Do Son, Author at Daily CyberSecurity • Page 125 of 726

Early-Boot Attack: UEFI Flaw in ASRock, ASUS, & MSI Boards Lets Hackers Bypass OS Security via PCIe UEFI DMA Protection, IOMMU Initialization Failure

UEFI DMA Protection, IOMMU Initialization Failure

Early-Boot Attack: UEFI Flaw in ASRock, ASUS, & MSI Boards Lets Hackers Bypass OS Security via PCIe

Do Son December 19, 2025

A fundamental breakdown in how modern computers secure themselves during the boot process has been exposed, leaving...

Mario’s Deadly Upgrade: RansomHouse Unveils Dual-Key Encryption to Defeat Backups and Recovery RansomHouse Mario Malware, Jolly Scorpius Encryption

RansomHouse Mario Malware, Jolly Scorpius Encryption

Mario’s Deadly Upgrade: RansomHouse Unveils Dual-Key Encryption to Defeat Backups and Recovery

Do Son December 19, 2025

Jolly Scorpius, the cybercriminal group behind the notorious RansomHouse operation, has rolled out a major overhaul of...

Phantom v3.5 Alert: New Info-Stealer Disguised as Adobe Update Uses SMTP to Loot Digital Lives Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Phantom v3.5 Alert: New Info-Stealer Disguised as Adobe Update Uses SMTP to Loot Digital Lives

Do Son December 19, 2025

A new variant of the Phantom information stealer has emerged in the wild, masquerading as a routine...

The Final Cut: Why the Oscars are Leaving ABC for a YouTube-Only Future in 2029 Oscars YouTube Exclusive 2029, Academy Awards Streaming Transition

Oscars YouTube Exclusive 2029, Academy Awards Streaming Transition

The Final Cut: Why the Oscars are Leaving ABC for a YouTube-Only Future in 2029

Do Son December 19, 2025

As streaming platforms have fundamentally reshaped viewing habits, Hollywood’s most emblematic awards ceremony—the Academy Awards (the Oscars)—has...

VPN Betrayal: Popular “Free” Extensions Caught Siphoning 8 Million Users’ Private AI Chats Urban VPN AI Chat Harvesting, KOI Security Extension Scandal

Urban VPN AI Chat Harvesting, KOI Security Extension Scandal

VPN Betrayal: Popular “Free” Extensions Caught Siphoning 8 Million Users’ Private AI Chats

Do Son December 19, 2025

Cybersecurity firm KOI recently published a blog post revealing that the Urban VPN Proxy browser extension—whose cumulative...

Flash Forward: Google’s New Gemini 3 Flash Shatters Efficiency Records and Rival Flagships Apple iOS 26.4 Siri Google Gemini, AFM v10 parameter count Gemini 3 Flash benchmarks, Google Gemini 3 Flash vs GPT-5.2

Apple iOS 26.4 Siri Google Gemini, AFM v10 parameter count Gemini 3 Flash benchmarks, Google Gemini 3 Flash vs GPT-5.2

Flash Forward: Google’s New Gemini 3 Flash Shatters Efficiency Records and Rival Flagships

Do Son December 19, 2025

Barely a month after the debut of Gemini 3 Pro in November, Google has moved swiftly to...

No-KYC Crypto Wallets Attract Attention as Privacy and Security Risks Shape Digital Finance Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

No-KYC Crypto Wallets Attract Attention as Privacy and Security Risks Shape Digital Finance

Do Son December 18, 2025

The continued expansion of digital finance has brought renewed attention to how cryptocurrency systems intersect with access...

The Developer Win: GitHub Postpones Self-Hosted Runner Fee After Massive Community Outcry GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

The Developer Win: GitHub Postpones Self-Hosted Runner Fee After Massive Community Outcry

Do Son December 18, 2025

Recently, the code hosting platform GitHub published a blog post announcing that, starting March 1, 2026, GitHub...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-37164 (CVSS 10.0): Unauthenticated HPE OneView RCE Grants Total Control Over Data Centers

Do Son December 18, 2025

Hewlett Packard Enterprise (HPE) has sounded the alarm on a catastrophic security vulnerability in its flagship infrastructure...

CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains CISA KEV Update, Cisco Zero-Day KEV Vulnerabilities

CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains

Do Son December 18, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive adding three critical vulnerabilities to...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Cisco Zero-Day Siege: Chinese Group UAT-9686 Deploys ‘Aqua’ Malware via CVSS 10 Root Exploit

Do Son December 18, 2025

A critical zero-day vulnerability in Cisco’s secure email appliances is under active siege by a sophisticated Chinese...

Zero-Day Warning: Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE SonicWall Zero-Day, SMA1000 Exploit Chain SonicWall, firewall configuration CVE-2024-29010 & CVE-2024-29011 SonicWall NetExtender VPN Vulnerability

SonicWall Zero-Day, SMA1000 Exploit Chain SonicWall, firewall configuration CVE-2024-29010 & CVE-2024-29011 SonicWall NetExtender VPN Vulnerability

Zero-Day Warning: Hackers Chain SonicWall SMA1000 Flaws for Unauthenticated Root RCE

Do Son December 18, 2025

SonicWall has issued an urgent security advisory for its high-end remote access appliances, patching a vulnerability that,...

Academic Ambush: How the Forum Troll APT Hijacks Scholars’ Systems via Fake Plagiarism Reports Forum Troll APT, Academic Espionage

Academic Ambush: How the Forum Troll APT Hijacks Scholars’ Systems via Fake Plagiarism Reports

Do Son December 18, 2025

A relentless Advanced Persistent Threat (APT) group known as “Forum Troll” has shifted its crosshairs from corporate...

Locked Out of the Cloud: Hackers Use AWS Termination Protection to Hijack ECS for Unstoppable Crypto Mining AWS Cryptojacking, Termination Protection

AWS Cryptojacking, Termination Protection

Locked Out of the Cloud: Hackers Use AWS Termination Protection to Hijack ECS for Unstoppable Crypto Mining

Do Son December 18, 2025

In a striking display of cloud-native tradecraft, cybercriminals have been caught turning legitimate AWS environments into illicit...

Blurred Deception: Russian APT Targets Transnistria and NATO with High-Pressure Phishing Lures Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Blurred Deception: Russian APT Targets Transnistria and NATO with High-Pressure Phishing Lures

Do Son December 18, 2025

A sophisticated Russian Advanced Persistent Threat (APT) group has launched a targeted credential harvesting campaign against the...

“Better Auth” Framework Alert: The Double-Slash Trick That Bypasses Security Controls Better Auth Bypass, rou3 Path Normalization Better Auth Bypass, CVE-2025-61928 Better Auth vulnerability

Better Auth Bypass, rou3 Path Normalization Better Auth Bypass, CVE-2025-61928 Better Auth vulnerability

“Better Auth” Framework Alert: The Double-Slash Trick That Bypasses Security Controls

Do Son December 18, 2025

A high-severity vulnerability has been disclosed in Better Auth, a rapidly growing authentication framework for TypeScript, potentially...

Ink Dragon’s Global Mesh: How Chinese Spies Turn Compromised Government Servers into C2 Relay Nodes Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Ink Dragon’s Global Mesh: How Chinese Spies Turn Compromised Government Servers into C2 Relay Nodes

Do Son December 18, 2025

A sophisticated Chinese cyber-espionage group is rewriting the rules of persistence, turning compromised government servers into a...

CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover Apache Commons Text RCE, FileMaker Server Patch

CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover

Do Son December 18, 2025

A critical vulnerability has been fixed in Apache Commons Text, a ubiquitous Java library used for text...

RTO Challan Scam: How a Fake Traffic Ticket and a Malicious VPN Can Drain Your Bank Account RTO Challan Malware, Indian Mobile Fraud

RTO Challan Scam: How a Fake Traffic Ticket and a Malicious VPN Can Drain Your Bank Account

Do Son December 18, 2025

A sophisticated new mobile fraud operation is targeting millions of Indian smartphone users, turning the anxiety of...

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users systeminformation RCE, Node.js Command Injection

Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users

Do Son December 18, 2025

A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of...