Guloader Malware Being Disguised as Employee Performance Reports
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Guloader malware being distributed via phishing emails disguised as an employee performance report. The email claims to be informing the recipient about the report for October 2025, and prompts the recipient to check the attachment by mentioning the plan to dismiss some
January 01, 2026
January 01, 2026 Hash 19e9fde3f589f83d8a21a55ec752c6cfb 2b52bee43ee9d61bcd78598e6b446aa74 38a8469bc6aa94a9b05defe6a5769913c URL 1https[:]//kojima-tax[.]jp/ 2https[:]//forkidsdax[.]weebly[.]com/ 3http[:]//onedrivelive[.]com/ IP 1115[.]190[.]211[.]111 278[.]153[.]140[.]203 3154[.]83[.]14[.]191...
WordPress Plugin Security Update Advisory (CVE-2025-13486)
Overview We have released a security update to address a vulnerability in our WordPress plugin. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-13486 Advanced Custom Fields: Extended Versions: 0.9.0.5 and later and 0.9.1.1 and earlier Resolved Vulnerabilities
JsPDF Security Update Advisory (CVE-2025-68428)
Overview We have released a security update to address a vulnerability in jsPDF. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-68428 jspdf Version: 3.0.4 and earlier Resolved Vulnerabilities Local file inclusion and path manipulation vulnerability in
Ransom & Dark Web Issues Week 1, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2026 South Korean University Website Data Shared on DarkForums Saudi Arabian Employment Platform Data Sold on BreachForums and DarkForums Recent Security Activity Involving the Ransomware Group Vect
Google Chrome Browser (143.0.7499.192/.193) Security Update Advisory
Overview Google has released an update to address a vulnerability in the Chrome(https://www.google.com/chrome) browser. users of affected versions are advised to update to the latest version. Affected Products Chrome before version 143.0.7499.192 (Linux) Chrome before version 143.0.7499.192/.193 (Windows/Mac) Resolved Vulnerabilities High-level policy enforcement flaw in
RMM Tools (Syncro, SuperOps, NinjaOne, etc.) Being Distributed Disguised as Video Files
AhnLab SEcurity intelligence Center (ASEC) recently discovered cases of attacks using RMM tools such as Syncro, SuperOps, NinjaOne, and ScreenConnect. Threat actors distributed a PDF file that prompted users to download and run the RMM tool from a disguised distribution page such as Google Drive. The certificate used to sign
Statistics Report on Malware Targeting Windows Web Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting poorly managed Windows web servers. This post will cover the damage status of Windows web servers that have become attack targets and the statistics of attacks that occurred against these
January 08, 2026
January 08, 2026 Hash 145dd82229d9444e0533b20ea421e0af8 21a7e744a10a5a8208dc5b352a3a451ce 35e3e0642b211a97a7d1e728e4e23b34a URL 1http[:]//201[.]110[.]32[.]134/ 2http[:]//sms[.]gestordealtaperformance[.]com[.]br/ 3https[:]//www[.]tashge[.]cfd/ IP 145[.]78[.]217[.]77 214[.]103[.]111[.]109 320[.]123[.]146[.]92...
Statistics Report on Malware Targeting Windows Database Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting MS-SQL and MySQL servers installed on Windows operating systems. This post covers the damage status of MS-SQL and MySQL servers that have become attack targets and statistics on attacks against these
