See the no-go signals before they become incidents.
The Distributed Management Task Force (DMTF) announced that its Security Protocol and Data Model (SPDM) has been officially incorporated into the U.S. FIPS 140-3 Implementation Guidance, establishing a new federal reference for hardware and firmware authentication. Read more
A high-severity Insecure Direct Object Reference (IDOR) vulnerability has been identified in the 'App好校通' (App School Link) mobile application developed by Sun Rise Technology, potentially allowing authenticated users to access and modify unauthorized records. Read more
TWCERT/CC published a Taiwan Vulnerability Note for a high-severity arbitrary file write flaw in Gigabyte Control Center. The advisory says that when the product’s pairing function is enabled, an unauthenticated remote attacker could write arbitrary files to any OS path, potentially enabling code execution or privilege escalation. Gigabyte Control Center versions up to 25.07.21.01 are listed as affected, and upgrading to 25.12.10.01 or later is recommended. Read more
TWCERT/CC published a vulnerability note for an arbitrary file upload issue in Digiwin (育碁數位科技) a+HCM affecting versions up to and including 8.1. The note states an unauthenticated remote attacker could upload arbitrary files to arbitrary paths, including HTML files that could produce XSS-like effects. TWCERT/CC rates the issue CVSS 6.1 (Medium) and points users to the vendor’s security notice and patches. Read more
Taiwan’s TWCERT/CC published a vulnerability note for an insecure deserialization flaw in Gigabyte Control Center’s Performance Library component. The issue (CVE-2026-4416, CVSS 7.8 High) could allow a locally authenticated attacker to send a crafted serialized payload to the EasyTuneEngine service and escalate privileges. Gigabyte’s advised fix is to update Performance Library to version 25.12.31.01 or later. Read more
TWCERT/CC disclosed a high-severity “Missing Authentication” vulnerability in WinMatrix agent software from Da Yang Technology (達煬科技). The issue (CVE-2026-6348, TVN-202604001) affects WinMatrix agent versions 3.5.13 through 3.5.26.15 and could allow an already-authenticated local attacker to execute arbitrary code with SYSTEM privileges on the local host and other hosts in the same environment that have the agent installed. TWCERT/CC recommends updating to WinMatrix agent 3.5.27.5 or later. Read more
TWCERT/CC published a Taiwan Vulnerability Note for two critical SQL injection vulnerabilities affecting Digiwin’s EasyFlow.NET workflow platform. Both issues are rated CVSS 9.8 and allow unauthenticated remote attackers to inject arbitrary SQL, potentially enabling database read, modification, and deletion. Organizations running affected EasyFlow.NET versions are advised by TWCERT/CC to upgrade to specified fixed releases or apply patches dated 2026-01-20. Read more
Taiwan’s TWCERT/CC published a critical vulnerability notice for an OS command injection flaw in Hgiga iSherlock appliances/software, including MailSherlock, SpamSherlock, and AuditSherlock. The issue (CVE-2026-6349, CVSS 9.8) could allow arbitrary OS command execution on the server under the conditions described in the advisory. Hgiga provides fixed package versions for both the 4.5 and 5.5 branches. Read more
TWCERT/CC published TVN-202604003 detailing two vulnerabilities in Openfind’s MailGates/MailAudit email security/audit products. One issue (CVE-2026-6350) is a critical stack-based buffer overflow rated 9.8 that could allow unauthenticated remote code execution. The second (CVE-2026-6351) is a high-severity CRLF injection rated 7.5 that could allow unauthenticated access to system files. Openfind’s technical team reported the issues; updates are available for affected versions. Read more
TWCERT/CC published a critical vulnerability notice for NewSoftOA, an office automation product from NewSoft (力新國際). The issue, tracked as CVE-2026-5965 and TVN-202604008, is an OS command injection flaw with a CVSS 3.1 score of 9.8. TWCERT/CC recommends upgrading to NewSoftOA 10.1.8.3 or later to address the risk. Read more