Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Mozilla Add-ons Store Overhaul: Closed-Group Extensions Allowed, Privacy Policies Simplified Anthony Enzor-DeMeo Mozilla CEO, Firefox AI Mode 2026 Ad blockers, Copyright Law Firefox China, Mozilla Restructuring Mozilla Add-ons, Policy Update Mozilla leadership - Mozilla collect data Google Antitrust Antitrust Trial

Anthony Enzor-DeMeo Mozilla CEO, Firefox AI Mode 2026 Ad blockers, Copyright Law Firefox China, Mozilla Restructuring Mozilla Add-ons, Policy Update Mozilla leadership - Mozilla collect data Google Antitrust Antitrust Trial

Mozilla Add-ons Store Overhaul: Closed-Group Extensions Allowed, Privacy Policies Simplified

Do Son June 25, 2025

The Mozilla Foundation, the developer behind the Firefox browser, has recently revised its policies governing the Mozilla...

Windows 10 Users Get Free ESU: Microsoft Offers 1 Year of Security Updates via Backup or Rewards Windows 10 MSMQ Bug, KB5071546 Write Permissions Windows 10 Lawsuit Windows 10 ESU, Free Security Updates Windows 10 ESU program

Windows 10 MSMQ Bug, KB5071546 Write Permissions Windows 10 Lawsuit Windows 10 ESU, Free Security Updates Windows 10 ESU program

Windows 10 Users Get Free ESU: Microsoft Offers 1 Year of Security Updates via Backup or Rewards

Do Son June 25, 2025

At the end of 2023, Microsoft announced for the first time that Extended Security Updates (ESU) would...

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes CentOS Web Panel, Remote Code Execution

CentOS Web Panel, Remote Code Execution

Pre-Auth Command Execution in CentOS Web Panel Exposes Over 200,000 Servers, PoC Publishes

Do Son June 25, 2025

A critical vulnerability discovered in CentOS Web Panel (CWP), a widely-used open-source server management platform. Tracked as...

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched Kibana Vulnerabilities, Code Execution

Kibana Vulnerabilities, Code Execution

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

Do Son June 25, 2025

Elastic has published a security advisory addressing two significant vulnerabilities in Kibana, the visualization and dashboarding layer...

Dire Wolf Ransomware: New Golang Threat Hits 11 Countries with Double Extortion & File Wiping Dire Wolf Ransomware, Double Extortion

Dire Wolf Ransomware, Double Extortion

Dire Wolf Ransomware: New Golang Threat Hits 11 Countries with Double Extortion & File Wiping

Do Son June 25, 2025

A newly emerged ransomware group known as Dire Wolf has appeared with precision-targeted attacks, aggressive data encryption...

TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation TeamViewer Vulnerability, Privilege Escalation

TeamViewer Vulnerability, Privilege Escalation

TeamViewer Remote Management Bug (CVE-2025-36537) Enables Privilege Escalation

Do Son June 25, 2025

TeamViewer, a widely used remote access and management platform, has disclosed a new vulnerability that impacts its...

SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign SonicWall NetExtender, Trojanized VPN Client

SonicWall NetExtender, Trojanized VPN Client

SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign

Do Son June 25, 2025

SonicWall, in collaboration with Microsoft Threat Intelligence (MSTIC), has uncovered a sophisticated campaign that distributes a Trojanized...

Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1 NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1

Do Son June 25, 2025

NVIDIA has released a security bulletin addressing two newly discovered vulnerabilities—CVE-2025-23264 and CVE-2025-23265—affecting Megatron-LM, its open-source large...

Flaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks Hitachi SCADA

Hitachi SCADA

Flaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks

Do Son June 25, 2025

Hitachi Energy has released a cybersecurity advisory (8DBD000218) disclosing five newly discovered vulnerabilities affecting its MicroSCADA X...

Middle East Cyberwar Escalates: GPS Spoofing, Fake Alerts, Crypto Hacks, & IP Camera Spying Revealed DynoWiper Malware Middle East Cyberwar, Cyber Operations

DynoWiper Malware Middle East Cyberwar, Cyber Operations

Middle East Cyberwar Escalates: GPS Spoofing, Fake Alerts, Crypto Hacks, & IP Camera Spying Revealed

Do Son June 25, 2025

As conflict surged across the Middle East in June 2025, so too did the intensity and scope...

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks ELECOM Router, Critical Vulnerabilities

ELECOM Router, Critical Vulnerabilities

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

Do Son June 25, 2025

In its latest vulnerability disclosure, JPCERT/CC has sounded the alarm on multiple critical security flaws affecting a...

APT36 Unleashes Advanced Phishing Against Indian Defense Personnel: New Anti-Analysis Malware & NIC Impersonation APT36, Indian Defense Cyberattack

APT36, Indian Defense Cyberattack

APT36 Unleashes Advanced Phishing Against Indian Defense Personnel: New Anti-Analysis Malware & NIC Impersonation

Do Son June 25, 2025

CYFIRMA has released an in-depth analysis detailing a highly targeted phishing campaign by APT36, also known as...

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases Advantech ICS, Critical Vulnerabilities

Advantech ICS, Critical Vulnerabilities

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

Do Son June 25, 2025

The Phantom The Cyber Security Agency (CSA) of Singapore has issued an urgent security advisory highlighting multiple...

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials WordPress Malware, Credit Card Skimming

WordPress Malware, Credit Card Skimming

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Do Son June 25, 2025

The Wordfence Threat Intelligence Team has unveiled a powerful malware framework operating under the guise of a...

DRAT V2 Emerges: New Delphi-Compiled RAT Targets Indian Government with Expanded Post-Exploitation DRAT V2, TAG-140

DRAT V2, TAG-140

DRAT V2 Emerges: New Delphi-Compiled RAT Targets Indian Government with Expanded Post-Exploitation

Do Son June 25, 2025

A new variant of the DRAT remote access trojan has emerged, signaling a continued evolution in TAG-140’s...

LapDogs: China-Nexus Threat Actors Deploy Covert ORB Network on 1,000+ SOHO Devices Globally LapDogs, China-Nexus ORB

LapDogs, China-Nexus ORB

LapDogs: China-Nexus Threat Actors Deploy Covert ORB Network on 1,000+ SOHO Devices Globally

Do Son June 25, 2025

In a new report, SecurityScorecard’s STRIKE threat intelligence team has exposed a covert espionage campaign dubbed “LapDogs”,...

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers Gogs RCE, XSS Vulnerability

Gogs RCE, XSS Vulnerability

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers

Do Son June 24, 2025

The open-source Git service Gogs, known for its simplicity and ease of deployment, disclosures two severe security...

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm Linksys Router, TheMoon Worm

Linksys Router, TheMoon Worm

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm

Do Son June 24, 2025

A critical vulnerability in multiple Linksys E-Series routers is being actively exploited in the wild by a...

Google Donates A2A Protocol to Linux Foundation: Paving the Way for Open AI Agent Interoperability Google A2A Protocol, Linux Foundation

Google A2A Protocol, Linux Foundation

Google Donates A2A Protocol to Linux Foundation: Paving the Way for Open AI Agent Interoperability

Do Son June 24, 2025

In April, Google introduced the A2A (Agent2Agent) protocol for AI agents, and it has since garnered support...

Windows 11 Gets New UI Customization: Reposition System Indicator Bar to Top-Center or Top-Left

C Windows SecureBoot folder KB5089549 Windows 11 BSOD Microsoft Windows, Rust programming WINS Service Deprecation Windows Server DNS Migration Windows Driver Standard OEM Kernel Privileges Windows Agentic OS Task Manager Bug, Windows 11 Performance Windows 11, Microsoft, WinRE, Update Bug, Tech Support Windows 11 OOBE, Microsoft Account Mandatory Windows 11, SSD failures Windows 11 Recovery, Black Screen of Death Windows 11 Update Issue, KB5062324 Windows 11, Indicator Bar

Windows 11 Gets New UI Customization: Reposition System Indicator Bar to Top-Center or Top-Left

Do Son June 24, 2025

In the latest releases of Windows 11—Build 26200.5661 (Dev Channel) and Build 26120.4452 (Beta Channel)—Microsoft has introduced...