See the no-go signals before they become incidents.
The Larva-26002 threat actor is aggressively targeting mismanaged MS-SQL and MySQL servers on Windows. According to ASEC's Q1 2026 report, the group has evolved its toolkit to include ICE Cloud, a Go-based scanner. Attacks involve brute-force credential stuffing and exploiting the BCP utility to deploy malware for subsequent ransomware or reconnaissance operations. Read more
March 2026 saw a surge in complex cyberattacks targeting financial institutions, characterized by Lazarus Group watering hole exploits, large-scale dark web data leaks, and targeted phishing. Vulnerabilities in AnySign4PC were used for remote code execution, while ransomware groups like Apt73 and WorldLeaks intensified double extortion tactics, significantly raising the risk profile for global and South Korean banking infrastructure. Read more
Genians has addressed CVE-2024-23843, a SQL injection vulnerability in its Genian NAC management console. The flaw stems from insufficient validation of user-supplied search parameters, potentially allowing unauthorized data exposure. Organizations using Genian NAC V5.0 or its LTS variants should upgrade to the latest versions to mitigate the risk of database compromise within their security infrastructure. Read more
The April 2026 dark web landscape was dominated by the leak of critical aerospace, defense, and military intelligence, including Boeing Artemis and Virginia-class submarine data. Notable activity from threat groups like ShinyHunters and the resurgence of BreachForums highlighted high-risk exposure across technology, financial, and government sectors, alongside the increasing commoditization of Phishing-as-a-Service and advanced malware builders. Read more
The April 2026 Ransomware Threat Trend Report from AhnLab reveals a significant shift in ransomware operations, with groups increasingly focusing on critical infrastructure sectors. The report details heighted activity in the manufacturing, healthcare, and finance industries globally, alongside the emergence of new threat groups and sustained campaigns by established actors like Qilin and INC Ransom. Read more
A vulnerability in ESTsoft ALZip versions 12.01 through 12.29 fails to propagate 'Mark of the Web' (MoTW) Zone.Identifier streams when extracting files. This flaw, tracked as CVE-2025-29864, allows malicious content to bypass Windows security warnings, potentially leading to unauthorized code execution if users are tricked into opening unflagged malicious files. Read more
A security bypass vulnerability (CVE-2026-24498) in EFM-Networks ipTIME wireless routers allows unauthorized actors to extract Wi-Fi passwords in plaintext. Impacting multiple models including the T5008 and AX-series, the flaw bypasses internal security controls. Users must update to firmware version 15.27.2 or higher to remediate the risk of local credential theft. Read more
Cisco has released urgent security updates to address significant vulnerabilities in its networking and security product lines. The advisories cover denial-of-service risks in the Crosswork Network Controller and Network Services Orchestrator (NSO), as well as long-standing resource management issues in Cisco Email Security Appliance (ESA) running legacy AsyncOS software. Read more
Palo Alto Networks has released critical security updates addressing CVE-2026-0300, an out-of-bounds write vulnerability in its PAN-OS software. Affecting versions 10.2 through 12.1, the flaw poses significant risks to network infrastructure security. The Korea Internet & Security Agency (KISA) strongly recommends that organizations apply the specific hotfixes and maintenance releases provided to mitigate potential exploitation risks. Read more
South Korea's internet security agency, KISA, has issued an urgent advisory regarding highly targeted smishing attacks. Cybercriminals are using stolen data from hacked travel platforms, such as accommodation reservation details, to impersonate hotel staff. These attacks aim to deceive travelers into entering credit card information on fraudulent sites to avoid supposed booking cancellations, posing significant secondary financial risk. Read more