January 01, 2026
January 01, 2026 Hash 19e9fde3f589f83d8a21a55ec752c6cfb 2b52bee43ee9d61bcd78598e6b446aa74 38a8469bc6aa94a9b05defe6a5769913c URL 1https[:]//kojima-tax[.]jp/ 2https[:]//forkidsdax[.]weebly[.]com/ 3http[:]//onedrivelive[.]com/ IP 1115[.]190[.]211[.]111 278[.]153[.]140[.]203 3154[.]83[.]14[.]191...
Guloader Malware Being Disguised as Employee Performance Reports
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Guloader malware being distributed via phishing emails disguised as an employee performance report. The email claims to be informing the recipient about the report for October 2025, and prompts the recipient to check the attachment by mentioning the plan to dismiss some
Statistics Report on Malware Targeting Windows Web Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting poorly managed Windows web servers. This post will cover the damage status of Windows web servers that have become attack targets and the statistics of attacks that occurred against these
Statistics Report on Malware Targeting Windows Database Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting MS-SQL and MySQL servers installed on Windows operating systems. This post covers the damage status of MS-SQL and MySQL servers that have become attack targets and statistics on attacks against these
Statistics Report on Malware Targeting Linux SSH Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes a honeypot to respond to and classify brute-force and dictionary attacks targeting poorly managed Linux SSH servers. This post covers the status of the attack sources identified in the logs from the fourth quarter of 2025 and the statistics of attacks launched by these
January 08, 2026
January 08, 2026 Hash 145dd82229d9444e0533b20ea421e0af8 21a7e744a10a5a8208dc5b352a3a451ce 35e3e0642b211a97a7d1e728e4e23b34a URL 1http[:]//201[.]110[.]32[.]134/ 2http[:]//sms[.]gestordealtaperformance[.]com[.]br/ 3https[:]//www[.]tashge[.]cfd/ IP 145[.]78[.]217[.]77 214[.]103[.]111[.]109 320[.]123[.]146[.]92...
N8n Security Update Advisory (CVE-2025-68668)
Overview We have released a security update to address a vulnerability in n8n. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-68668 N8n Versions: 1.0.0 and above and 2.0.0 and below Resolved Vulnerabilities Arbitrary command execution vulnerability
WordPress Plugin Security Update Advisory (CVE-2025-13486)
Overview We have released a security update to address a vulnerability in our WordPress plugin. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-13486 Advanced Custom Fields: Extended Versions: 0.9.0.5 and later and 0.9.1.1 and earlier Resolved Vulnerabilities
JsPDF Security Update Advisory (CVE-2025-68428)
Overview We have released a security update to address a vulnerability in jsPDF. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-68428 jspdf Version: 3.0.4 and earlier Resolved Vulnerabilities Local file inclusion and path manipulation vulnerability in
Ransom & Dark Web Issues Week 1, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2026 South Korean University Website Data Shared on DarkForums Saudi Arabian Employment Platform Data Sold on BreachForums and DarkForums Recent Security Activity Involving the Ransomware Group Vect
