Track East Asia cyber, AI, cloud, and infrastructure risk before it becomes an incident.
In March 2026, AhnLab observed South Korea-targeted APT attacks primarily using spear-phishing emails with LNK files to deploy malware via PowerShell, curl, HTA, and scripting chains, leading to info-stealers, keyloggers, and memory-resident backdoors. Read more
Monitor JPCERT/CC alerts as a primary source for Japanese enterprise and infrastructure risk, focusing on vendor advisories, exploitation signals, and exposure relevant to global security teams. This evergreen playbook outlines how to use the official JPCERT/CC RSS feed for continuous monitoring without treating it as breaking news. Read more
AhnLab SEcurity intelligence Center (ASEC) reports persistent targeting of Windows-based IIS and Apache Tomcat servers in Q1 2026. Attackers, notably the Larva-26001 threat actor, utilize web shell command execution, privilege escalation exploits like JuicyPotato, and port-forwarding tools to seize control of infected systems through RDP-mediated access and internal network lateral movement. Read more
March 2026 saw a surge in complex cyberattacks targeting financial institutions, characterized by Lazarus Group watering hole exploits, large-scale dark web data leaks, and targeted phishing. Vulnerabilities in AnySign4PC were used for remote code execution, while ransomware groups like Apt73 and WorldLeaks intensified double extortion tactics, significantly raising the risk profile for global and South Korean banking infrastructure. Read more
Genians has addressed CVE-2024-23843, a SQL injection vulnerability in its Genian NAC management console. The flaw stems from insufficient validation of user-supplied search parameters, potentially allowing unauthorized data exposure. Organizations using Genian NAC V5.0 or its LTS variants should upgrade to the latest versions to mitigate the risk of database compromise within their security infrastructure. Read more
KISA and KrCERT/CC have identified a high-severity arbitrary file download vulnerability in Tagfree X-Free Uploader. Designated as CVE-2025-29865, the flaw stems from insufficient validation of server communication parameters. If exploited, attackers could leak sensitive information or download arbitrary files. Users are urged to update to XFU versions 1.0.1.0085 or 2.0.1.0035. Read more
A high-severity vulnerability (CVE-2025-29866) has been identified in Tagfree's X-Free Uploader, allowing unauthorized attackers to delete arbitrary files. With a CVSS score of 8.8, this improper privilege validation flaw enables data tampering and system disruption. South Korea's KISA recommends immediate patching to versions 1.0.1.0085 or 2.0.1.0035 to mitigate operational risks. Read more
A vulnerability in ESTsoft ALZip versions 12.01 through 12.29 fails to propagate 'Mark of the Web' (MoTW) Zone.Identifier streams when extracting files. This flaw, tracked as CVE-2025-29864, allows malicious content to bypass Windows security warnings, potentially leading to unauthorized code execution if users are tricked into opening unflagged malicious files. Read more
South Korea's KISA and KrCERT/CC have disclosed a high-severity type confusion vulnerability (CVE-2025-29867) in Hancom Office. The flaw resides in the DOC file processing logic, potentially allowing remote attackers to execute arbitrary code. Users of Hancom Office versions 2018 through 2024 must apply security updates to mitigate risks of system compromise through malicious documents. Read more
A high-severity buffer overflow vulnerability (CVE-2026-24497) has been identified in SimTech Systems' ThinkWise mind-mapping software. Affecting versions 7 through 22, the flaw allows remote attackers to execute arbitrary code. Users are urged to upgrade to ThinkWise 23 immediately to mitigate the risk of complete system compromise via malicious file formats. Read more