AI Infrastructure Risk Archives - Nogosee Intelligence

May 13, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Genians NAC SQL Injection Vulnerability Exposes Network Infrastructure to Data Disclosure

Genians has addressed CVE-2024-23843, a SQL injection vulnerability in its Genian NAC management console. The flaw stems from insufficient validation of user-supplied search parameters, potentially allowing unauthorized data exposure. Organizations using Genian NAC V5.0 or its LTS variants should upgrade to the latest versions to mitigate the risk of database compromise within their security infrastructure. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Security Operations Vulnerability Intelligence

ALZip Vulnerability CVE-2025-29864 Bypass Windows Mark of the Web Defenses

A vulnerability in ESTsoft ALZip versions 12.01 through 12.29 fails to propagate 'Mark of the Web' (MoTW) Zone.Identifier streams when extracting files. This flaw, tracked as CVE-2025-29864, allows malicious content to bypass Windows security warnings, potentially leading to unauthorized code execution if users are tricked into opening unflagged malicious files. Read more

May 13, 2026 AI Infrastructure Risk Incidents & Breaches Security Operations Vulnerability Intelligence

KISA Issues Warning for Type Confusion Vulnerability in Hancom Office

South Korea's KISA and KrCERT/CC have disclosed a high-severity type confusion vulnerability (CVE-2025-29867) in Hancom Office. The flaw resides in the DOC file processing logic, potentially allowing remote attackers to execute arbitrary code. Users of Hancom Office versions 2018 through 2024 must apply security updates to mitigate risks of system compromise through malicious documents. Read more

May 13, 2026 AI Infrastructure Risk Incidents & Breaches Security Operations Vulnerability Intelligence

CVE-2026-24497: Critical Buffer Overflow in SimTech Systems ThinkWise Facilitates Remote Code Execution

A high-severity buffer overflow vulnerability (CVE-2026-24497) has been identified in SimTech Systems' ThinkWise mind-mapping software. Affecting versions 7 through 22, the flaw allows remote attackers to execute arbitrary code. Users are urged to upgrade to ThinkWise 23 immediately to mitigate the risk of complete system compromise via malicious file formats. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

CVE-2026-24498: EFM-Networks ipTIME Routers Vulnerable to Wi-Fi Password Exposure

A security bypass vulnerability (CVE-2026-24498) in EFM-Networks ipTIME wireless routers allows unauthorized actors to extract Wi-Fi passwords in plaintext. Impacting multiple models including the T5008 and AX-series, the flaw bypasses internal security controls. Users must update to firmware version 15.27.2 or higher to remediate the risk of local credential theft. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk Identity & Governance Security Operations Vulnerability Intelligence

Cisco Security Advisory Addresses Critical Vulnerabilities in Crosswork, NSO, and ESA Systems

Cisco has released urgent security updates to address significant vulnerabilities in its networking and security product lines. The advisories cover denial-of-service risks in the Crosswork Network Controller and Network Services Orchestrator (NSO), as well as long-standing resource management issues in Cisco Email Security Appliance (ESA) running legacy AsyncOS software. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Security Operations

KISA Issues Urgent Warning on Smishing Exploiting Breached Travel Platform Data

South Korea's internet security agency, KISA, has issued an urgent advisory regarding highly targeted smishing attacks. Cybercriminals are using stolen data from hacked travel platforms, such as accommodation reservation details, to impersonate hotel staff. These attacks aim to deceive travelers into entering credit card information on fraudulent sites to avoid supposed booking cancellations, posing significant secondary financial risk. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk AI Security Cloud Security

Generative AI Reshapes Gen Z Corporate Training in Japan Amid Literacy Concerns

Japanese enterprises are increasingly deploying Generative AI to train Gen Z new hires, utilizing AI avatars for customer service role-play and accelerated system development. While these tools improve operational efficiency and reduce psychological barriers for digital-native employees, companies are simultaneously intensifying information literacy training to mitigate risks associated with AI-generated hallucinations and data security. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk AI Security Cloud Security

Token Efficiency Benchmarks Reveal ‘Japanese Language Tax’ in Generative AI Costs

Benchmarking data released in May 2026 shows that processing Japanese text remains roughly 1.5 times more expensive than English across major LLMs due to tokenization inefficiencies. While Claude Opus 4.7 has improved relative language parity, most models still impose a significant overhead for East Asian scripts, impacting operational budgets and context window utilization for global enterprises. Read more

May 13, 2026 AI Infrastructure Risk AI Security Cloud Security Identity & Governance

Microsoft Launches Real-Time Data Loss Prevention for Copilot Prompt Inputs

Microsoft has released a significant security update for Microsoft 365 Copilot, introducing real-time Data Loss Prevention (DLP) for prompt inputs. The feature uses Microsoft Purview to detect and block sensitive information—such as credit card numbers or internal project codes—from being processed by the AI, preventing accidental data leakage while maintaining operational productivity. Read more