Track East Asia cyber, AI, cloud, and infrastructure risk before it becomes an incident.
In March 2026, AhnLab observed South Korea-targeted APT attacks primarily using spear-phishing emails with LNK files to deploy malware via PowerShell, curl, HTA, and scripting chains, leading to info-stealers, keyloggers, and memory-resident backdoors. Read more
ASEC’s analysis of ASD logs for Q1 2026 shows persistent attacks on Windows-based MS-SQL and MySQL servers, with a temporary decline in February followed by a March rebound. The Larva-26002 threat actor was observed deploying the Go-written ICE Cloud scanner via BCP exploitation on mismanaged MS-SQL systems, continuing prior use of Trigona and Mimic ransomware. Turkish-language strings in the scanner align with earlier Mimic campaigns. Primary vectors include brute force, dictionary attacks, and exploitation of weak or misconfigured accounts due to poor administrative hygiene. Read more
March 2026 saw a surge in complex cyberattacks targeting financial institutions, characterized by Lazarus Group watering hole exploits, large-scale dark web data leaks, and targeted phishing. Vulnerabilities in AnySign4PC were used for remote code execution, while ransomware groups like Apt73 and WorldLeaks intensified double extortion tactics, significantly raising the risk profile for global and South Korean banking infrastructure. Read more
Genians has addressed CVE-2024-23843, a SQL injection vulnerability in its Genian NAC management console. The flaw stems from insufficient validation of user-supplied search parameters, potentially allowing unauthorized data exposure. Organizations using Genian NAC V5.0 or its LTS variants should upgrade to the latest versions to mitigate the risk of database compromise within their security infrastructure. Read more
The April 2026 dark web landscape was dominated by the leak of critical aerospace, defense, and military intelligence, including Boeing Artemis and Virginia-class submarine data. Notable activity from threat groups like ShinyHunters and the resurgence of BreachForums highlighted high-risk exposure across technology, financial, and government sectors, alongside the increasing commoditization of Phishing-as-a-Service and advanced malware builders. Read more
The April 2026 Ransomware Threat Trend Report from AhnLab reveals a significant shift in ransomware operations, with groups increasingly focusing on critical infrastructure sectors. The report details heighted activity in the manufacturing, healthcare, and finance industries globally, alongside the emergence of new threat groups and sustained campaigns by established actors like Qilin and INC Ransom. Read more
A vulnerability in ESTsoft ALZip versions 12.01 through 12.29 fails to propagate 'Mark of the Web' (MoTW) Zone.Identifier streams when extracting files. This flaw, tracked as CVE-2025-29864, allows malicious content to bypass Windows security warnings, potentially leading to unauthorized code execution if users are tricked into opening unflagged malicious files. Read more
A security bypass vulnerability (CVE-2026-24498) in EFM-Networks ipTIME wireless routers allows unauthorized actors to extract Wi-Fi passwords in plaintext. Impacting multiple models including the T5008 and AX-series, the flaw bypasses internal security controls. Users must update to firmware version 15.27.2 or higher to remediate the risk of local credential theft. Read more
Cisco has released urgent security updates to address significant vulnerabilities in its networking and security product lines. The advisories cover denial-of-service risks in the Crosswork Network Controller and Network Services Orchestrator (NSO), as well as long-standing resource management issues in Cisco Email Security Appliance (ESA) running legacy AsyncOS software. Read more
Palo Alto Networks has released critical security updates addressing CVE-2026-0300, an out-of-bounds write vulnerability in its PAN-OS software. Affecting versions 10.2 through 12.1, the flaw poses significant risks to network infrastructure security. The Korea Internet & Security Agency (KISA) strongly recommends that organizations apply the specific hotfixes and maintenance releases provided to mitigate potential exploitation risks. Read more