Track East Asia cyber, AI, cloud, and infrastructure risk before it becomes an incident.
In Week 3 of June 2026, South Korea faced a multi-vector cyber threat landscape as Qilin ransomware struck a big data solution provider, Anubis ransomware targeted a semiconductor equipment parts manufacturer, and confidential defense industry documents appeared for sale on the dark web forum Spear Forums, highlighting coordinated risks to national technological and security assets. Read more
This article provides a practical workflow for maintaining an evidence ladder to assess the strength and reliability of East Asia cyber signals over time. It outlines how to track signal evolution, determine when to upgrade from monitoring to action, and correct prior assumptions transparently without rewriting history. The guidance is designed for security, cloud, and operations teams using Nogosee’s tracker as a monitoring layer. Read more
In April 2026, Trojan malware accounted for 47% of phishing email attachments in South Korea, followed by phishing payloads at 39%, according to ASEC analysis. Attackers used social engineering lures like fake tax invoices and logistics notifications, with Trojans often delivered via double-extension files and phishing via HTML spoofs. The share of phishing malware rose from 21% to 39% month-over-month. Read more
A research paper reports that more than 1.2 million Thai National Identification Numbers were exposed through pages indexed by search engines. This Nogosee research digest translates the paper abstract into English context, links the full paper, and explains the operational relevance for privacy, identity, government web governance, and East Asia risk monitoring. Read more
ASEC reports three new ransomware variants—TiMC, BlackWater, and Lamashtu—alongside NoName05716’s claimed DDoS attacks on South Korean public and private entities and the VECT·TeamPCP campaign targeting a Dutch travel booking platform via social engineering. Read more
Genians has addressed CVE-2024-23843, a SQL injection vulnerability in its Genian NAC management console. The flaw stems from insufficient validation of user-supplied search parameters, potentially allowing unauthorized data exposure. Organizations using Genian NAC V5.0 or its LTS variants should upgrade to the latest versions to mitigate the risk of database compromise within their security infrastructure. Read more
A vulnerability in ESTsoft ALZip versions 12.01 through 12.29 fails to propagate 'Mark of the Web' (MoTW) Zone.Identifier streams when extracting files. This flaw, tracked as CVE-2025-29864, allows malicious content to bypass Windows security warnings, potentially leading to unauthorized code execution if users are tricked into opening unflagged malicious files. Read more
South Korea's KISA and KrCERT/CC have disclosed a high-severity type confusion vulnerability (CVE-2025-29867) in Hancom Office. The flaw resides in the DOC file processing logic, potentially allowing remote attackers to execute arbitrary code. Users of Hancom Office versions 2018 through 2024 must apply security updates to mitigate risks of system compromise through malicious documents. Read more
A high-severity buffer overflow vulnerability (CVE-2026-24497) has been identified in SimTech Systems' ThinkWise mind-mapping software. Affecting versions 7 through 22, the flaw allows remote attackers to execute arbitrary code. Users are urged to upgrade to ThinkWise 23 immediately to mitigate the risk of complete system compromise via malicious file formats. Read more
A security bypass vulnerability (CVE-2026-24498) in EFM-Networks ipTIME wireless routers allows unauthorized actors to extract Wi-Fi passwords in plaintext. Impacting multiple models including the T5008 and AX-series, the flaw bypasses internal security controls. Users must update to firmware version 15.27.2 or higher to remediate the risk of local credential theft. Read more