Posted on Identity & Governance Incidents & Breaches Security Operations Vulnerability Intelligence

Korean and Global Financial Sectors Face Multi-Layered Cyber Threats in Early 2026

March 2026 saw a surge in complex cyberattacks targeting financial institutions, characterized by Lazarus Group watering hole exploits, large-scale dark web data leaks, and targeted phishing. Vulnerabilities in AnySign4PC were used for remote code execution, while ransomware groups like Apt73 and WorldLeaks intensified double extortion tactics, significantly raising the risk profile for global and South Korean banking infrastructure. Read more

Posted on AI Security Identity & Governance Incidents & Breaches Security Operations

AhnLab April 2026 Dark Web Intelligence: High-Value Defense and Aerospace Data Leak Trends

The April 2026 dark web landscape was dominated by the leak of critical aerospace, defense, and military intelligence, including Boeing Artemis and Virginia-class submarine data. Notable activity from threat groups like ShinyHunters and the resurgence of BreachForums highlighted high-risk exposure across technology, financial, and government sectors, alongside the increasing commoditization of Phishing-as-a-Service and advanced malware builders. Read more

Posted on AI Security Identity & Governance Incidents & Breaches Security Operations

AhnLab April 2026 Report Highlights Surge in Targeted Critical Infrastructure Ransomware Attacks

The April 2026 Ransomware Threat Trend Report from AhnLab reveals a significant shift in ransomware operations, with groups increasingly focusing on critical infrastructure sectors. The report details heighted activity in the manufacturing, healthcare, and finance industries globally, alongside the emergence of new threat groups and sustained campaigns by established actors like Qilin and INC Ransom. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

CVE-2025-29865: Arbitrary File Download Vulnerability in Tagfree X-Free Uploader

KISA and KrCERT/CC have identified a high-severity arbitrary file download vulnerability in Tagfree X-Free Uploader. Designated as CVE-2025-29865, the flaw stems from insufficient validation of server communication parameters. If exploited, attackers could leak sensitive information or download arbitrary files. Users are urged to update to XFU versions 1.0.1.0085 or 2.0.1.0035. Read more

Posted on AI Security Cloud Security Security Operations Vulnerability Intelligence

CVE-2025-29866: Critical Improper Privilege Validation in Tagfree X-Free Uploader

A high-severity vulnerability (CVE-2025-29866) has been identified in Tagfree's X-Free Uploader, allowing unauthorized attackers to delete arbitrary files. With a CVSS score of 8.8, this improper privilege validation flaw enables data tampering and system disruption. South Korea's KISA recommends immediate patching to versions 1.0.1.0085 or 2.0.1.0035 to mitigate operational risks. Read more

Posted on AI Infrastructure Risk Identity & Governance Security Operations Vulnerability Intelligence

ALZip Vulnerability CVE-2025-29864 Bypass Windows Mark of the Web Defenses

A vulnerability in ESTsoft ALZip versions 12.01 through 12.29 fails to propagate 'Mark of the Web' (MoTW) Zone.Identifier streams when extracting files. This flaw, tracked as CVE-2025-29864, allows malicious content to bypass Windows security warnings, potentially leading to unauthorized code execution if users are tricked into opening unflagged malicious files. Read more

Posted on AI Infrastructure Risk Incidents & Breaches Security Operations Vulnerability Intelligence

KISA Issues Warning for Type Confusion Vulnerability in Hancom Office

South Korea's KISA and KrCERT/CC have disclosed a high-severity type confusion vulnerability (CVE-2025-29867) in Hancom Office. The flaw resides in the DOC file processing logic, potentially allowing remote attackers to execute arbitrary code. Users of Hancom Office versions 2018 through 2024 must apply security updates to mitigate risks of system compromise through malicious documents. Read more

Posted on AI Infrastructure Risk Incidents & Breaches Security Operations Vulnerability Intelligence

CVE-2026-24497: Critical Buffer Overflow in SimTech Systems ThinkWise Facilitates Remote Code Execution

A high-severity buffer overflow vulnerability (CVE-2026-24497) has been identified in SimTech Systems' ThinkWise mind-mapping software. Affecting versions 7 through 22, the flaw allows remote attackers to execute arbitrary code. Users are urged to upgrade to ThinkWise 23 immediately to mitigate the risk of complete system compromise via malicious file formats. Read more

Posted on AI Infrastructure Risk Identity & Governance Security Operations Vulnerability Intelligence

Cisco Security Advisory Addresses Critical Vulnerabilities in Crosswork, NSO, and ESA Systems

Cisco has released urgent security updates to address significant vulnerabilities in its networking and security product lines. The advisories cover denial-of-service risks in the Crosswork Network Controller and Network Services Orchestrator (NSO), as well as long-standing resource management issues in Cisco Email Security Appliance (ESA) running legacy AsyncOS software. Read more

Posted on Cloud Security Identity & Governance Security Operations Vulnerability Intelligence

KISA Issues Security Advisory for Critical Out-of-Bounds Write Vulnerability in Palo Alto Networks PAN-OS

Palo Alto Networks has released critical security updates addressing CVE-2026-0300, an out-of-bounds write vulnerability in its PAN-OS software. Affecting versions 10.2 through 12.1, the flaw poses significant risks to network infrastructure security. The Korea Internet & Security Agency (KISA) strongly recommends that organizations apply the specific hotfixes and maintenance releases provided to mitigate potential exploitation risks. Read more