ThaiCERT

65/68 Tuesday, February 18, 2025 Security researchers from Microsoft have warned that the cyber threat group known as Storm-2372, which has ties to Russia, has been using a “Device Code Phishing” technique to steal authentication tokens from government agencies, non-governmental organizations (NGOs), and various industries since August 2024. This technique deceives users into logging into […]

64/68 Monday, February 17, 2025 Hackers are actively exploiting CVE-2025-0108, a vulnerability in Palo Alto Networks’ PAN-OS firewall, which allows attackers to bypass authentication and gain access to the web-based management system without requiring a password. While this vulnerability does not enable remote code execution directly, it poses a significant security risk to sensitive data. […]

63/68 Monday, February 17, 2025 Group-IB has revealed that RansomHub has become the most influential ransomware group in 2024, following the takedown of major ransomware gangs such as ALPHV and LockBit by law enforcement operations. RansomHub operates under the Ransomware-as-a-Service (RaaS) model and selectively recruits affiliates from previously dismantled cybercriminal groups. This approach has enabled […]

62/68 Friday, February 14, 2025 Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address three critical vulnerabilities: These vulnerabilities require authentication before exploitation. However, if attackers manage to steal login credentials, they could exploit these flaws to gain control over the system. […]

61/68 Friday, February 14, 2025 A major data breach has been discovered in the database of Mars Hydro, a manufacturer of smart IoT grow lights, exposing over 1.17 terabytes of data and 2.7 billion records without any security protection. The leaked information includes Wi-Fi network names (SSIDs), passwords, IP addresses, device IDs, email addresses, and […]

60/68 Thursday, February 13, 2025 OpenSSL has released a patch addressing the high-severity vulnerability CVE-2024-12797, which was discovered by Apple. This flaw could allow Man-in-the-Middle (MitM) attacks. OpenSSL is a widely used cryptographic library that secures network communications by encrypting data and verifying identities. It supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS) […]

59/68 Thursday, February 13, 2025 Security experts have issued a warning that more than 12,000 KerioControl firewalls from GFI Software have been compromised through the critical CVE-2024-52875 vulnerability. This flaw allows hackers to execute remote code (RCE). The vulnerability was discovered by researcher Egidio Romano (EgiX) in mid-December 2024 and was first patched in version […]

58/68 Tuesday, February 11, 2025 Zimbra has released a software update to address critical security vulnerabilities that could lead to data exposure if exploited. The vulnerability tracked as CVE-2025-25064 has been assigned a CVSS score of 9.8 and is an SQL Injection flaw in the ZimbraSync Service SOAP endpoint, affecting versions prior to 10.0.12 and […]

57/68 Tuesday, February 11, 2025 Security researchers from Sophos have reported that cybercriminals are increasingly using Scalable Vector Graphics (SVG) files to distribute malicious links via phishing emails. SVG files can open automatically in web browsers on Windows and support XML commands, allowing attackers to embed links to dangerous websites or inject malicious code. Sophos […]

56/68 Monday, February 10, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Trimble Cityworks vulnerability CVE-2025-0994 to its Known Exploited Vulnerabilities (KEV) Catalog. Trimble Cityworks is an asset management and permitting software that utilizes GIS technology for local governments, public utilities, and infrastructure organizations. The software integrates with Esri’s ArcGIS to […]