Do Son, Author at Daily CyberSecurity • Page 129 of 726

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan vs-c

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan

Do Son December 15, 2025

A sophisticated malware campaign has been uncovered within the Visual Studio Code (VS Code) Marketplace, exposing a...

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners React2Shell RCE, Widespread Exploitation

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners

Do Son December 13, 2025

The cybersecurity landscape was jolted this month by the disclosure of a catastrophic vulnerability in one of...

Linux Kernel io_uring UAF Flaw Used to Cheat BPF Verifier and Achieve Container Escape, PoC Releases Linux io_uring UAF, Kernel Exploit Primitive

Linux Kernel io_uring UAF Flaw Used to Cheat BPF Verifier and Achieve Container Escape, PoC Releases

Do Son December 13, 2025

Two security researchers, known by the handles st424204 and d4em0n, have published a deep-dive analysis of a...

Apache Airflow Flaws Leak Sensitive Credentials in UI via DAG Tracebacks & Template Rendering Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Apache Airflow Flaws Leak Sensitive Credentials in UI via DAG Tracebacks & Template Rendering

Do Son December 13, 2025

The maintainers of Apache Airflow, the industry-standard platform for programmatic workflow authoring, have released a crucial security...

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets

Do Son December 13, 2025

Apple has issued an urgent security intervention for iPhone and iPad users, releasing patches for two critical...

OpenAI Fights Back: GPT-5.2 Unveiled to Rival Google’s Gemini 3 Pro OpenAI GPT-5.2, Gemini 3 Pro Rival

OpenAI Fights Back: GPT-5.2 Unveiled to Rival Google’s Gemini 3 Pro

Do Son December 12, 2025

On the very same day it announced its historic partnership with Disney, OpenAI finally unveiled the model...

The IP Wall Falls: Disney Invests $1B in OpenAI to License 200+ Characters for AI Disney OpenAI $1B, AI Character Licensing

The IP Wall Falls: Disney Invests $1B in OpenAI to License 200+ Characters for AI

Do Son December 12, 2025

Long regarded as the “most formidable legal department in the Western Hemisphere,” Disney has historically guarded its...

The AI Super-App Rises: Photoshop & Adobe Express Integrate into ChatGPT OpenAI Adobe Integration, ChatGPT Super-App

The AI Super-App Rises: Photoshop & Adobe Express Integrate into ChatGPT

Do Son December 12, 2025

Following earlier integrations with Spotify and Canva, OpenAI has taken yet another decisive step toward its ambition...

The “USB-C of AI” is Here: Google Launches Managed Servers for MCP Protocol Google MCP Protocol, Agentic AI Managed Servers Google Cloud Meta Google Cloud UniSuper

Google MCP Protocol, Agentic AI Managed Servers Google Cloud Meta Google Cloud UniSuper

The “USB-C of AI” is Here: Google Launches Managed Servers for MCP Protocol

Do Son December 12, 2025

Following the Linux Foundation’s establishment of the Agentic AI Foundation (AAIF) and its designation of the Model...

YouTube TV’s New Subscription Bundles: Is Streaming Becoming Cable All Over Again? YouTube TV Gemini Ask YouTube TV Bundles, Streaming Cable Model

YouTube TV Gemini Ask YouTube TV Bundles, Streaming Cable Model

YouTube TV’s New Subscription Bundles: Is Streaming Becoming Cable All Over Again?

Do Son December 12, 2025

Streaming television appears to be retracing the path once taken by traditional cable. YouTube TV has announced...

Farewell, Tabs: Google’s Experimental Disco Browser Generates Web Apps with AI Google Disco Browser, Gemini PWA Generation

Farewell, Tabs: Google’s Experimental Disco Browser Generates Web Apps with AI

Do Son December 12, 2025

The race among artificial intelligence models has entered a fevered, white-hot phase—and AI-driven browsers have now gained...

React Patches Two New Flaws Risking Server-Crashing DoS and Source Code Disclosure React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

React Patches Two New Flaws Risking Server-Crashing DoS and Source Code Disclosure

Do Son December 12, 2025

The security saga surrounding React Server Components continues this week. Just days after the React team patched...

Core Banking System Flaw: Apache Fineract IDOR Risks Authorization Bypass & Customer Data Access CVE-2024-32838 Apache Fineract IDOR, Core Banking Bypass

CVE-2024-32838 Apache Fineract IDOR, Core Banking Bypass

Core Banking System Flaw: Apache Fineract IDOR Risks Authorization Bypass & Customer Data Access

Do Son December 12, 2025

A trio of security vulnerabilities has been disclosed in Apache Fineract, the open-source core banking system that...

New 01flip Ransomware Hits APAC Critical Infra: Cross-Platform Rust Weapon Uses Sliver C2 01flip Rust Ransomware, Cross-Platform APAC

New 01flip Ransomware Hits APAC Critical Infra: Cross-Platform Rust Weapon Uses Sliver C2

Do Son December 12, 2025

A new and sophisticated ransomware player has entered the cybercrime arena, targeting critical infrastructure in the Asia-Pacific...

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning

Do Son December 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo...

Military-Grade ValleyRAT Goes Rogue: Kernel Rootkit Builder Leak Triggers Massive Global Surge ValleyRAT Builder Leak, Kernel Rootkit Comoditization

ValleyRAT Builder Leak, Kernel Rootkit Comoditization

Military-Grade ValleyRAT Goes Rogue: Kernel Rootkit Builder Leak Triggers Massive Global Surge

Do Son December 12, 2025

A sophisticated cyber weapon previously linked to targeted espionage has gone rogue, flooding the threat landscape after...

Sophisticated Okta SSO Phishing Bypasses Defenses to Steal Session Tokens With Salary Review Lures UAT-8099 BadIIS Malware Pacific Islands Forum Cyberattack

UAT-8099 BadIIS Malware Pacific Islands Forum Cyberattack

Sophisticated Okta SSO Phishing Bypasses Defenses to Steal Session Tokens With Salary Review Lures

Do Son December 12, 2025

Just as employees begin anticipating their year-end performance reviews, a sophisticated new phishing campaign has emerged, turning...

CVE-2025-64188 (CVSS 9.8): Critical “Soledad” Theme Flaw Lets Subscribers Take Over WordPress Sites CVE-2023-3460 WordPress Theme Critical Flaw

CVE-2025-64188 (CVSS 9.8): Critical “Soledad” Theme Flaw Lets Subscribers Take Over WordPress Sites

Do Son December 12, 2025

A critical security vulnerability has been discovered in Soledad, one of the most popular general-purpose WordPress themes...

DiCaprio Movie Torrent Lures Users: Agent Tesla Deployed via Malicious LNK and Subtitle File Code Hiding Agent Tesla Movie Lure, Subtitle File Infection

Agent Tesla Movie Lure, Subtitle File Infection

DiCaprio Movie Torrent Lures Users: Agent Tesla Deployed via Malicious LNK and Subtitle File Code Hiding

Do Son December 12, 2025

Cybersecurity researchers have uncovered a new, sophisticated malware campaign targeting movie pirates with a lure they can’t...

GOLD BLADE APT Hits Canadian Firms with BYOVD EDR Killer and Ransomware Delivered Via Fake Resumes GOLD BLADE Canada, BYOVD EDR Killer

GOLD BLADE APT Hits Canadian Firms with BYOVD EDR Killer and Ransomware Delivered Via Fake Resumes

Do Son December 12, 2025

A notorious threat group has pivoted its focus to the Great White North, unleashing a sophisticated campaign...