Track East Asia cyber, AI, cloud, and infrastructure risk before it becomes an incident.
CISA has warned of active exploitation of CVE-2025-67038, a critical code injection vulnerability in Lantronix EDS5000 Series devices, requiring Federal Civilian Executive Branch agencies to apply patches by June 26, 2026. The flaw allows unauthenticated remote command execution with root privileges via the HTTP RPC module, posing significant risks to network integrity and device security. Read more
A two-decade analysis of 112 million South Korean news comments identifies 23,998 accounts showing coordinated manipulation behavior, with moral condemnation of domestic political figures driving higher engagement than direct foreign narrative promotion, informing platform defense prioritization. Read more
A study of China's underground 'airport' proxy market finds over half of 1,667 surveyed users rely on these subscription services to bypass the Great Firewall, citing performance and access to global platforms like ChatGPT. Researchers identified 3,431 active airports and tested 35, noting superior speeds via multi-hop routing but also risks including Alipay payments, frequent takedowns, client misconfiguration, and private censorship enforcement. Read more
In Week 3 of June 2026, South Korea faced a multi-vector cyber threat landscape as Qilin ransomware struck a big data solution provider, Anubis ransomware targeted a semiconductor equipment parts manufacturer, and confidential defense industry documents appeared for sale on the dark web forum Spear Forums, highlighting coordinated risks to national technological and security assets. Read more
Researchers uncovered 15 malicious JetBrains plugins posing as AI coding assistants that exfiltrate API keys for OpenAI, DeepSeek, and other LLMs, alongside two Chrome extensions stealing AI chat conversations from major platforms, highlighting supply chain risks in developer tools and browser extensions. Read more
AhnLab identifies a campaign distributing malicious LNK files masquerading as personal information consent forms to execute fileless PowerShell scripts, establish persistence via Windows Task Scheduler, deploy info-stealers and backdoors, and use decoy documents to evade detection, with observed TTP overlaps to Kimsuky-like activity. Read more
A practical guide for global security, cloud, and operations teams to monitor TWCERT/CC’s Taiwan Vulnerability Notes (TVN) feed for early detection of supply-chain risks affecting Taiwan-based software, vendors, and infrastructure. Focuses on actionable workflow steps, ownership, and flexible review practices without implying timeliness or numerical thresholds. Read more
This article provides a practical workflow for maintaining an evidence ladder to assess the strength and reliability of East Asia cyber signals over time. It outlines how to track signal evolution, determine when to upgrade from monitoring to action, and correct prior assumptions transparently without rewriting history. The guidance is designed for security, cloud, and operations teams using Nogosee’s tracker as a monitoring layer. Read more
Cloud and SaaS teams should use the JVN vulnerability feed to review Japanese supplier exposure through vendor inventory, patch responsibility, internet exposure, compensating controls, and escalation triggers. This checklist provides actionable steps for ongoing risk monitoring without implying new publication or fixed cadences. Read more
This evergreen playbook guides global security, cloud, and operations teams in using the TWCERT/CC English TVN RSS feed to monitor Taiwan-specific vulnerability disclosures and assess vendor exposure. It provides practical, source-grounded steps for integrating this feed into vulnerability management workflows without implying real-time alerts or prescribing rigid schedules. Read more