Posted on AI Infrastructure Risk AI Security Identity & Governance Vulnerability Intelligence

Taiwan CERT warns of high-severity authentication flaw in WinMatrix agent (CVE-2026-6348) enabling system-level code execution

TWCERT/CC disclosed a high-severity “Missing Authentication” vulnerability in WinMatrix agent software from Da Yang Technology (達煬科技). The issue (CVE-2026-6348, TVN-202604001) affects WinMatrix agent versions 3.5.13 through 3.5.26.15 and could allow an already-authenticated local attacker to execute arbitrary code with SYSTEM privileges on the local host and other hosts in the same environment that have the agent installed. TWCERT/CC recommends updating to WinMatrix agent 3.5.27.5 or later. Read more

Posted on AI Infrastructure Risk Cloud Security Identity & Governance Vulnerability Intelligence

Taiwan CERT warns of two critical unauthenticated SQL injection flaws in Digiwin EasyFlow.NET (CVSS 9.8)

TWCERT/CC published a Taiwan Vulnerability Note for two critical SQL injection vulnerabilities affecting Digiwin’s EasyFlow.NET workflow platform. Both issues are rated CVSS 9.8 and allow unauthenticated remote attackers to inject arbitrary SQL, potentially enabling database read, modification, and deletion. Organizations running affected EasyFlow.NET versions are advised by TWCERT/CC to upgrade to specified fixed releases or apply patches dated 2026-01-20. Read more

Posted on AI Infrastructure Risk Cloud Security Identity & Governance Vulnerability Intelligence

TWCERT warns of critical OS command injection in Hgiga iSherlock (CVE-2026-6349)

Taiwan’s TWCERT/CC published a critical vulnerability notice for an OS command injection flaw in Hgiga iSherlock appliances/software, including MailSherlock, SpamSherlock, and AuditSherlock. The issue (CVE-2026-6349, CVSS 9.8) could allow arbitrary OS command execution on the server under the conditions described in the advisory. Hgiga provides fixed package versions for both the 4.5 and 5.5 branches. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Taiwan CERT warns of two high-severity flaws in ThreatSonar Anti-Ransomware (pre‑4.0.0)

Taiwan’s TWCERT/CC disclosed two high-severity vulnerabilities affecting ThreatSonar Anti-Ransomware versions earlier than 4.0.0: an arbitrary file deletion issue via path traversal (CVE-2026-5966) and a privilege escalation flaw enabling OS command injection executed as root (CVE-2026-5967). Both issues require authentication and specific operational access (web or shell). TWCERT/CC recommends installing the vendor patch identified as version 20260302. Read more

Posted on AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Taiwan CERT warns of two critical MailGates/MailAudit vulnerabilities enabling unauthenticated RCE and file access

TWCERT/CC published TVN-202604003 detailing two vulnerabilities in Openfind’s MailGates/MailAudit email security/audit products. One issue (CVE-2026-6350) is a critical stack-based buffer overflow rated 9.8 that could allow unauthenticated remote code execution. The second (CVE-2026-6351) is a high-severity CRLF injection rated 7.5 that could allow unauthenticated access to system files. Openfind’s technical team reported the issues; updates are available for affected versions. Read more

Posted on AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Taiwan CERT flags critical OS command injection in NewSoftOA (CVE-2026-5965), patch available

TWCERT/CC published a critical vulnerability notice for NewSoftOA, an office automation product from NewSoft (力新國際). The issue, tracked as CVE-2026-5965 and TVN-202604008, is an OS command injection flaw with a CVSS 3.1 score of 9.8. TWCERT/CC recommends upgrading to NewSoftOA 10.1.8.3 or later to address the risk. Read more

Posted on Cloud Security Identity & Governance Incidents & Breaches Security Operations

TWCERT warns of phishing campaigns abusing Microsoft 365, lookalike domains, and short-lived SSL certificates to evade defenses

Taiwan’s national CERT (TWCERT/CC) reports an active social-engineering campaign that combines legitimate Microsoft 365 email accounts, near-typosquat domains, and short-term SSL certificates to bypass email and web defenses. The activity includes two waves: (1) broad phishing emails themed as “Microsoft account abnormal sign-in activity” and (2) targeted spear-phishing that repeatedly sends “Microsoft one-time code” lures to create urgency before delivering an “abnormal sign-in” message. A notable tactic described by TWCERT is URL-pattern-based gating: victims who match attacker-defined URL rules see a customized phishing page that harvests credentials, while non-matching visitors are redirected to a legitimate login page—reducing detection and increasing credibility. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Taiwan CERT warns of “Operation WrtHug” targeting ASUS routers via AiCloud command-injection flaws

Taiwan’s TWCERT/CC issued an urgent alert citing SecurityScorecard’s STRIKE team research into “Operation WrtHug,” a sustained campaign targeting ASUS small office/home office routers worldwide. The activity is reported to abuse known, publicly disclosed OS command-injection vulnerabilities—including issues referenced alongside CVE-2023-39780—focused on the AiCloud service. TWCERT/CC says compromised routers may be backdoored and incorporated into a large global infected network used for follow-on cyber threat activity and espionage, with STRIKE reporting identification of more than 50,000 infected IP devices over the past six months. The advisory urges immediate firmware updates, replacement of end-of-life (EoL) models that cannot be patched, and consultation of ASUS product security advisories for official mitigation steps. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Taiwan CERT warns WSUS RCE CVE-2025-59287 (CVSS 9.8) is under active exploitation

Taiwan’s TWCERT/CC is urging organizations to urgently patch a high-severity Windows Server Update Services (WSUS) vulnerability, CVE-2025-59287 (CVSS 9.8), after U.S. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog and Dutch NCSC-NL also confirmed real-world exploitation. The flaw enables unauthenticated remote code execution as SYSTEM via a deserialization trigger, but only impacts Windows Server systems where the WSUS server role is enabled. TWCERT/CC also cited Huntress reporting attacker scanning for exposed WSUS ports 8530/8531 and delivering malicious requests, with post-exploitation activity potentially involving PowerShell-based payload execution and data discovery/exfiltration. Read more

Posted on Cloud Security Identity & Governance Incidents & Breaches Security Operations

Taiwan CERT flags “EtherHide” as an emerging blockchain-based C2 technique paired with ClearFake fake-update lures

Taiwan’s national CERT (TWCERT/CC) warns that attackers are increasingly using public blockchains as command-and-control (C2) infrastructure. The advisory highlights “EtherHide,” a technique first described by security researchers in October 2023, where adversaries store malicious commands or payload locations inside smart contracts. Malware (or malicious web scripts) can then query the chain for updated instructions, reducing the effectiveness of traditional controls like domain/IP blocking and traffic monitoring. TWCERT/CC also notes EtherHide is frequently chained with the “ClearFake” social-engineering pattern—fake system notifications or software update prompts—often delivered via compromised WordPress sites embedding malicious JavaScript. The combined flow uses Binance Smart Chain (BSC) smart contracts and read-only calls (e.g., eth_call) to retrieve attacker instructions without on-chain transaction fees, improving stealth and persistence. Read more