ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
Notepad++ 公式サイトのホスティングプロバイダが 2025年に侵害され、不正なアップデートが配布されていた
(2/2) Notepad++ Hijacked by State-Sponsored Hackers | Notepad++
According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled malicious update manifests.
(2/5) Important Clarification: Notepad++ Security Incident | Notepad++
Notepad++ itself was NOT hacked. The issue was with the auto-updater component (WinGup), which was exploited through a compromise of our former hosting provider’s infrastructure. The Notepad++ application you’ve been using remains safe and secure.
(2/3) The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America, focusing on government, telecom, aviation, critical infrastructure, and media sectors.
Our investigation identified a security incident stemming from a sophisticated compromise of the infrastructure hosting Notepad++, which was subsequently used to deliver a previously undocumented custom backdoor, which we have dubbed Chrysalis.
(2/3) Notepad++ supply chain attack breakdown | Securelist
auじぶん銀行で機器故障によるシステム障害が発生
(2/4) 【更新】【障害・お詫び】インターネットバンキング(Webからのお手続き)、じぶん銀行アプリにログインできない事象について | auじぶん銀行
暗号資産交換業者の BTCBOX が 1/29 からサービスを一時停止
(2/5) サービス停⽌の現状のご説明とお詫び | BTCBOX Blog
先般ご案内しておりましたシステムメンテナンスにつきまして、外部の関係先を含む業務管理体制の確認が必要となったため、現在も慎重に点検確認を進めております。
本件の概要といたしましては、2026 年 1 ⽉ 15 ⽇に当社が外部関係先との業務上の提携に際し、資料を共有する過程において、当該関係先における資料の取扱いの結果、第三者が閲覧しうる状態となった事案を確認しました。
本事案判明後、直ちに当該関係先へ連絡を⾏い、当該データの削除を要請するとともに、状況の確認を継続しております。
CISA が連邦政府機関向けにサポートが終了したエッジデバイスへの対応に関する運用指令 BOD 26-02 を発行
(2/5) BOD 26-02: Mitigating Risk From End-of-Support Edge Devices | CISA
攻撃、脅威
CERT-UA などがロシアの攻撃者グループ APT28 の攻撃活動について報告
(2/2) Operation Neusploit: APT28 Uses CVE-2026-21509 | ThreatLabz
(2/4) APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure
Check Point が攻撃者グループ Amaranth-Dragon の攻撃活動について報告
Check Point Research (CPR) has been tracking Amaranth-Dragon, a nexus of APT-41, previously aligned with Chinese interests. The group launched highly targeted cyber-espionage campaigns throughout 2025 against government and law enforcement agencies in Southeast Asia.
Cisco Talos が攻撃フレームワーク DKnife を利用した攻撃活動について報告
(2/5) Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants that perform deep-packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Based on the artifact metadata, DKnife has been used since at least 2019 and the command and control (C2) are still active as of January 2026.
Palo Alto Networks が大規模なサイバースパイ活動 Shadow Campaigns について報告
(2/5) The Shadow Campaigns: Uncovering Global Espionage
This investigation unveils a new cyberespionage group that Unit 42 tracks as TGR-STA-1030. We refer to the group’s activity as the Shadow Campaigns. We assess with high confidence that TGR-STA-1030 is a state-aligned group that operates out of Asia. Over the past year, this group has compromised government and critical infrastructure organizations across 37 countries. This means that approximately one out of every five countries has experienced a critical breach from this group in the past year. Further, between November and December 2025, we observed the group conducting active reconnaissance against government infrastructure associated with 155 countries.
Cloudflare が 2025年第 4 四半期の DDoS 脅威レポートを公開
(2/5) 2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults
脆弱性
CISA が Known Exploited Vulnerabilities (KEV) カタログに 4+2 個の脆弱性を追加
(2/3) CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2019-19006 Sangoma FreePBX Improper Authentication Vulnerability
- CVE-2021-39935 GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
- CVE-2025-40551 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2025-64328 Sangoma FreePBX OS Command Injection Vulnerability
(2/5) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability
- CVE-2026-24423 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
