See the no-go signals before they become incidents.
Taiwan’s TWCERT/CC published a high-severity vulnerability notice for the D-Link DWM-222W Wi‑Fi 6 USB mobile network adapter/modem. The issue allows an unauthenticated attacker on the same network domain to bypass login attempt limits, enabling brute-force attempts that could lead to device control. D-Link firmware 1.02.00 and later is listed as the fix. Read more
BWH Hotels, operator of the Best Western brand, confirmed a security incident involving unauthorized access to a web application used for guest reservations. The breach spanned approximately six months, exposing personal guest information from October 2025 through April 2026. Read more
TWCERT/CC disclosed three vulnerabilities affecting WeiQiao Information’s “Single Sign-On and Electronic Directory Service System” (單一簽入暨電子目錄服務系統). Two medium-severity issues are open redirect (CVE-2026-3824) and reflected XSS (CVE-2026-3825), both described as exploitable by authenticated remote attackers via user interaction. A critical issue, CVE-2026-3826 (CVSS 9.8), is a local file inclusion flaw described as exploitable by an unauthenticated remote attacker and could enable server-side arbitrary code execution. TWCERT/CC recommends upgrading to IFTOP_P4_181 or later; versions before IFTOP_P4_181 are affected. Read more
Taiwan’s iThome reports that ransomware operators using the “Nitrogen” name have listed Foxconn (Hon Hai Precision Industry) as a victim on a dark-web leak site, claiming they stole 8TB of data comprising about 11 million files. The actors allege the haul includes confidential orders, projects, and design sketches tied to multiple technology companies, but the report notes those partner references are not yet independently verified. The disclosure follows a widely reported early-May IT outage at Foxconn’s U.S. Wisconsin campus; Foxconn confirmed an “IT network issue” and later stated that production operations at affected North American sites remained normal after response actions were initiated. Read more
TWCERT/CC published a Taiwan Vulnerability Note (TVN-202604011) detailing two vulnerabilities affecting Herlin Digital Technology’s AVACAST for Windows versions 5.10.10.43 and earlier. The issues—DLL hijacking (CVE-2026-7279, CVSS 7.8 High) and an unquoted service path (CVE-2026-7280, CVSS 6.7 Medium)—could allow authenticated local attackers (and in the second case, a local admin) to execute code with SYSTEM privileges. TWCERT/CC recommends updating to AVACAST 5.10.10.45 or later. Read more
TWCERT/CC disclosed a critical “Missing Authentication” vulnerability in Chunghwa Long Network’s GCB/FCB government/financial cybersecurity configuration audit software. The issue allows a remote, unauthenticated attacker to use an API function to create a new administrator-privileged account. Affected deployments are versions prior to 20260108; users are advised to upgrade to 20260108 or later. Read more
Security researchers at LayerX have identified a design flaw dubbed 'ClaudeBleed' in the Claude in Chrome extension. The vulnerability allows malicious extensions with zero permissions to inject commands and hijack the Claude AI agent, potentially leading to unauthorized data exfiltration and sensitive cross-site operations. Read more
Taiwan's TWCERT/CC has disclosed two high-severity security vulnerabilities affecting SunNet's Corporate Training Management System (CTMS) and Corporate Appraisal Performance System (CAPS). These flaws include a SQL injection vulnerability and an arbitrary file upload weakness that could lead to full system compromise. Read more
TWCERT/CC published a Taiwan Vulnerability Note (TVN-202603007) describing two high-severity vulnerabilities affecting Galaxia Information’s Vitals ESP up to and including version 6.3. One issue could allow an authenticated remote attacker to perform some admin functions and escalate privileges (CVE-2026-4639, CVSS 8.8). The other could allow an unauthenticated remote attacker to access some functions and obtain sensitive information (CVE-2026-4640, CVSS 7.5). TWCERT/CC advises customers to contact the vendor for a patch. Read more
Adobe released its May routine security updates addressing 52 vulnerabilities across 10 application systems, with a particular emphasis on critical patches for the Adobe Commerce (Magento) e-commerce platform and high-risk flaws in Adobe Connect. Read more