An in-depth analysis focusing on the 2025 SKT breach, the core security structures of telecom infrastructure, and historical global incidents (Gemalto, APT10, Circles). Also covers subscriber authentication (Ki, SUPI/SUCI) and security differences between 5G SA and NSA.

A detailed analysis of the CVE-2019-17570 deserialization vulnerability in the Apache XML-RPC library, including patching methods and secure implementation practices.

The 2025 KakaoPay case exposed the limits of formal consent and self-regulation. Data democracy must be achieved through AI-based DPIA verification and civic oversight.

The global security community has depended on CVE for decades without ever paying a dime. As the system nears collapse, it’s time to ask who should bear the cost of public cybersecurity infrastructure.

📂 [Confidential Document] Leaked Copy In the AI Era, Employees Are Isolated and Organizations Thrive — Evil Management Manual v1.0 1. Human Relationships? Eliminate Them What happens when people get too close? Gossip Mass resignations Solidarity and resistance ✅ Solution: Build an AI-centered communication system Automate meeting summaries, reminders, and reports Reduce human interaction → Eliminate emotional overhead “Teamwork is a cost. Efficiency comes from silent individuals.” ...

We live in an era overflowing with information and surging technology. AI mimics human speech, summarizes thought, and even predicts intent. But amidst all this, something vital is slowly being forgotten. That is: “Who thought of it first,” “Who connected it,” “Who gave it meaning.” AI processes data. But insight belongs to humans. To reinterpret the bypassing of Citrix VDI policies not as a mere technical vulnerability, but as a legal violation, a collapse of network isolation, and a real-world regulatory failure— that is not something AI can do. It is a human act of context-building and a creative synthesis of law, policy, and technical risk. ...

This article breaks down common developer security myths—responsibility deflection, overconfidence in technology, and security underestimation—and offers realistic countermeasures.

Background Public DNS services like Cloudflare (1.1.1.1) and Google (8.8.8.8) have increasingly been abused as C2 channels for malware. Technologies such as DoH (DNS over HTTPS) and ECH (Encrypted Client Hello) encrypt DNS traffic and SNI fields, making it difficult for security solutions to detect and inspect network activity. Note: ESNI (Encrypted SNI) is deprecated and has been replaced by ECH as the current standard. This guide focuses on ECH only. ...

Summary Overview of XML-RPC Vulnerabilities: As a lightweight remote call protocol for inter-system communication, XML-RPC is exposed to various threats such as RCE, XXE, DDoS, and privilege escalation. Notable Cases: NodeBB (CVE-2023-43187), Apache OFBiz (CVE-2020-9496), PHP XML-RPC (CVE-2005-1921), etc. Real-World Use Cases: In addition to WordPress, Bugzilla, ManageEngine, and Apache OFBiz, XML-RPC is still used in some legacy systems. Mitigation Strategies: Disabling XML-RPC, enhancing input validation, reinforcing authentication systems, applying up-to-date security patches, implementing access control, and deploying WAFs. What is XML-RPC? XML-RPC (XML Remote Procedure Call) is a remote procedure call protocol that uses XML as its data format and HTTP as its transport mechanism. Proposed jointly by Dave Winer and Microsoft in 1998, it was designed to simplify cross-platform communication. ...