Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Detour Dog: Stealthy DNS Malware Uses TXT Records for Command and Control NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Detour Dog: Stealthy DNS Malware Uses TXT Records for Command and Control

Do Son October 2, 2025

The Infoblox Threat Intelligence team has released an in-depth report on a global malware campaign leveraging the...

Russian-Speaking Lunar Spider Group Launches New Ransomware Wave with Latrodectus V2 Loader Sandworm Tactical Pivot, Edge Device Misconfiguration Russian cyber firms, Kremlin ties Sandworm MAX messenger

Sandworm Tactical Pivot, Edge Device Misconfiguration Russian cyber firms, Kremlin ties Sandworm MAX messenger

Russian-Speaking Lunar Spider Group Launches New Ransomware Wave with Latrodectus V2 Loader

Do Son October 2, 2025

The NVISO Cyber Security Incident Response Team (CSIRT) has released new findings exposing the latest campaign by...

CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application

Do Son October 2, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning of a critical...

CVE-2025-10725 (CVSS 9.9): Red Hat OpenShift AI Privilege Escalation Flaw Could Lead to Full Cluster Compromise

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVE-2025-10725 (CVSS 9.9): Red Hat OpenShift AI Privilege Escalation Flaw Could Lead to Full Cluster Compromise

Do Son October 1, 2025

The Red Hat Security team has disclosed a serious vulnerability in Red Hat OpenShift AI, a platform...

NVIDIA Patches Multi Flaws in Delegated License Service, Allows Unauthenticated Access and DoS

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

NVIDIA Patches Multi Flaws in Delegated License Service, Allows Unauthenticated Access and DoS

Do Son October 1, 2025

NVIDIA has issued a security bulletin addressing multiple vulnerabilities across the NVIDIA App for Windows and the...

Alexa+ Unveiled: Amazon’s AI Assistant Redefines Smart Living Alexa+, Amazon

Alexa+, Amazon

Alexa+ Unveiled: Amazon’s AI Assistant Redefines Smart Living

Do Son October 1, 2025

In addition to unveiling new hardware, Amazon announced at its New York launch event that the latest...

OpenAI Launches Sora: New AI-Powered Short-Video Platform to Rival TikTok Cameo Sora Lawsuit OpenAI Trademark Sora Cameo, trademark lawsuit Japan Sora 2 Copyright, Anime Manga IP Sora 1M Downloads, AI Video Platform Sora Copyright, Revenue Sharing OpenAI Sora, AI Video Platform

Cameo Sora Lawsuit OpenAI Trademark Sora Cameo, trademark lawsuit Japan Sora 2 Copyright, Anime Manga IP Sora 1M Downloads, AI Video Platform Sora Copyright, Revenue Sharing OpenAI Sora, AI Video Platform

OpenAI Launches Sora: New AI-Powered Short-Video Platform to Rival TikTok

Do Son October 1, 2025

As generative AI models continue to advance, OpenAI has officially ventured into the social media arena, announcing...

OpenAI Launches Instant Checkout in ChatGPT, Teaming with Stripe to Reshape E-commerce

OpenAI token price reduction OpenAI Deployment Company DeployCo OpenAI IPO strategy OpenAI Privacy Filter 1.5B OpenAI $122 billion funding OpenAI GitHub alternative OpenAI military agreement 2026 OpenAI Stargate project collapse NVIDIA OpenAI investment stall ChatGPT Go $8 subscription, OpenAI GPT-5.2 Instant ads OpenAI Torch acquisition, Unified Medical Memory OpenAI Head of Preparedness 2025, Sam Altman AI safety lawsuits ChatGPT Advertising Speculation OpenAI Ad Code Denial OpenAI AI Confession Hallucination Mitigation ChatGPT Quality Focus OpenAI Gemini Red Alert ChatGPT Login, AI ecosystem OpenAI Mental Health, AI Well-Being Council ChatGPT Instant Checkout, Agentic Commerce OpenAI cloud computing OpenAI, startup incubator OpenAI chips, NVIDIA competition AI competition, antitrust lawsuit GPT-5, OpenAI Livestream OpenAI Open-Weight, AI Models OpenAI Infrastructure, AI Data Centers ChatGPT Business, Office Productivity OpenAI Open-Weight Model, WindSurf Acquisition OpenAI AI Browser, ChatGPT Integration Mattel AI, OpenAI Partnership OpenAI o3, Price Cut OpenAI's Next-Gen AI: O3-Pro's Enhanced Reasoning PowerOpenAI profit OpenAI Bid OpenAI Social Network ChatGPT Social OpenAI Non-profit OpenAI UAE ChatGPT Plus free

OpenAI Launches Instant Checkout in ChatGPT, Teaming with Stripe to Reshape E-commerce

Do Son October 1, 2025

OpenAI has announced the launch of Instant Checkout, a feature that integrates transactions directly into ChatGPT, allowing...

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform CVE-2022-43396 Apache Kylin, Authentication Bypass

CVE-2022-43396 Apache Kylin, Authentication Bypass

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform

Do Son October 1, 2025

The Apache Software Foundation has published a new security advisory disclosing three vulnerabilities in Apache Kylin, a...

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access

Do Son October 1, 2025

The security of the open-source software supply chain was once again tested when JFrog’s security research team...

CVE-2025-7493: Critical Flaw in FreeIPA Allows Host Users to Escalate to Domain Administrator

CVE-2025-7493: Critical Flaw in FreeIPA Allows Host Users to Escalate to Domain Administrator

Do Son October 1, 2025

The FreeIPA Team has released a security advisory addressing a critical privilege escalation vulnerability (CVE-2025-7493) that could...

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

Chinese APT

Phantom Taurus: New Chinese APT Emerges with Fileless NET-STAR Backdoor Targeting Global Governments and Telecoms

Do Son October 1, 2025

Researchers from Unit 42 have uncovered a previously undocumented Chinese state-aligned threat actor, dubbed Phantom Taurus, whose...

Patchwork APT Resurfaces: Stealthy Espionage Campaign Exploits DLL Sideloading and Layered Obfuscation Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Patchwork APT Resurfaces: Stealthy Espionage Campaign Exploits DLL Sideloading and Layered Obfuscation

Do Son October 1, 2025

The Patchwork APT group—also known as Dropping Elephant, Monsoon, and Hangover Group—has resurfaced with a new campaign...

OpenSSL Patches Three Flaws: Timing Side-Channel RCE Risk and Memory Corruption Affect All Versions OpenSSL Vulnerability RSA Memory Leak OpenSSL Vulnerability CVE-2025-15467 CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Vulnerability RSA Memory Leak OpenSSL Vulnerability CVE-2025-15467 CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Patches Three Flaws: Timing Side-Channel RCE Risk and Memory Corruption Affect All Versions

Do Son October 1, 2025

The OpenSSL Project has released a new security advisory addressing three vulnerabilities affecting multiple versions of the...

Klopatra: New Android RAT Uses Hidden VNC and Commercial Obfuscation to Hijack European Banking Accounts Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Klopatra: New Android RAT Uses Hidden VNC and Commercial Obfuscation to Hijack European Banking Accounts

Do Son October 1, 2025

Cleafy’s Threat Intelligence team uncovered a new and highly sophisticated Android Remote Access Trojan (RAT) named Klopatra....

Datzbro Trojan: Spyware-Banking Malware Hijacks Seniors’ Devices with Fake Facebook Lures Datzbro Android Trojan, Senior Scam

Datzbro Android Trojan, Senior Scam

Datzbro Trojan: Spyware-Banking Malware Hijacks Seniors’ Devices with Fake Facebook Lures

Do Son October 1, 2025

ThreatFabric researchers uncovered a sophisticated scam campaign that weaponizes social engineering and mobile malware to exploit one...

Hackers Hijack Industrial Cellular Routers to Launch Widespread Smishing Campaigns Across Europe CVE-2020-3259 Router Smishing, Grooza Cluster

CVE-2020-3259 Router Smishing, Grooza Cluster

Hackers Hijack Industrial Cellular Routers to Launch Widespread Smishing Campaigns Across Europe

Do Son October 1, 2025

A new report from Sekoia.io’s Threat Detection & Research (TDR) team reveals how attackers are weaponizing industrial...

Cloud Mining Revealed: How Bitcoin Investors Can Earn Up to $99,999 in 10 Days! Img_2025_10_02_21_05_15

Img_2025_10_02_21_05_15

Cloud Mining Revealed: How Bitcoin Investors Can Earn Up to $99,999 in 10 Days!

Do Son October 1, 2025

Still regretting missing out on Bitcoin’s early dividends? Now’s your chance! Open Miner’s intelligent cloud mining platform...

The Importance of Being Able to Bounce Back From Mistakes In Business tech-laun

tech-laun

The Importance of Being Able to Bounce Back From Mistakes In Business

Do Son September 30, 2025

In business, mistakes are inevitable. Even the most experienced entrepreneurs and managers encounter setbacks, misjudgments, or failures....

‘Vibe Working’ Is Here: Microsoft Introduces AI Agent Mode for Word and Excel Vibe Working, Agent Mode

Vibe Working, Agent Mode

‘Vibe Working’ Is Here: Microsoft Introduces AI Agent Mode for Word and Excel

Do Son September 30, 2025

Microsoft is striving to establish “Vibe Working” as the next office trend. Following its earlier application of...