Posted on Cloud Security Identity & Governance Incidents & Breaches Security Operations

ASEC Q1 2026 Report Reveals Larva-26002’s Shift to Go-Based ICE Cloud Scanner via BCP Exploitation

ASEC’s analysis of ASD logs for Q1 2026 shows persistent attacks on Windows-based MS-SQL and MySQL servers, with a temporary decline in February followed by a March rebound. The Larva-26002 threat actor was observed deploying the Go-written ICE Cloud scanner via BCP exploitation on mismanaged MS-SQL systems, continuing prior use of Trigona and Mimic ransomware. Turkish-language strings in the scanner align with earlier Mimic campaigns. Primary vectors include brute force, dictionary attacks, and exploitation of weak or misconfigured accounts due to poor administrative hygiene. Read more

Posted on Identity & Governance Incidents & Breaches Security Operations Vulnerability Intelligence

Korean and Global Financial Sectors Face Multi-Layered Cyber Threats in Early 2026

March 2026 saw a surge in complex cyberattacks targeting financial institutions, characterized by Lazarus Group watering hole exploits, large-scale dark web data leaks, and targeted phishing. Vulnerabilities in AnySign4PC were used for remote code execution, while ransomware groups like Apt73 and WorldLeaks intensified double extortion tactics, significantly raising the risk profile for global and South Korean banking infrastructure. Read more

Posted on AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Genians NAC SQL Injection Vulnerability Exposes Network Infrastructure to Data Disclosure

Genians has addressed CVE-2024-23843, a SQL injection vulnerability in its Genian NAC management console. The flaw stems from insufficient validation of user-supplied search parameters, potentially allowing unauthorized data exposure. Organizations using Genian NAC V5.0 or its LTS variants should upgrade to the latest versions to mitigate the risk of database compromise within their security infrastructure. Read more

Posted on AI Security Identity & Governance Incidents & Breaches Security Operations

AhnLab April 2026 Dark Web Intelligence: High-Value Defense and Aerospace Data Leak Trends

The April 2026 dark web landscape was dominated by the leak of critical aerospace, defense, and military intelligence, including Boeing Artemis and Virginia-class submarine data. Notable activity from threat groups like ShinyHunters and the resurgence of BreachForums highlighted high-risk exposure across technology, financial, and government sectors, alongside the increasing commoditization of Phishing-as-a-Service and advanced malware builders. Read more

Posted on AI Security Identity & Governance Incidents & Breaches Security Operations

AhnLab April 2026 Report Highlights Surge in Targeted Critical Infrastructure Ransomware Attacks

The April 2026 Ransomware Threat Trend Report from AhnLab reveals a significant shift in ransomware operations, with groups increasingly focusing on critical infrastructure sectors. The report details heighted activity in the manufacturing, healthcare, and finance industries globally, alongside the emergence of new threat groups and sustained campaigns by established actors like Qilin and INC Ransom. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

CVE-2025-29865: Arbitrary File Download Vulnerability in Tagfree X-Free Uploader

KISA and KrCERT/CC have identified a high-severity arbitrary file download vulnerability in Tagfree X-Free Uploader. Designated as CVE-2025-29865, the flaw stems from insufficient validation of server communication parameters. If exploited, attackers could leak sensitive information or download arbitrary files. Users are urged to update to XFU versions 1.0.1.0085 or 2.0.1.0035. Read more

Posted on AI Security Cloud Security Security Operations Vulnerability Intelligence

CVE-2025-29866: Critical Improper Privilege Validation in Tagfree X-Free Uploader

A high-severity vulnerability (CVE-2025-29866) has been identified in Tagfree's X-Free Uploader, allowing unauthorized attackers to delete arbitrary files. With a CVSS score of 8.8, this improper privilege validation flaw enables data tampering and system disruption. South Korea's KISA recommends immediate patching to versions 1.0.1.0085 or 2.0.1.0035 to mitigate operational risks. Read more

Posted on AI Infrastructure Risk Identity & Governance Security Operations Vulnerability Intelligence

ALZip Vulnerability CVE-2025-29864 Bypass Windows Mark of the Web Defenses

A vulnerability in ESTsoft ALZip versions 12.01 through 12.29 fails to propagate 'Mark of the Web' (MoTW) Zone.Identifier streams when extracting files. This flaw, tracked as CVE-2025-29864, allows malicious content to bypass Windows security warnings, potentially leading to unauthorized code execution if users are tricked into opening unflagged malicious files. Read more

Posted on AI Infrastructure Risk Incidents & Breaches Security Operations Vulnerability Intelligence

KISA Issues Warning for Type Confusion Vulnerability in Hancom Office

South Korea's KISA and KrCERT/CC have disclosed a high-severity type confusion vulnerability (CVE-2025-29867) in Hancom Office. The flaw resides in the DOC file processing logic, potentially allowing remote attackers to execute arbitrary code. Users of Hancom Office versions 2018 through 2024 must apply security updates to mitigate risks of system compromise through malicious documents. Read more

Posted on AI Infrastructure Risk Incidents & Breaches Security Operations Vulnerability Intelligence

CVE-2026-24497: Critical Buffer Overflow in SimTech Systems ThinkWise Facilitates Remote Code Execution

A high-severity buffer overflow vulnerability (CVE-2026-24497) has been identified in SimTech Systems' ThinkWise mind-mapping software. Affecting versions 7 through 22, the flaw allows remote attackers to execute arbitrary code. Users are urged to upgrade to ThinkWise 23 immediately to mitigate the risk of complete system compromise via malicious file formats. Read more