Security researchers publicly disclosed a critical vulnerability in Control Web Panel alongside proof-of-concept exploit code. This flaw,...
Do Son
Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.
TL;DR Researchers disclosed two UltraVNC repeater vulnerabilities in the tool’s HTTP admin server. One allows arbitrary code...
TL;DR WatchGuard has patched seven WatchGuard Firebox vulnerabilities in its Fireware OS. The worst, CVE-2026-13368 (CVSS 9.2),...
TL;DR Icinga patched three Icinga 2 vulnerabilities on 29 June 2026. Two let an unauthenticated attacker take...
TL;DR CISA published an advisory for five StoneFly Storage Concentrator vulnerabilities on 30 June 2026. Two rate...
TL;DR Researchers at HawkTrace published full technical details and proof-of-concept code for a Microsoft Exchange vulnerability tracked...
TL;DR Attackers are exploiting a Citrix NetScaler vulnerability in the wild, tracked as CVE-2026-8451 (CVSS 8.8). The...
TL;DR The Apache Software Foundation has disclosed two Apache HttpComponents Core vulnerabilities, CVE-2026-54399 and CVE-2026-54428. Both carry...
At a glance Malware Malicious browser extension / search hijacker (“Search for perplexity ai”) Threat actor Not...
Cloudflare has launched a new payment layer called Monetization Gateway. The tool uses the x402 protocol to...
Following its initial reveal at Google I/O 2026 this May, Google has finally launched its agentic AI...
TL;DR CERT Polska disclosed two flaws in GNU gzip on 29 June 2026. One GNU gzip vulnerability,...
At a glance Group Mustang Panda (China-aligned APT; also tracked as Hive0154) Activity Cyberespionage, spear-phishing, cloud-service C2...
At a glance Group The Gentlemen (ransomware-as-a-service) Activity Ransomware, data-leak extortion, custom tool development Targets Large firms...
At a glance Actor: Suspected Russian state-sponsored actors and proxies Activity type: Covert information operations and hacktivism...
At a glance Malware TONResolver (RAT; also tracked as TonRAT by Microsoft; detected as TrojanSpy.JS.TONRESOLVER.A) Threat actor...
TL;DR IBM patched three flaws in Db2 for Linux, UNIX, and Windows. The worst is an IBM...
TL;DR CISA added a Microsoft SharePoint vulnerability to its Known Exploited Vulnerabilities catalog on 1 July 2026....
At a glance Actor or Group: Scattered Spider (Octo Tempest, UNC3944, 0ktapus) Activity Type: Data extortion, computer...
TL;DR Cisco has patched a Cisco Catalyst Center vulnerability tracked as CVE-2026-20191 (CVSS 7.5). The flaw lets...
TL;DR A critical flaw in Poweradmin lets attackers take over DNS administrator accounts. Tracked as CVE-2026-54588, it...