Critical Alert 1 Active Exploit Detected Today

CVE-2026-48907 — Widget Factory Joomla Content Editor Improper Access Control Vulnerability →

Powered by CVE Watchtower

×

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

CVE-2025-9242: Critical WatchGuard Flaw Allows Remote Code Execution WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

CVE-2025-9242: Critical WatchGuard Flaw Allows Remote Code Execution

Do Son September 17, 2025

WatchGuard has issued a security advisory addressing a critical vulnerability in its Fireware OS, tracked as CVE-2025-9242...

YouTube Unveils AI-Powered Creator Tools to Revolutionize Content Creation YouTube deepfake YouTube AI YouTube Premium YouTube Ad Blockers, Fake Buffering Google Lens, YouTube Shorts

YouTube deepfake YouTube AI YouTube Premium YouTube Ad Blockers, Fake Buffering Google Lens, YouTube Shorts

YouTube Unveils AI-Powered Creator Tools to Revolutionize Content Creation

Do Son September 17, 2025

At a creator-focused launch event, YouTube officially unveiled a suite of new features, most of them closely...

Firefox Password Manager: Stronger Security With New Encryption Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox Password Manager: Stronger Security With New Encryption

Do Son September 17, 2025

The password manager in Firefox supports cloud-based data synchronization, with the Mozilla Foundation employing the AES-256-GCM encryption...

NVIDIA Patches Critical RCE Flaw (CVE-2025-23316, CVSS 9.8) in Triton Inference Server

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

NVIDIA Patches Critical RCE Flaw (CVE-2025-23316, CVSS 9.8) in Triton Inference Server

Do Son September 17, 2025

NVIDIA has released a software update addressing multiple high- and critical-severity vulnerabilities in its Triton Inference Server,...

Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways

Do Son September 17, 2025

HPE Aruba Networking has released patches addressing multiple high- and medium-severity vulnerabilities in its EdgeConnect SD-WAN Gateways,...

A New Crisis for CrowdStrike: A Self-Replicating Worm Has Compromised Its NPM Packages OCRFix Botnet EtherHiding CrowdStrike supply chain attack Ivanti CSA Vulnerabilities

OCRFix Botnet EtherHiding CrowdStrike supply chain attack Ivanti CSA Vulnerabilities

A New Crisis for CrowdStrike: A Self-Replicating Worm Has Compromised Its NPM Packages

Do Son September 17, 2025

In July 2024, cybersecurity firm CrowdStrike triggered a global-scale incident that left more than eight million PCs...

A New Way to Pay: Apple Wallet Is Getting a New Security Feature Apple Wallet iOS 26

Apple Wallet iOS 26

A New Way to Pay: Apple Wallet Is Getting a New Security Feature

Do Son September 17, 2025

In iOS 26, Apple has introduced a new feature within the Wallet app that allows users to...

A Legal Breakthrough: Internet Archive Settles Copyright Lawsuit with Record Labels Wayback Machine AI Blockade Internet Archive, FDLP Designation Internet Archive, copyright lawsuit

Wayback Machine AI Blockade Internet Archive, FDLP Designation Internet Archive, copyright lawsuit

A Legal Breakthrough: Internet Archive Settles Copyright Lawsuit with Record Labels

Do Son September 17, 2025

The copyright lawsuit filed in 2023 by Sony Music, Universal Music Group (UMG), and several other record...

Avert the Ban: A U.S.-China Deal Will Grant Americans Majority Control Over TikTok TikTok acquisition TikTok, U.S.-China deal TikTok M2, US DivestmentTrump saves TikTok

TikTok acquisition TikTok, U.S.-China deal TikTok M2, US DivestmentTrump saves TikTok

Avert the Ban: A U.S.-China Deal Will Grant Americans Majority Control Over TikTok

Do Son September 17, 2025

The Wall Street Journal reports that the United States and China have entered the final stages of...

BreachForums Founder Resentenced to Three Years in Prison for Cybercrime AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

BreachForums Founder Resentenced to Three Years in Prison for Cybercrime

Do Son September 17, 2025

The U.S. Department of Justice (DOJ) announced the resentencing of Conor Brian Fitzpatrick, 22, of Peekskill, New...

Kubernetes C# Client Flaw Exposes API to MITM Attacks (CVE-2025-9708) Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Kubernetes C# Client Flaw Exposes API to MITM Attacks (CVE-2025-9708)

Do Son September 17, 2025

A newly disclosed vulnerability in the Kubernetes C# client has been assigned CVE-2025-9708 with a CVSS score...

RevengeHotels Strikes Back: AI-Generated Phishing and a New RAT Target Hotels RevengeHotels, Hospitality Cybercrime

RevengeHotels, Hospitality Cybercrime

RevengeHotels Strikes Back: AI-Generated Phishing and a New RAT Target Hotels

Do Son September 17, 2025

The long-running cybercrime group RevengeHotels—also tracked as TA558—has resurfaced with a new campaign targeting hotels and the...

Shai-Hulud Supply Chain Attack Now Targets CrowdStrike’s npm Packages supply-chain-attack

supply-chain-attack

Shai-Hulud Supply Chain Attack Now Targets CrowdStrike’s npm Packages

Do Son September 17, 2025

The malicious supply chain campaign dubbed “Shai-Hulud” has struck again, this time compromising multiple npm packages published...

KSMBDrain (CVE-2025-38501): Linux Kernel Flaw Allows Remote DoS Attacks, PoC Available Linux DoS CVE-2025-38501

Linux DoS CVE-2025-38501

KSMBDrain (CVE-2025-38501): Linux Kernel Flaw Allows Remote DoS Attacks, PoC Available

Do Son September 17, 2025

A newly disclosed vulnerability in the Linux kernel’s KSMBD subsystem has been assigned CVE-2025-38501, allowing remote attackers...

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage

Do Son September 17, 2025

The Russian-linked threat actor APT28, also known as Sofacy, Fancy Bear, Forest Blizzard, and TAG-110, has unveiled...

SmokeLoader Rises From the Ashes with New, Evasive Variants SmokeLoader, Malware

SmokeLoader, Malware

SmokeLoader Rises From the Ashes with New, Evasive Variants

Do Son September 17, 2025

First emerging in 2011, SmokeLoader (also known as Smoke or Dofoil) has remained one of the most...

PureHVNC RAT: Inside the HVNC Malware and the PureCoder Ecosystem Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

PureHVNC RAT: Inside the HVNC Malware and the PureCoder Ecosystem

Do Son September 17, 2025

A recent forensic investigation by Check Point Research (CPR) has shed light on the Pure malware family,...

AISURU Botnet: From Record-Breaking DDoS to Residential Proxy Empire CVE-2024-22394

CVE-2024-22394

AISURU Botnet: From Record-Breaking DDoS to Residential Proxy Empire

Do Son September 17, 2025

The AISURU botnet, first disclosed by XLab in 2024, has rapidly become one of the most dangerous...

Malicious Update to Popular NPM Package TinyColor Exposes Software Supply Chains Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Malicious Update to Popular NPM Package TinyColor Exposes Software Supply Chains

Do Son September 16, 2025

The Socket Research Team has uncovered a large-scale supply chain attack on the npm ecosystem, with more...

Microsoft’s Latest Update Breaks SMBv1, Here’s How to Fix It

Windows 11 app updates Windows Insider preview build, Calculator app update, built-in Windows apps Windows 11 KB5089549 network lag Windows 11 Home to Pro Education upgrade Windows 11 Start menu update Windows 11 update KB5079391 Windows 11 KB5085516 OOB update Windows 11 C drive permission error Windows 11 C drive access denied Windows native NVMe driver UEFI Secure Boot certificate rotation Windows 11 printer driver policy Windows 11 printer driver deprecation Windows 11 Build 26300 Sysmon Windows 11 Storage settings restriction Windows 11 Build 26300.7674, Windows Insider channel migration 2026 Windows 11 Update Fix KB5073455 shutdown bug, Secure Launch restart loop Windows 11 File Explorer search performance, Search Indexer RAM usage fix Windows 11 Gaming PC Specs, NVMe DirectStorage Windows 10 End of Support Windows 11 Slow Adoption Windows 11 Crash Loop KB5062553 Bug Update and Shut Down, KB5067036 Windows authentication, Kerberos bug Windows 11 fix, localhost bug Windows 11 Update Restart, Update and Shut Down Windows SMBv1 Windows 11 Arm, Easy Anti-Cheat Windows 11 error, Pluton Windows 11 24H2, Easy Anti-Cheat Windows Firewall Bug, Microsoft Update Error Windows 11, JScript9Legacy Windows Activation, TSforge Windows 11 Update, Firewall Error Windows 11 25H2, Annual Update Windows Resiliency Initiative, Kernel Security Windows 11 Upgrade, ESU Program Windows 11 Recall, Data Export Windows 11 Easy Anti-Cheat Windows 11 Update, Cumulative Update Windows Update, ACPI.sys Windows Updates, Enterprise Software Windows 11 Start Data Encryption Standard Printing Problems Windows 11 updates Estimated installation time Smart App Control, Windows 11 security

Microsoft’s Latest Update Breaks SMBv1, Here’s How to Fix It

Do Son September 16, 2025

Microsoft has confirmed that the recently released September 2025 security updates have caused connectivity issues with Server...