Data / Tool
Open the risk workbench
Search records, inspect source links, compare priority, export capped samples, and check source freshness before deciding what deserves deeper review.
A Practical Workflow for Build a supplier exposure watchlist from East Asia vulnerability notes
A Practical Workflow for Build a supplier exposure watchlist from East Asia vulnerability notes helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims.
A Practical Workflow for Questions to ask when a vendor advisory lacks version ranges
A Practical Workflow for Questions to ask when a vendor advisory lacks version ranges helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims.
Malicious LNK Files Disguised as Privacy Consent Forms Target South Korean Users via Fileless PowerShell and Task Scheduler Abuse
AhnLab identifies a campaign distributing malicious LNK files masquerading as personal information consent forms to execute fileless PowerShell scripts, establish persistence via Windows Task Scheduler, deploy info-stealers and backdoors, and use decoy documents to evade detection, with observed TTP overlaps to Kimsuky-like activity.
Supply Chain Attack on Mastra npm Packages Exposes AI Development Environments to Cryptocurrency Theft
A coordinated supply chain attack compromised 144 Mastra npm packages by hijacking a former contributor’s account to inject a malicious dependency that steals cryptocurrency and establishes persistence, posing significant risks to AI development workflows and cloud infrastructure environments globally.
RoguePlanet Zero-Day Exposes Critical Race Condition in Microsoft Defender’s Privileged Engine
Microsoft confirmed active development of a patch for CVE-2026-50656, a zero-day elevation of privilege vulnerability in Microsoft Defender that allows attackers to gain SYSTEM access via a race condition in the Malware Protection Engine, affecting fully patched Windows 10 and 11 systems despite real-time protection being enabled.
A Practical Workflow for A Taiwan-listed company discloses a cyber incident; what should you verify first?
A Practical Workflow for A Taiwan-listed company discloses a cyber incident; what should you verify first? helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims.
A Practical Workflow for How to use JPCERT/CC alert archives for vendor risk monitoring
A Practical Workflow for How to use JPCERT/CC alert archives for vendor risk monitoring helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims.
A Practical Workflow for What to capture from a CERT advisory so you can act later
A Practical Workflow for What to capture from a CERT advisory so you can act later helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims.
A Practical Workflow for What to verify before requesting paid API/database access
A Practical Workflow for What to verify before requesting paid API/database access helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims.
A Practical Workflow for East Asia telecom and critical-infrastructure cyber signals
A Practical Workflow for East Asia telecom and critical-infrastructure cyber signals helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims.