Track East Asia cyber, AI, cloud, and infrastructure risk before it becomes an incident.
Coupang Taiwan has announced a strategic partnership with HackerOne to launch the nation's first public bug bounty program, marking a significant shift toward open security validation following a 2025 data breach that impacted 200,000 Taiwanese customers. Read more
Microsoft has released significant updates for three core Sysinternals tools—ProcDump, Autoruns, and ZoomIt—enhancing forensic memory capture, startup persistence analysis, and technical presentation capabilities for IT professionals and security researchers. Read more
Broadcom has announced VCF 9.1, introducing a zero-trust architecture for private AI workloads, significant throughput gains for lateral threat detection, and expanded ransomware recovery options through new integration with CrowdStrike Falcon. Read more
Taiwan’s TWCERT/CC published a high-severity vulnerability notice for the D-Link DWM-222W Wi‑Fi 6 USB mobile network adapter/modem. The issue allows an unauthenticated attacker on the same network domain to bypass login attempt limits, enabling brute-force attempts that could lead to device control. D-Link firmware 1.02.00 and later is listed as the fix. Read more
BWH Hotels, operator of the Best Western brand, confirmed a security incident involving unauthorized access to a web application used for guest reservations. The breach spanned approximately six months, exposing personal guest information from October 2025 through April 2026. Read more
TWCERT/CC disclosed three vulnerabilities affecting WeiQiao Information’s “Single Sign-On and Electronic Directory Service System” (單一簽入暨電子目錄服務系統). Two medium-severity issues are open redirect (CVE-2026-3824) and reflected XSS (CVE-2026-3825), both described as exploitable by authenticated remote attackers via user interaction. A critical issue, CVE-2026-3826 (CVSS 9.8), is a local file inclusion flaw described as exploitable by an unauthenticated remote attacker and could enable server-side arbitrary code execution. TWCERT/CC recommends upgrading to IFTOP_P4_181 or later; versions before IFTOP_P4_181 are affected. Read more
Taiwan’s iThome reports that ransomware operators using the “Nitrogen” name have listed Foxconn (Hon Hai Precision Industry) as a victim on a dark-web leak site, claiming they stole 8TB of data comprising about 11 million files. The actors allege the haul includes confidential orders, projects, and design sketches tied to multiple technology companies, but the report notes those partner references are not yet independently verified. The disclosure follows a widely reported early-May IT outage at Foxconn’s U.S. Wisconsin campus; Foxconn confirmed an “IT network issue” and later stated that production operations at affected North American sites remained normal after response actions were initiated. Read more
TWCERT/CC published a Taiwan Vulnerability Note (TVN-202604011) detailing two vulnerabilities affecting Herlin Digital Technology’s AVACAST for Windows versions 5.10.10.43 and earlier. The issues—DLL hijacking (CVE-2026-7279, CVSS 7.8 High) and an unquoted service path (CVE-2026-7280, CVSS 6.7 Medium)—could allow authenticated local attackers (and in the second case, a local admin) to execute code with SYSTEM privileges. TWCERT/CC recommends updating to AVACAST 5.10.10.45 or later. Read more
TWCERT/CC disclosed a critical “Missing Authentication” vulnerability in Chunghwa Long Network’s GCB/FCB government/financial cybersecurity configuration audit software. The issue allows a remote, unauthenticated attacker to use an API function to create a new administrator-privileged account. Affected deployments are versions prior to 20260108; users are advised to upgrade to 20260108 or later. Read more
Microsoft’s May 12, 2026 Patch Tuesday release disclosed 137 CVEs across Microsoft products (down from 165 the prior month, per iThome). Including third‑party component fixes Microsoft shipped, the total reaches 265 vulnerabilities. iThome highlights 13 vulnerabilities Microsoft assessed as more likely to be targeted by attackers; most are elevation-of-privilege issues across Windows components, plus two Word remote code execution bugs. Four of the 13 are rated Critical, and the highest CVSS score called out is 9.1 for a Microsoft Single Sign-On (SSO) plugin used with Jira and Confluence. Read more