Over 16,000 Fortinet Devices Compromised with Symlink Backdoor
Security researchers have discovered that over 16,500 Fortinet FortiGate firewall devices have been compromised by attackers using a symlink-based backdoor. This attack allows persistent and stealthy remote access to affected systems. The discovery was made by Lexfo Security, and the infections are believed to have started as early as 2022. Despite patches being released by […]
Cybercriminals Are Evolving — And They’re Using AI Against You.
At PKF, we recognize that the cybersecurity landscape demands strategic vigilance, technical agility, and board-level attention. Microsoft’s latest Digital Defense Report outlines urgent trends that reaffirm what we’ve seen across industries: cyber risk is no longer a technical issue—it’s a business-critical concern. Here are the key highlights and what they mean for our clients and […]
SuperBlack Ransomware Exploits Fortinet Vulnerabilities for Unauthorized Access
A new ransomware group known as ‘Mora_001’ has been identified exploiting two authentication bypass vulnerabilities in Fortinet firewall appliances to deploy a custom ransomware strain named ‘SuperBlack’. Exploited Vulnerabilities: CVE-2025-24472: Initially fixed in January 2025, this vulnerability enables remote attackers to gain super-admin privileges by making maliciously crafted CSF proxy requests. Although Fortinet initially stated […]
Critical RCE bug in Microsoft Outlook now exploited in attacks
CISA Urges U.S. Federal Agencies to Secure Systems Against Critical Microsoft Outlook Vulnerability The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to U.S. federal agencies, urging them to secure their systems against ongoing attacks exploiting a critical remote code execution (RCE) vulnerability in Microsoft Outlook. This vulnerability, identified by Check Point researcher Haifei […]
Microsoft Thailand Collaborates with NCSC to Strengthen Cybersecurity in Thailand
Bangkok, Thailand – May 28, 2024 – Microsoft Thailand today announced a collaboration with the National Cyber Security Agency (NCSC) to join the Government Security Program (GSP) to exchange cybersecurity information, knowledge, and insights in a transparent manner, aiming to strengthen cybersecurity in Thailand. The Government Security Program (GSP) is a global initiative where Microsoft […]
PEGASUS: Cyber Warfare
‘T’was the night before Songkran, and all through the house, not a creature was stirring, except …” the Pegasus spyware working quietly and invisibly in the background on your devices and copying all your personal information and data to a computer server in some foreign country… while your sleep soundly in your bed, completely unaware […]
Know your cookies | Know your privacy
It has only been a month since the introduction of the PDPA (Personal Data Protection Act) in Thailand and already we are seeing many companies immediately adapting to the new requirements with a ‘click here’ or ‘accept’ button appearing on their website. By clicking on such a button, the user is usually being asked to […]
Are you ready for PDPA?
The Personal Data Protection Act or PDPA will come into force on 1 June 2022. With the introduction of the Act so close, your organisation should be preparing for its requirements. However, if your company hasn’t yet started preparing for the PDPA’s requirements, we suggest below four steps which could jumpstart the compliance process. Let’s […]
