERT

April 18, 2025

Critical CVE-2025-24859 Vulnerability in Apache Roller (CVSS 10.0) Allows Continued Access Even After Password Changes

142/68 Thursday, April 17, 2025 A critical security vulnerability, CVE-2025-24859, has been disclosed in Apache Roller, a popular Java-based open-source blogging server. The flaw, which affects versions ≤6.1.4, has been assigned the maximum CVSS score of 10.0, indicating its severity. The vulnerability stems from unsafe session management, allowing authenticated sessions to remain active even after […]

ThaiCERT

April 17, 2025

Alert! Fake File Conversion Site Mimics PDFCandy to Distribute Stealer Malware

141/68 Thursday, April 17, 2025 Cybersecurity researchers at CloudSEK have uncovered a sophisticated malware campaign involving a fake version of the legitimate site PDFCandy[.]com, designed to trick users into downloading ArechClient2, an info-stealing malware from the SectopRAT family active since 2019. The campaign relies on malicious Google Ads and fake software update prompts to distribute […]

ThaiCERT

April 17, 2025
1 2 25