Posted on AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

TWCERT warns of high-severity insecure deserialization bug in Gigabyte Control Center Performance Library (CVE-2026-4416)

Taiwan’s TWCERT/CC published a vulnerability note for an insecure deserialization flaw in Gigabyte Control Center’s Performance Library component. The issue (CVE-2026-4416, CVSS 7.8 High) could allow a locally authenticated attacker to send a crafted serialized payload to the EasyTuneEngine service and escalate privileges. Gigabyte’s advised fix is to update Performance Library to version 25.12.31.01 or later. Read more

Posted on AI Infrastructure Risk AI Security Identity & Governance Vulnerability Intelligence

Taiwan CERT warns of high-severity authentication flaw in WinMatrix agent (CVE-2026-6348) enabling system-level code execution

TWCERT/CC disclosed a high-severity “Missing Authentication” vulnerability in WinMatrix agent software from Da Yang Technology (達煬科技). The issue (CVE-2026-6348, TVN-202604001) affects WinMatrix agent versions 3.5.13 through 3.5.26.15 and could allow an already-authenticated local attacker to execute arbitrary code with SYSTEM privileges on the local host and other hosts in the same environment that have the agent installed. TWCERT/CC recommends updating to WinMatrix agent 3.5.27.5 or later. Read more

Posted on AI Infrastructure Risk Cloud Security Identity & Governance Vulnerability Intelligence

Taiwan CERT warns of two critical unauthenticated SQL injection flaws in Digiwin EasyFlow.NET (CVSS 9.8)

TWCERT/CC published a Taiwan Vulnerability Note for two critical SQL injection vulnerabilities affecting Digiwin’s EasyFlow.NET workflow platform. Both issues are rated CVSS 9.8 and allow unauthenticated remote attackers to inject arbitrary SQL, potentially enabling database read, modification, and deletion. Organizations running affected EasyFlow.NET versions are advised by TWCERT/CC to upgrade to specified fixed releases or apply patches dated 2026-01-20. Read more

Posted on AI Infrastructure Risk Cloud Security Identity & Governance Vulnerability Intelligence

TWCERT warns of critical OS command injection in Hgiga iSherlock (CVE-2026-6349)

Taiwan’s TWCERT/CC published a critical vulnerability notice for an OS command injection flaw in Hgiga iSherlock appliances/software, including MailSherlock, SpamSherlock, and AuditSherlock. The issue (CVE-2026-6349, CVSS 9.8) could allow arbitrary OS command execution on the server under the conditions described in the advisory. Hgiga provides fixed package versions for both the 4.5 and 5.5 branches. Read more

Posted on AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Taiwan CERT warns of two critical MailGates/MailAudit vulnerabilities enabling unauthenticated RCE and file access

TWCERT/CC published TVN-202604003 detailing two vulnerabilities in Openfind’s MailGates/MailAudit email security/audit products. One issue (CVE-2026-6350) is a critical stack-based buffer overflow rated 9.8 that could allow unauthenticated remote code execution. The second (CVE-2026-6351) is a high-severity CRLF injection rated 7.5 that could allow unauthenticated access to system files. Openfind’s technical team reported the issues; updates are available for affected versions. Read more

Posted on AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Taiwan CERT flags critical OS command injection in NewSoftOA (CVE-2026-5965), patch available

TWCERT/CC published a critical vulnerability notice for NewSoftOA, an office automation product from NewSoft (力新國際). The issue, tracked as CVE-2026-5965 and TVN-202604008, is an OS command injection flaw with a CVSS 3.1 score of 9.8. TWCERT/CC recommends upgrading to NewSoftOA 10.1.8.3 or later to address the risk. Read more

Posted on AI Infrastructure Risk AI Security Cloud Security Identity & Governance

Contagious Interview evolves: attackers abuse VS Code Tasks to auto-run malware when a “trusted” workspace is opened

Taiwan’s TWCERT/CC reports a technical evolution in the “Contagious Interview” campaign: instead of relying on victims to manually execute a file, attackers embed a malicious VS Code workspace configuration so code runs automatically when developers open a project folder in Trusted Mode. The technique abuses VS Code’s tasks.json automation (including a run-on-folder-open behavior) and social engineering around Workspace Trust prompts. The activity primarily targets cryptocurrency software engineers and freelancers via recruiting outreach on LinkedIn and gig platforms, then directs them to download test projects from GitHub/GitLab. TWCERT/CC says the resulting payload has been identified as a newer BeaverTail variant (Type 701), with noted functional overlap with OtterCookie (sometimes referred to as “OtterCandy”), and is focused on stealing crypto-related browser extension and wallet data as well as high-value browser-stored secrets. Read more

Posted on AI Infrastructure Risk Cloud Security Vulnerability Intelligence

HTTP/2 Rapid Reset (CVE-2023-44487) highlights a web-scale protocol abuse pattern for DDoS

Cloudflare documented a record-scale DDoS wave that abused HTTP/2 stream cancellation (RST_STREAM) to generate extreme request rates with a relatively small botnet. The “Rapid Reset” technique (tracked as CVE-2023-44487) exploits HTTP/2’s ability to open many concurrent streams and then instantly cancel them, letting attackers recycle concurrency slots faster than some servers and intermediaries can clean up state. Cloudflare said attacks began Aug. 25, 2023 and peaked just above 201 million requests per second, observed alongside similar activity reported by Google and AWS, prompting coordinated disclosure to vendors and critical infrastructure providers. Read more

Posted on AI Infrastructure Risk AI Security Cloud Security Identity & Governance

OWASP formalizes a shared security baseline for GenAI apps with the Top 10 for LLM Applications (now part of the broader GenAI Security Project)

OWASP’s Top 10 for Large Language Model (LLM) Applications has been published as a community security baseline that catalogs common failure modes in GenAI applications—ranging from prompt injection to model theft. OWASP says the effort has expanded beyond a list into the OWASP GenAI Security Project, a broader open initiative covering risks across LLMs, agentic systems, and AI-driven applications, with a large global contributor community and separate project resources and participation tracks. Read more

Posted on AI Infrastructure Risk AI Security Cloud Security Identity & Governance

NIST AI RMF: the U.S. government’s voluntary baseline for AI trust, security, and resilience—now expanding to generative AI and critical infrastructure

NIST’s AI Risk Management Framework (AI RMF) established a shared, voluntary vocabulary and process model for managing AI risks across the lifecycle—supporting “trustworthiness” goals such as safety, security, and resilience. Since the AI RMF 1.0 release on Jan. 26, 2023, NIST has expanded implementation support via the AI RMF Playbook and Resource Center, published a Generative AI Profile (NIST-AI-600-1) in July 2024, and, as of Apr. 7, 2026, issued a concept note for a forthcoming profile focused on Trustworthy AI in Critical Infrastructure—signaling growing expectations that AI governance and security controls will be tailored to high-consequence environments. Read more