Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

9.0 CVE-2025-0282 (CVSS 9.0): Ivanti Confirms Active Exploitation of Critical Flaw Ivanti EPMM security updates Ivanti ITSM vulnerability authenticated privilege escalation Ivanti Xtraction vulnerability CVE-2026-8043 Ivanti EPM RCE, SQL Injection Ivanti EPM, remote code execution CVE-2024-50330 - CVE-2025-0282 and CVE-2025-0283

Ivanti EPMM security updates Ivanti ITSM vulnerability authenticated privilege escalation Ivanti Xtraction vulnerability CVE-2026-8043 Ivanti EPM RCE, SQL Injection Ivanti EPM, remote code execution CVE-2024-50330 - CVE-2025-0282 and CVE-2025-0283

9.0 CVE-2025-0282 (CVSS 9.0): Ivanti Confirms Active Exploitation of Critical Flaw

Do Son January 8, 2025

Ivanti has issued a security advisory addressing two vulnerabilities in its Connect Secure, Policy Secure, and Neurons...

DNA Sequencer BIOS Vulnerabilities Pose Significant Supply Chain Risks DNA Sequencer Vulnerabilities

DNA Sequencer Vulnerabilities

DNA Sequencer BIOS Vulnerabilities Pose Significant Supply Chain Risks

Do Son January 8, 2025

In a recent revelation, Eclypsium’s research team has uncovered severe BIOS/UEFI vulnerabilities in a widely used DNA...

Critical 10 Tips to Protect Your Organization’s Most Critical Assets from Cyber Threats Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Critical 10 Tips to Protect Your Organization’s Most Critical Assets from Cyber Threats

Do Son January 8, 2025

In today’s digital world, businesses face an increasing number of cyber threats targeting sensitive data, systems, and...

Breaking News: 1 Simple Passive Income Idea to Help You Increase Your Wealth in 2025 Docker Swarm Strategic Bitcoin Reserve

Docker Swarm Strategic Bitcoin Reserve

Breaking News: 1 Simple Passive Income Idea to Help You Increase Your Wealth in 2025

Do Son January 8, 2025

In today’s dynamic cryptocurrency landscape, savvy investors are constantly seeking new strategies to enhance their financial gains....

8.8 CVE-2024-52875: KerioControl Firewall Flaw Under Active Exploit, Urgent Patching Required WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

8.8 CVE-2024-52875: KerioControl Firewall Flaw Under Active Exploit, Urgent Patching Required

Do Son January 7, 2025

A critical vulnerability in GFI KerioControl firewalls (versions 9.2.5 through 9.4.5) is under active exploitation, allowing attackers...

Casio Discloses Data Leak Following Ransomware Attack Casio Network Breach - data leak

Casio Network Breach - data leak

Casio Discloses Data Leak Following Ransomware Attack

Do Son January 7, 2025

Casio Computer Co., Ltd. has disclosed the results of its investigation into a ransomware attack that compromised...

10 CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller

CVE-2024-50603

10 CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller

Do Son January 7, 2025

Jakub Korepta, Principal Security Consultant and Head of Infrastructure Security at Securing, has released a detailed report...

“Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers Gayfemboy botnet

Gayfemboy botnet

“Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers

Do Son January 7, 2025

XLab has released a report on the Gayfemboy botnet, a rapidly evolving threat leveraging a 0-day vulnerability...

SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS SonicWall SMA 1000 MFA Bypass SonicWall SSLVPN Flaw CVE-2025-40601 SonicOS vulnerability - CVE-2024-53704

SonicWall SMA 1000 MFA Bypass SonicWall SSLVPN Flaw CVE-2025-40601 SonicOS vulnerability - CVE-2024-53704

SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS

Do Son January 7, 2025

SonicWall, a leading cybersecurity provider, has issued an important security advisory warning of multiple vulnerabilities affecting its...

CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server

Do Son January 7, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to organizations about three actively...

Critical Trio of Critical Vulnerabilities in Netis Routers Enables Unauthenticated RCE CVE-2024-48455, CVE-2024-48456, and CVE-2024-48457

CVE-2024-48455, CVE-2024-48456, and CVE-2024-48457

Critical Trio of Critical Vulnerabilities in Netis Routers Enables Unauthenticated RCE

Do Son January 7, 2025

A recent report by security researcher H00die.Gr3y has revealed a series of critical vulnerabilities affecting several Netis...

8.8 Chrome Update Addresses High-Severity Vulnerability: CVE-2025-0291

CVE-2025-0291

8.8 Chrome Update Addresses High-Severity Vulnerability: CVE-2025-0291

Do Son January 7, 2025

Google has just released a critical security update for its Chrome web browser, addressing a high-severity vulnerability...

Authentication Bypass Vulnerability Found in Dell OpenManage Server Administrator Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398

Authentication Bypass Vulnerability Found in Dell OpenManage Server Administrator

Do Son January 7, 2025

Dell Technologies has issued a critical security advisory for its OpenManage Server Administrator (OMSA) software. The advisory...

9.8 Secure Your Repos: go-git Patches Critical Vulnerability – CVE-2025-21613 (CVSS 9.8) CVE-2025-21613 & CVE-2025-21614

CVE-2025-21613 & CVE-2025-21614

9.8 Secure Your Repos: go-git Patches Critical Vulnerability – CVE-2025-21613 (CVSS 9.8)

Do Son January 7, 2025

The popular Go library for Git interaction, go-git, has recently released version 5.13 to address two critical...

4.4 CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks Redis RCE, HyperLogLog Vulnerability CVE-2024-51741 - CVE-2024-46981

Redis RCE, HyperLogLog Vulnerability CVE-2024-51741 - CVE-2024-46981

4.4 CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks

Do Son January 6, 2025

Two vulnerabilities have been discovered in Redis, the popular in-memory database, leaving millions of users at risk....

8.8 CVE-2024-43096 and More: Critical RCE Flaws Patched in Android Security Update Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

8.8 CVE-2024-43096 and More: Critical RCE Flaws Patched in Android Security Update

Do Son January 6, 2025

The Android Security Bulletin for January 2025 highlights critical security vulnerabilities affecting millions of Android devices globally....

8.1 CVE-2024-20154: Critical RCE Flaw in MediaTek Chipsets Impacts Millions MediaTek Modem Vulnerabilities, January 2026 Security Bulletin MediaTek Vulnerabilities, Chipset Security CVE-2024-20103 & CVE-2024-20100 - CVE-2024-20154 - February 2025 Product Security Bulletin

MediaTek Modem Vulnerabilities, January 2026 Security Bulletin MediaTek Vulnerabilities, Chipset Security CVE-2024-20103 & CVE-2024-20100 - CVE-2024-20154 - February 2025 Product Security Bulletin

8.1 CVE-2024-20154: Critical RCE Flaw in MediaTek Chipsets Impacts Millions

Do Son January 6, 2025

MediaTek has released its January 2025 Product Security Bulletin, addressing a range of security vulnerabilities affecting its...

Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766 PyPI Packages Leak

PyPI Packages Leak

Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766

Do Son January 6, 2025

In September 2024, a critical vulnerability in SonicWall NSA devices, tracked as CVE-2024-40766, was disclosed. Since then,...

Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover Argo CD Secret Leak CVE-2026-42880 CVE-2024-28175 Argo CD DoS, Webhook Flaws

Argo CD Secret Leak CVE-2026-42880 CVE-2024-28175 Argo CD DoS, Webhook Flaws

Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover

Do Son January 6, 2025

Argo Workflows, a widely-used open-source tool for orchestrating workflows in Kubernetes, has become a valuable asset for...

7.5 CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys CVE-2023-46850 - CVE-2024-8474

CVE-2023-46850 - CVE-2024-8474

7.5 CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys

Do Son January 6, 2025

Popular VPN client app, OpenVPN Connect, patched a critical security flaw that could have exposed users’ private...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-4020CVSS 7.5
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and...
CVE-2026-10735
Multiple plugins by ShapedPlugin contain a backdoor in various versions. This makes it possible for unauthenticated attackers to...
CVE-2026-20262CVSS 6.5
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated,...
CVE-2026-54420CVSS 8.5
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a...
CVE-2026-53435CVSS 8.8
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize...
CVE-2026-10795CVSS 8.1
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions...
CVE-2026-11645
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker...
CVE-2026-50751CVSS 9.3
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows...
CVE-2026-20245CVSS 7.8
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local...