South Korea's NIS said North Korean hackers kept exploiting vulnerable MagicLine4NX authentication software after earlier public warnings and March patches. The agency said nearly 50 organizations had been compromised by malware tied to North Korea's Reconnaissance General Bureau, while a smaller set of non-responders remained exposed because they had not removed or patched the software. NIS, the National Cyber Security Center, AhnLab, Hauri, and ESTsecurity launched the Magic Broom Operation to detect and remove vulnerable installations across enterprise customers, with unaffiliated users directed to a government removal tool. The report also notes attempted preparation for follow-on attacks, including abuse of a news website vulnerability that could have affected visitors with vulnerable systems.