Critical Alert 1 Active Exploit Detected Today

CVE-2026-20253 — Splunk Enterprise Missing Authentication for Critical Function Vulnerability →

Powered by CVE Watchtower

×

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros APT28, NotDoor

APT28, NotDoor

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros

Do Son September 5, 2025

The intelligence team at LAB52 (S2 Grupo) has uncovered a sophisticated new backdoor campaign attributed to APT28,...

ChatGPT’s “Projects” Feature is Now Free for All Users ChatGPT advertising US only OpenAI GPT-5.4 launch OpenAI Responses API file support ChatGPT Ads pricing ChatGPT conversational advertising, OpenAI monetization strategy 2026 OpenAI Code Red, ChatGPT Sycophancy Crisis AI music ChatGPT memory, targeted ads ChatGPT User Milestone, Generative AI Adoption ChatGPT ads, AI monetization GPT-5, OpenAI

ChatGPT advertising US only OpenAI GPT-5.4 launch OpenAI Responses API file support ChatGPT Ads pricing ChatGPT conversational advertising, OpenAI monetization strategy 2026 OpenAI Code Red, ChatGPT Sycophancy Crisis AI music ChatGPT memory, targeted ads ChatGPT User Milestone, Generative AI Adoption ChatGPT ads, AI monetization GPT-5, OpenAI

ChatGPT’s “Projects” Feature is Now Free for All Users

Do Son September 4, 2025

The Projects feature in ChatGPT, once reserved exclusively for paying subscribers, has now been extended to free...

Jury Rules Against Google in $425M Privacy Lawsuit

Google Self-Preferencing Fine Idealo Antitrust Damages Anthropic, Google TPUs Google DMA Compliance, Search Self-Preferencing Google Play Store Ruling, Epic Games Victory Google fine, ad tech Google lawsuit, privacy violation Gmail security, false alarm Google Play EU regulation Google Security, Phone Number Leak Google 2025 - Google China’s Anti-Monopoly Law Google monopoly, ad tech Pixel 7a battery, battery swelling

Jury Rules Against Google in $425M Privacy Lawsuit

Do Son September 4, 2025

In July 2020, a user filed a lawsuit against Google over its App Activity Tracking feature, alleging...

The September Pixel Drop Is Here, and It’s a Huge One

Pixel Drop, Android 16

The September Pixel Drop Is Here, and It’s a Huge One

Do Son September 4, 2025

In its latest September Pixel update (Pixel Drop), Google has extended many of the flagship features originally...

CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild DELMIA Apriso, deserialization flaw

DELMIA Apriso, deserialization flaw

CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild

Do Son September 4, 2025

Manufacturing operations are increasingly threatened not just by IoT weaknesses, but also by vulnerabilities in the complex...

Apple and Google Are Partnering to Bring Gemini AI to Siri Apple Gemini AI AI Overviews, Google Search Google Gemini, Android Privacy Google Veo 3, AI Video Generation Google AI video, generative AI

Apple Gemini AI AI Overviews, Google Search Google Gemini, Android Privacy Google Veo 3, AI Video Generation Google AI video, generative AI

Apple and Google Are Partnering to Bring Gemini AI to Siri

Do Son September 4, 2025

According to the latest report from Bloomberg’s Mark Gurman, Apple and Google are set to finalize an...

A Misissued Certificate Found for Cloudflare’s 1.1.1.1 DNS Service Cloudflare, TLS certificates

Cloudflare, TLS certificates

A Misissued Certificate Found for Cloudflare’s 1.1.1.1 DNS Service

Do Son September 4, 2025

Cybersecurity experts have issued warnings regarding three anomalous TLS certificates associated with Cloudflare’s widely used DNS service...

CVSS 10.0 RCE in Popular Python Library (36M+ Monthly Downloads), PoC Available

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVSS 10.0 RCE in Popular Python Library (36M+ Monthly Downloads), PoC Available

Do Son September 4, 2025

The widely used Python library DeepDiff, downloaded over 36 million times per month, has been found vulnerable...

A New Alliance: Perplexity AI Teams Up with PayPal for Global Rollout PayPal Industrial Bank, Fintech Crypto Lending PayPal, Hotel Booking Perplexity AI, PayPal

PayPal Industrial Bank, Fintech Crypto Lending PayPal, Hotel Booking Perplexity AI, PayPal

A New Alliance: Perplexity AI Teams Up with PayPal for Global Rollout

Do Son September 4, 2025

The AI-driven search company Perplexity AI has announced a partnership with PayPal to expand access to its...

GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw GNU Guix, privilege escalation guix-daemon vulnerability

GNU Guix, privilege escalation guix-daemon vulnerability

GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw

Do Son September 4, 2025

The GNU Guix team has issued a critical security advisory warning users to immediately update their systems...

Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns Stealerium, infostealer

Stealerium, infostealer

Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns

Do Son September 4, 2025

Proofpoint threat researchers have uncovered a surge in campaigns distributing Stealerium-based malware, an open-source infostealer first released...

A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks

Do Son September 4, 2025

Researchers from Palo Alto Networks’ Unit 42 have disclosed a critical weakness in the AI supply chain...

CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk

Do Son September 4, 2025

The Django Software Foundation has released important security updates for multiple supported versions of the popular Python...

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2 GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2

Do Son September 4, 2025

Researchers from ReversingLabs have discovered two malicious npm packages leveraging Ethereum smart contracts to conceal and deliver...

CVE-2025-53690: Mandiant and Sitecore Warn of Active Exploitation in ASP.NET Machine Key Configurations

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

CVE-2025-53690: Mandiant and Sitecore Warn of Active Exploitation in ASP.NET Machine Key Configurations

Do Son September 4, 2025

A coordinated disclosure by Mandiant and Sitecore has revealed the active exploitation of a critical configuration vulnerability...

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers Obscura ransomware, domain controller

Obscura ransomware, domain controller

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers

Do Son September 4, 2025

Security analysts at Huntress reported the discovery of a previously unseen ransomware variant, named Obscura. The malware...

CISA Warns: Actively Exploited TP-Link Router Flaws Added to KEV Catalog TP-Link, CISA CVE-2023-32315 CISA KEV Catalog Active Exploitation

TP-Link, CISA CVE-2023-32315 CISA KEV Catalog Active Exploitation

CISA Warns: Actively Exploited TP-Link Router Flaws Added to KEV Catalog

Do Son September 4, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added two TP-Link router vulnerabilities to its Known Exploited...

Embed Showcase: Virtual Business Licensing in UK crypto sector Google Play, Crypto Wallets Cryptocurrency Thefts

Google Play, Crypto Wallets Cryptocurrency Thefts

Embed Showcase: Virtual Business Licensing in UK crypto sector

Do Son September 4, 2025

“Virtual business licensing” in the UK crypto scene really means stitching together a set of regulatory permissions,...

Frostbyte10: The Critical Flaws Threatening Global Supply Chains

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Frostbyte10: The Critical Flaws Threatening Global Supply Chains

Do Son September 4, 2025

Researchers at Armis Labs have uncovered a set of ten severe vulnerabilities in Copeland E2 and E3...

DireWolf: The New Ransomware Group Targeting Global Businesses DireWolf execution flow

DireWolf execution flow

DireWolf: The New Ransomware Group Targeting Global Businesses

Do Son September 4, 2025

The DireWolf ransomware group, first emerging in May 2025, has rapidly evolved into a formidable cyber threat...