Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

The Negotiator Turned Traitor: Insider Betrayal in the BlackCat Ransomware Ring NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The Negotiator Turned Traitor: Insider Betrayal in the BlackCat Ransomware Ring

Do Son April 21, 2026

A Florida man has admitted to playing both sides of the ransomware fence. Angelo Martino, 41, a...

AI Hype Hijacked: How a Fake Claude Installer Blinds Windows Security Claude AI Phishing MSIX Malware

Claude AI Phishing MSIX Malware

AI Hype Hijacked: How a Fake Claude Installer Blinds Windows Security

Do Son April 21, 2026

According to a new technical analysis from Rapid7, a sophisticated ClickFix campaign has been discovered masquerading as...

The Price of Privacy: Atlassian to Train AI on Jira and Confluence Data Starting August 2026 CVE-2024-21687 & CVE-2024-21686 Atlassian AI data contribution

CVE-2024-21687 & CVE-2024-21686 Atlassian AI data contribution

The Price of Privacy: Atlassian to Train AI on Jira and Confluence Data Starting August 2026

Do Son April 21, 2026

The prominent software conglomerate Atlassian has recently revised its data contribution policy, announcing that effective August 17,...

The Ghost in the Browser: Is Claude Desktop Clandestinely Installing a Surveillance Bridge? Claude Cowork quota update Claude Desktop native messaging bridge Anthropic Opus 4.5 Claude Excel Integration

Claude Cowork quota update Claude Desktop native messaging bridge Anthropic Opus 4.5 Claude Excel Integration

The Ghost in the Browser: Is Claude Desktop Clandestinely Installing a Surveillance Bridge?

Do Son April 21, 2026

Distinguished privacy expert Alexander Hanff recently published a profound analytical discourse on his blog, unveiling that Claude...

Scotland Man Pleads Guilty in Massive $8 Million Crypto-Heist and Phishing Campaign Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Scotland Man Pleads Guilty in Massive $8 Million Crypto-Heist and Phishing Campaign

Do Son April 21, 2026

A 24-year-old Dundee man has admitted his role in a sophisticated international cybercrime ring that utilized SMS...

CISA Warns of Active Exploitation in Cisco, PaperCut, and Zimbra TP-Link, CISA CVE-2023-32315 CISA KEV Catalog Active Exploitation

TP-Link, CISA CVE-2023-32315 CISA KEV Catalog Active Exploitation

CISA Warns of Active Exploitation in Cisco, PaperCut, and Zimbra

Do Son April 21, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding eight...

Cybersecurity: How to Keep NoSQL Databases Safe tech

tech

Cybersecurity: How to Keep NoSQL Databases Safe

Do Son April 21, 2026

Cyber attacks are increasing at an alarming rate, with organizations across the globe facing more frequent and...

Progress Kemp LoadMaster Alert: Multiple RCE and WAF Bypass Flaws Patched Kemp LoadMaster flaws command injection remote execution Kemp LoadMaster Vulnerability WAF Bypass Technique Progress WhatsUp Gold Vulnerabilities

Kemp LoadMaster flaws command injection remote execution Kemp LoadMaster Vulnerability WAF Bypass Technique Progress WhatsUp Gold Vulnerabilities

Progress Kemp LoadMaster Alert: Multiple RCE and WAF Bypass Flaws Patched

Do Son April 21, 2026

The Progress Kemp LoadMaster team has confirmed a significant security event involving five high-severity vulnerabilities affecting its...

RondoDox Botnet Hijacks Everything from IoT to Fortnite RondoDox Botnet Nanomite Anti-Debugging

RondoDox Botnet Nanomite Anti-Debugging

RondoDox Botnet Hijacks Everything from IoT to Fortnite

Do Son April 21, 2026

A new deep-dive analysis from BitSight has unmasked the RondoDox Botnet, a sophisticated and rapidly evolving threat...

ASUSTOR Issues Critical Patch: Command Injection Vulnerability Threatens ADM Users

ASUSTOR Issues Critical Patch: Command Injection Vulnerability Threatens ADM Users

Do Son April 21, 2026

ASUSTOR has issued an urgent security advisory regarding a high-severity command injection vulnerability impacting its ASUSTOR Data...

ZionSiphon: The “Defanged” Malware Aiming for the Water Supply Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

ZionSiphon: The “Defanged” Malware Aiming for the Water Supply

Do Son April 21, 2026

A new and highly specialized malware threat has emerged in the industrial cybersecurity landscape, signaling a targeted...

Top 10 MDR Providers for Healthcare Organizations WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

Top 10 MDR Providers for Healthcare Organizations

Do Son April 20, 2026

Healthcare organizations face some of the highest-stakes cybersecurity risks of any industry. A successful ransomware attack, credential...

Rclone Critical Vulnerability Alert: Public PoC Released for Administrative Auth Bypass and RCE rclone command execution execute local commands Rclone RCE CVE-2026-41176

rclone command execution execute local commands Rclone RCE CVE-2026-41176

Rclone Critical Vulnerability Alert: Public PoC Released for Administrative Auth Bypass and RCE

Do Son April 20, 2026

The cybersecurity community is on high alert following the public disclosure of two critical vulnerabilities in Rclone,...

Public PoC and Technical Details Disclosed for Apache Syncope RCE Apache Syncope RCE CVE-2025-57738

Apache Syncope RCE CVE-2025-57738

Public PoC and Technical Details Disclosed for Apache Syncope RCE

Do Son April 20, 2026

A new report from SecureLayer7 has unmasked a high-severity Remote Code Execution (RCE) vulnerability in Apache Syncope,...

Critical 9.4 CVSS Flaw Leaves Dolibarr ERP Open to RCE Dolibarr RCE CVE-2026-23500

Dolibarr RCE CVE-2026-23500

Critical 9.4 CVSS Flaw Leaves Dolibarr ERP Open to RCE

Do Son April 20, 2026

A security vulnerability has been identified in Dolibarr ERP & CRM, a popular open-source suite used by...

Paperclip Unclipped: The 9.8 CVSS Flaw Handing Your AI Agents to the Public Paperclip RCE AI Agent Security Paperclip RCE Cross-Tenant AI Takeover

Paperclip RCE AI Agent Security Paperclip RCE Cross-Tenant AI Takeover

Paperclip Unclipped: The 9.8 CVSS Flaw Handing Your AI Agents to the Public

Do Son April 20, 2026

In the rapidly expanding frontier of AI-driven business, Paperclip has emerged as a sleek Node.js and React-based...

Critical 9.1 CVSS Bypass in Clerk’s Middleware Gating Clerk Middleware Bypass createRouteMatcher Vulnerability

Clerk Middleware Bypass createRouteMatcher Vulnerability

Critical 9.1 CVSS Bypass in Clerk’s Middleware Gating

Do Son April 20, 2026

A critical security vulnerability has been uncovered in Clerk, a popular user management platform. The flaw, which...

New “PowMix” Botnet Preys on Czech Workforce with Lure of Compliance PowMix Botnet AMSI Bypass

PowMix Botnet AMSI Bypass

New “PowMix” Botnet Preys on Czech Workforce with Lure of Compliance

Do Son April 20, 2026

Cybersecurity researchers have exposured the curtain on a sophisticated, previously undocumented botnet that has been silently compromising...

Cyber-Actors are “Laundering Trust” to Hijack the Global Supply Chain Load Board Phishing Signing-as-a-Service

Load Board Phishing Signing-as-a-Service

Cyber-Actors are “Laundering Trust” to Hijack the Global Supply Chain

Do Son April 20, 2026

Proofpoint researchers have detailed the curtain on a sophisticated cyber-operation targeting the transportation industry, revealing a month-long...

Critical 9.1 Auth Bypass Hits Budibase Operations Platform Budibase Authentication Bypass Regex URL Injection

Budibase Authentication Bypass Regex URL Injection

Critical 9.1 Auth Bypass Hits Budibase Operations Platform

Do Son April 20, 2026

Budibase, the popular open-source platform used by engineers to build internal apps and automations, has issued a...