Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Escape “Calendar Purgatory”: Google’s New Gemini AI Autopilot Schedules Your Meetings for You

Google Calendar Gemini AI

Escape “Calendar Purgatory”: Google’s New Gemini AI Autopilot Schedules Your Meetings for You

Do Son January 27, 2026

For many professionals, the endeavor of “scheduling a meeting” proves far more taxing than the actual assembly...

OpenAI’s Big Ad Gamble: Why ChatGPT Ads Cost 3x More Than Meta With Way Less Data ChatGPT advertising US only OpenAI GPT-5.4 launch OpenAI Responses API file support ChatGPT Ads pricing ChatGPT conversational advertising, OpenAI monetization strategy 2026 OpenAI Code Red, ChatGPT Sycophancy Crisis AI music ChatGPT memory, targeted ads ChatGPT User Milestone, Generative AI Adoption ChatGPT ads, AI monetization GPT-5, OpenAI

ChatGPT advertising US only OpenAI GPT-5.4 launch OpenAI Responses API file support ChatGPT Ads pricing ChatGPT conversational advertising, OpenAI monetization strategy 2026 OpenAI Code Red, ChatGPT Sycophancy Crisis AI music ChatGPT memory, targeted ads ChatGPT User Milestone, Generative AI Adoption ChatGPT ads, AI monetization GPT-5, OpenAI

OpenAI’s Big Ad Gamble: Why ChatGPT Ads Cost 3x More Than Meta With Way Less Data

Do Son January 27, 2026

OpenAI is currently orchestrating the strategic integration of advertisements within ChatGPT. Consequently, users of the complimentary tier...

The Miami Glitch: How a Single Config Error Leaked Cloudflare’s IPv6 Routes to the Global Internet Cloudflare BGP route leak

Cloudflare BGP route leak

The Miami Glitch: How a Single Config Error Leaked Cloudflare’s IPv6 Routes to the Global Internet

Do Son January 27, 2026

The network infrastructure titan Cloudflare recently disseminated a comprehensive technical post-mortem regarding a consequential Border Gateway Protocol...

Apple Unlocks AirTag 2: New iOS Update Brings High-Precision Tracking to Your Wrist iOS 27 rumors iOS 26.2.1 Update Apple Intelligence, iOS 26 iOS Notification Forwarding, EU DMA Compliance

iOS 27 rumors iOS 26.2.1 Update Apple Intelligence, iOS 26 iOS Notification Forwarding, EU DMA Compliance

Apple Unlocks AirTag 2: New iOS Update Brings High-Precision Tracking to Your Wrist

Do Son January 27, 2026

Apple has recently disseminated iOS 26.2.1 and watchOS 26.2.1, firmware updates specifically engineered to facilitate the launch...

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps Lockbit ransomware vm2 Vulnerability Sandbox Escape

Lockbit ransomware vm2 Vulnerability Sandbox Escape

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps

Do Son January 27, 2026

A critical security vulnerability has been unearthed in vm2, a highly popular sandbox library for Node.js used...

Incomplete Fix: High-Severity React Server Components DoS Flaw (CVE-2026-23864) React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

Incomplete Fix: High-Severity React Server Components DoS Flaw (CVE-2026-23864)

Do Son January 27, 2026

The team behind React, the JavaScript library that powers a vast swath of the modern web, has...

High-Severity Flaw in Western Digital Installer Opens Door to Code Execution WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

High-Severity Flaw in Western Digital Installer Opens Door to Code Execution

Do Son January 27, 2026

Western Digital, a titan in the data storage industry, has rolled out a critical update for its...

Stealth in Script: “PeckBirdy” Framework Powers New Wave of China-Aligned Attacks CVE-2024-22394

CVE-2024-22394

Stealth in Script: “PeckBirdy” Framework Powers New Wave of China-Aligned Attacks

Do Son January 27, 2026

A sophisticated new cyberweapon has been spotted in the arsenals of China-aligned Advanced Persistent Threat (APT) groups,...

Under Attack: Microsoft Patches Office Zero-Day (CVE-2026-21509) Exploited in the Wild CVE-2024-38021 Microsoft Office Zero-Day CVE-2026-21509

CVE-2024-38021 Microsoft Office Zero-Day CVE-2026-21509

Under Attack: Microsoft Patches Office Zero-Day (CVE-2026-21509) Exploited in the Wild

Do Son January 27, 2026

Microsoft has rolled out an urgent security update to plug a zero-day hole exploited in attacks in...

Why Your Incident Response Plan Will Fail without a Sandbox Screenshot 2026-01-26 at 09.57.09

Screenshot 2026-01-26 at 09.57.09

Why Your Incident Response Plan Will Fail without a Sandbox

Do Son January 27, 2026

Your IR plan probably isn’t failing because it’s “bad.” It fails because, when something suspicious shows up,...

What Makes an AI SOC Decision Trustworthy? CVE-2024-6806 & CVE-2024-6805

CVE-2024-6806 & CVE-2024-6805

What Makes an AI SOC Decision Trustworthy?

Do Son January 27, 2026

When you put your career on the line over AI-driven decisions, those decisions had better be defensible,...

High-Severity DoS Flaw Hits Google Protocol Buffers (CVE-2026-0994)

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

High-Severity DoS Flaw Hits Google Protocol Buffers (CVE-2026-0994)

Do Son January 27, 2026

A high-severity vulnerability has been discovered in Protocol Buffers (protobuf), Google’s widely used mechanism for serializing structured...

“Repo Squatting”: How Hackers Are Using GitHub’s Own Features to Hijack Official Repos GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

“Repo Squatting”: How Hackers Are Using GitHub’s Own Features to Hijack Official Repos

Do Son January 27, 2026

In a clever twist on software supply chain attacks, threat actors are weaponizing a quirk in GitHub’s...

Exploit Code Publicly Released: Critical Firefox WebRTC Flaw Allows RCE (CVSS 9.8) Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Exploit Code Publicly Released: Critical Firefox WebRTC Flaw Allows RCE (CVSS 9.8)

Do Son January 27, 2026

A critical vulnerability in Mozilla Firefox has been found, with security researchers publicly releasing both the technical...

“G_Wagon” Malware Hides in Fake NPM UI Library to Steal Cloud Keys Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

“G_Wagon” Malware Hides in Fake NPM UI Library to Steal Cloud Keys

Do Son January 27, 2026

It looked like just another UI library. “ansi-universal-ui” promised to be a “lightweight, modular UI component system...

Hijacking the Hackers: Researchers Sinkhole “KazakRAT” Espionage Campaign KazakRAT Espionage State-Affiliated Malware

KazakRAT Espionage State-Affiliated Malware

Hijacking the Hackers: Researchers Sinkhole “KazakRAT” Espionage Campaign

Do Son January 27, 2026

A persistent, suspected state-affiliated cyber espionage campaign targeting government and financial entities in Kazakhstan and Afghanistan has...

The CAPTCHA Trap: ClearFake Malware Tricks Users Into Hacking Themselves axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

The CAPTCHA Trap: ClearFake Malware Tricks Users Into Hacking Themselves

Do Son January 27, 2026

A sophisticated malware campaign is turning a standard security verification step into a trap. Security researchers at...

“Contagious Interview”: How North Korean Hackers Use Fake Jobs to Breach IT Firms PurpleBravo Contagious Interview

PurpleBravo Contagious Interview

“Contagious Interview”: How North Korean Hackers Use Fake Jobs to Breach IT Firms

Do Son January 27, 2026

The perfect job offer landed in your inbox. The recruiter was polite, the company looked legitimate, and...

Trusted Tool, Hidden Threat: Official EmEditor Installer Hijacked to Push Malware EmEditor Supply Chain Attack Trojanized Installer

EmEditor Supply Chain Attack Trojanized Installer

Trusted Tool, Hidden Threat: Official EmEditor Installer Hijacked to Push Malware

Do Son January 27, 2026

A compromised installer for EmEditor, a text editor trusted by developers worldwide, has been used to distribute...

1Password’s New “Genius” Defense: A Shield Against the Sneaky Copy-Paste Phishing Trap 1Password phishing protection

1Password phishing protection

1Password’s New “Genius” Defense: A Shield Against the Sneaky Copy-Paste Phishing Trap

Do Son January 26, 2026

The password management titan 1Password has recently unveiled an advanced layer of security designed to fortify user...