Hackers Steal Over $120 Million in Digital Assets From Balancer DeFi Protocol

445/68 Wednesday, November 5, 2025 Balancer Protocol, a decentralized finance (DeFi) platform built on the Ethereum blockchain, disclosed that it was exploited through a vulnerability in its Balancer v2 Pools, resulting in losses exceeding $128 million USD (approximately 4.7 billion THB). Balancer operates as an Automated Market Maker (AMM) and liquidity infrastructure platform, allowing users […]

ThaiCERT

November 5, 2025

Malicious VSX Extension “SleepyDuck” Found-Trojan Uses Ethereum Blockchain as Backup Command Channel

444/68 Wednesday, November 5, 2025 Cybersecurity researchers have issued a warning about a new malicious extension on the Open VSX registry called “SleepyDuck.” The extension, published under the name juan-bianco.solidity-vlang (version 0.0.8), contains a hidden Remote Access Trojan (RAT). According to Secure Annex, the extension first appeared in version 0.0.7 on October 31, 2025, as […]

ThaiCERT

November 5, 2025

University of Pennsylvania Hacked – Attackers Claim to Have Stolen Data on Over 1.2 Million Donors

443/68 Tuesday, November 4, 2025 A cybersecurity student researcher has revealed that the University of Pennsylvania (Penn) was the target of a cyberattack, with the hacker group claiming to have stolen data on more than 1.2 million donors, along with internal university documents. The incident surfaced after numerous alumni and students received emails from the […]

ThaiCERT

November 4, 2025

Australian Government Warns of Ongoing Attacks Targeting Unpatched Cisco IOS XE Devices, Risk of “BadCandy” Webshell Infection

442/68 Tuesday, November 4, 2025 The Australian Signals Directorate (ASD) has issued a warning about ongoing cyberattacks exploiting the vulnerability CVE-2023-20198 in Cisco IOS XE devices. Attackers are using the flaw to implant a malicious webshell known as BadCandy, which gives them administrator-level control over the device. The vulnerability carries the highest severity rating, CVSS […]

ThaiCERT

November 4, 2025

Hacker Group “Bronze Butler” Exploits Zero-Day Vulnerability in Lanscope Endpoint Manager to Spread Gokcpdoor Malware and Steal Data

440/68 Monday, November 3, 2025 Researchers from Sophos have reported that the cyber-espionage group Bronze Butler (also known as Tick) exploited a zero-day vulnerability in Motex Lanscope Endpoint Manager to distribute a new variant of the Gokcpdoor malware designed to steal confidential data from targeted organizations. The flaw, tracked as CVE-2025-61932, is a Request Origin […]

ThaiCERT

November 3, 2025

Hacktivist Group “Hezi Rash” Linked to Over 350 DDoS Attacks in Just Two Months

439/68 Monday, November 3, 2025 A report from Check Point Research has revealed the emergence of a Kurdish hacktivist group known as “Hezi Rash”, which has been active since 2023 and is responsible for more than 350 cyberattacks over a two-month period. The group primarily conducts Distributed Denial-of-Service (DDoS) attacks targeting countries and websites it […]

ThaiCERT

November 3, 2025

CISA Warns of Critical Linux Kernel Vulnerability Exploited by Ransomware Gangs

438/68 Monday, November 3, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially confirmed that a high-severity vulnerability in the Linux kernel (tracked as CVE-2024-1086) is now being actively exploited by ransomware groups. Although the flaw was disclosed and patched in January 2024, investigations have revealed that it stems from a long-standing “use-after-free” […]

ThaiCERT

November 3, 2025

Vulnerability Found in WordPress Security Plugin “Anti-Malware Security and Brute-Force Firewall,” Risk of Server Data Exposure

437/68 Friday, October 31, 2025 Security researchers have discovered a vulnerability in the popular WordPress plugin Anti-Malware Security and Brute-Force Firewall, which is installed on more than 100,000 websites worldwide. The flaw, tracked as CVE-2025-11705, stems from a missing capability check in the function GOTMLS_ajax_scan(), allowing users with subscriber-level access to invoke the function and […]

ThaiCERT

October 31, 2025

MITRE Releases ATT&CK Framework Version 18 with Enhanced Threat Detection and Updates to Mobile and ICS Domains

436/68 Friday, October 31, 2025 MITRE has announced the release of ATT&CK Framework Version 18, the globally recognized database of adversarial tactics and techniques. The latest update introduces several major enhancements—most notably in the area of Detections, with the addition of two new object types: Detection Strategies, which define high-level approaches to threat detection, and […]

ThaiCERT

October 31, 2025
1 7 8 9 62