Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Intel GPU Performance Hit by Security Mitigations: Ubuntu Weighs Disabling Them for 20% Boost Intel EU Antitrust Fine, Naked Restrictions Intel Layoff Data Theft Jinfeng Luo Intel leadership change Intel SoftBank Intel Foundry, Semiconductor Market Intel Arrow Lake Refresh, Copilot+ PC Intel GPU Performance, Security Mitigations Mitigation Downfall Vulnerability

Intel EU Antitrust Fine, Naked Restrictions Intel Layoff Data Theft Jinfeng Luo Intel leadership change Intel SoftBank Intel Foundry, Semiconductor Market Intel Arrow Lake Refresh, Copilot+ PC Intel GPU Performance, Security Mitigations Mitigation Downfall Vulnerability

Intel GPU Performance Hit by Security Mitigations: Ubuntu Weighs Disabling Them for 20% Boost

Do Son June 24, 2025

Years ago, Intel processors were found to be vulnerable to the Spectre and Meltdown flaws—architectural design flaws...

US House Bans WhatsApp on Government Devices Over Security & Transparency Concerns

WhatsApp antitrust API probe India SIM-Binding Mandate Messaging App KYC WhatsApp DMA Interoperability BirdyChat Haiket Denmark Social Media Ban CVE-2025-55177 WhatsApp vulnerability, zero-click flaw npm Malware, System Wipe WhatsApp Windows App, WebView2 Downgrade WhatsApp Ban, US House NSO WhatsApp, Pegasus Spyware WhatsApp iPad iPadOS app

US House Bans WhatsApp on Government Devices Over Security & Transparency Concerns

Do Son June 24, 2025

According to a report by Axios, the Chief Administrative Office (CAO) of the U.S. House of Representatives...

iOS 26 Recovery Assistant Unveiled: Wirelessly Restore Your iPhone with Another Apple Device Apple Russia payment suspension iOS 26.3 Proximity Pairing, Apple DMA compliance 2026 Tap to Pay, Apple Pay Wireless charging Always-On Display, iOS 26 iOS 26, EU App APIs Rare Earths, Apple Supply Chain

Apple Russia payment suspension iOS 26.3 Proximity Pairing, Apple DMA compliance 2026 Tap to Pay, Apple Pay Wireless charging Always-On Display, iOS 26 iOS 26, EU App APIs Rare Earths, Apple Supply Chain

iOS 26 Recovery Assistant Unveiled: Wirelessly Restore Your iPhone with Another Apple Device

Do Son June 24, 2025

In iOS 26 Beta 1, Apple introduced a new feature called Recovery Assistant. In the recently released...

BitoPro Crypto Heist: North Korea’s Lazarus Group Steals $11.5M via Phished Employee BitoPro Hack, Lazarus Group

BitoPro Hack, Lazarus Group

BitoPro Crypto Heist: North Korea’s Lazarus Group Steals $11.5M via Phished Employee

Do Son June 24, 2025

In May 2025, the Taiwanese cryptocurrency exchange BitoPro fell victim to a cyberattack, resulting in the loss...

Xbox App Beta Unites Game Libraries: Launch All Your PC Games from One Hub Xbox App, Unified Game Library

Xbox App, Unified Game Library

Xbox App Beta Unites Game Libraries: Launch All Your PC Games from One Hub

Do Son June 24, 2025

Following the recent announcement of its collaboration with ASUS to develop the ROG Xbox Ally series of...

Xbox x Meta Quest 3S Confirmed: Co-Branded VR Headset Launching Today Meta Quest Xbox VR, Co-branded VR

Meta Quest Xbox VR, Co-branded VR

Xbox x Meta Quest 3S Confirmed: Co-Branded VR Headset Launching Today

Do Son June 24, 2025

Previously, Meta announced the open-sourcing of its virtual reality headset operating system—renamed Meta Horizon OS—alongside a partnership...

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution WinRAR RCE, Directory Traversal

WinRAR RCE, Directory Traversal

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution

Do Son June 24, 2025

A newly disclosed vulnerability in RARLAB’s WinRAR, the long-standing compression utility for Windows, has exposed millions of...

Critical Key Derivation Flaws in pbkdf2 Affect Millions of JavaScript Projects, PoC Available pbkdf2 npm, Cryptographic Flaws

pbkdf2 npm, Cryptographic Flaws

Critical Key Derivation Flaws in pbkdf2 Affect Millions of JavaScript Projects, PoC Available

Do Son June 24, 2025

Two high-impact security advisories have been released for the pbkdf2 npm package—an essential utility in the JavaScript...

PoC Released for Notepad++ Flaw Enables Privilege Escalation to NT AUTHORITY\SYSTEM Notepad++ privilege escalation

Notepad++ privilege escalation

PoC Released for Notepad++ Flaw Enables Privilege Escalation to NT AUTHORITY\SYSTEM

Do Son June 24, 2025

A new vulnerability, tracked as CVE-2025-49144, has been discovered in Notepad++ version 8.8.1 that allows local privilege...

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers! Convoy RCE, Unauthenticated

Convoy RCE, Unauthenticated

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers!

Do Son June 24, 2025

A newly disclosed vulnerability in Convoy, a modern KVM server management panel built for hosting providers, has...

From Bypass to Root: Mandiant Red Team Exploits CVE-2025-2171 and CVE-2025-2172 in Aviatrix Cloud Controller bypass

bypass

From Bypass to Root: Mandiant Red Team Exploits CVE-2025-2171 and CVE-2025-2172 in Aviatrix Cloud Controller

Do Son June 24, 2025

Mandiant successfully breached a fully patched instance of the Aviatrix Controller—a central component in Software-Defined Networking (SDN)...

No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform InnoShop vulnerabilities

InnoShop vulnerabilities

No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform

Do Son June 24, 2025

Security researcher TheHiker disclosured three serious vulnerabilities in InnoShop, an open-source eCommerce system built on Laravel 12....

EvilConwi: Hackers Abuse Signed ConnectWise Installers to Launch Stealth Remote Access Attacks abuse

abuse

EvilConwi: Hackers Abuse Signed ConnectWise Installers to Launch Stealth Remote Access Attacks

Do Son June 24, 2025

Threat actors have begun weaponizing legitimately signed ConnectWise ScreenConnect installers, hijacking the trust of signed software to...

SHOE RACK Malware: NCSC Uncovers Stealthy Reverse SSH & DoH Post-Exploitation Tool Targeting FortiGate Firewalls SHOE RACK Malware, Reverse SSH

SHOE RACK Malware, Reverse SSH

SHOE RACK Malware: NCSC Uncovers Stealthy Reverse SSH & DoH Post-Exploitation Tool Targeting FortiGate Firewalls

Do Son June 24, 2025

A new malware tool dubbed SHOE RACK has come under the microscope of the UK’s National Cyber...

Cyber Fattah Breach: Pro-Iranian Hackers Leak Saudi Games Athlete Data in Targeted Info Op Saudi Games, Cyber Fattah

Saudi Games, Cyber Fattah

Cyber Fattah Breach: Pro-Iranian Hackers Leak Saudi Games Athlete Data in Targeted Info Op

Do Son June 24, 2025

In a bold escalation of cyber-enabled information warfare, pro-Iranian hacking group Cyber Fattah has claimed responsibility for...

Spyware Reloaded: SparkKitty Stalks Crypto Wallets via TikTok Mods and Fake Apps

Spyware Reloaded: SparkKitty Stalks Crypto Wallets via TikTok Mods and Fake Apps

Do Son June 24, 2025

Kaspersky Labs has uncovered a stealthy evolution of mobile spyware connected to the infamous SparkCat campaign. Dubbed...

North Korean Hackers Exploit GitHub and Dropbox in Targeted Spearphishing Attacks CVE-2024-3393 - Zservers sanctions

CVE-2024-3393 - Zservers sanctions

North Korean Hackers Exploit GitHub and Dropbox in Targeted Spearphishing Attacks

Do Son June 24, 2025

A new report from EnkiWhiteHat has unveiled a sophisticated cyber espionage operation that leverages GitHub private repositories,...

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials Android Spyware, SpyMax RAT CVE-2024-0039 Android Auto-Reboot Google Play Services

Android Spyware, SpyMax RAT CVE-2024-0039 Android Auto-Reboot Google Play Services

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials

Do Son June 24, 2025

Researchers at K7 Labs have uncovered a highly targeted Android spyware campaign aimed at Indian mobile users,...

CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups CoinTelegraph Hack, Crypto Scam

CoinTelegraph Hack, Crypto Scam

CoinTelegraph Hacked: Fake CTG Airdrop Scam Steals Crypto Via Malicious Pop-Ups

Do Son June 23, 2025

The prominent cryptocurrency news platform CoinTelegraph fell victim to a cyberattack on June 22, 2025, at 22:41...

CoinMarketCap Hacked: “Doodle” Graphic Delivers Malware, Stealing $43K+ from User Wallets CoinMarketCap Hack, Inferno Drainer CVE-2024-53677 PoC Exploit

CoinMarketCap Hack, Inferno Drainer CVE-2024-53677 PoC Exploit

CoinMarketCap Hacked: “Doodle” Graphic Delivers Malware, Stealing $43K+ from User Wallets

Do Son June 23, 2025

On June 20, 2025, CoinMarketCap (CMC)—a trusted name in the crypto ecosystem—fell victim to a highly coordinated...