Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

NVIDIA Issues Patches for High-Severity Flaws in Cumulus Linux and NVOS NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA Issues Patches for High-Severity Flaws in Cumulus Linux and NVOS

Do Son February 26, 2026

NVIDIA has issued an important security bulletin for February 2026, warning network administrators of three high-severity vulnerabilities...

Critical Flaw in Juniper PTX Routers: Unauthenticated Root Access Discovered Junos OS Evolved CVE-2026-21902 Juniper Security Director, Critical Vulnerability Junos OS vulnerabilities - CVE-2025-21598 & CVE-2025-21599

Junos OS Evolved CVE-2026-21902 Juniper Security Director, Critical Vulnerability Junos OS vulnerabilities - CVE-2025-21598 & CVE-2025-21599

Critical Flaw in Juniper PTX Routers: Unauthenticated Root Access Discovered

Do Son February 26, 2026

Juniper Networks has issued an urgent out-of-cycle security bulletin warning of a critical vulnerability affecting its PTX...

Google Supercharges Android Scam Defenses with On-Device Gemini AI Android 17 Tap to Share Gemini Scam Detection Galaxy S26 AI Security

Android 17 Tap to Share Gemini Scam Detection Galaxy S26 AI Security

Google Supercharges Android Scam Defenses with On-Device Gemini AI

Do Son February 26, 2026

Mobile scams are growing increasingly sophisticated, blending stolen personal data with manipulative psychological tactics. However, Google is...

Russia Set to Escalate to ‘New Generation Warfare’ Against NATO Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Russia Set to Escalate to ‘New Generation Warfare’ Against NATO

Do Son February 26, 2026

According to a newly released threat analysis by Recorded Future’s Insikt Group , Europe must brace for...

The Three-Year Shadow: Critical CVSS 10 Cisco SD-WAN Zero-Day Exploited by UAT-8616

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

The Three-Year Shadow: Critical CVSS 10 Cisco SD-WAN Zero-Day Exploited by UAT-8616

Do Son February 26, 2026

Cisco Talos has issued a high-alert warning regarding the active exploitation of CVE-2026-20127, a critical vulnerability affecting...

North Korea’s Lazarus Group Deploys Medusa Ransomware Against U.S. Healthcare SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

North Korea’s Lazarus Group Deploys Medusa Ransomware Against U.S. Healthcare

Do Son February 26, 2026

A disturbing shift in nation-state cyber tactics has been uncovered as North Korean state-backed attackers integrate Medusa...

Critical SQL Injection Vulnerability Found in ‘ormar’ Python Library Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Critical SQL Injection Vulnerability Found in ‘ormar’ Python Library

Do Son February 26, 2026

A major security flaw has been unearthed in ormar, a popular asynchronous mini Object-Relational Mapper (ORM) for...

Public Exploit for Windows Kernel Flaw Grants Instant SYSTEM Access CVE-2026-21241 Windows Kernel Privilege Escalation

CVE-2026-21241 Windows Kernel Privilege Escalation

Public Exploit for Windows Kernel Flaw Grants Instant SYSTEM Access

Do Son February 25, 2026

A high-severity security flaw in the Windows kernel is putting system administrators on high alert following the...

Critical 9.2 Severity Path Traversal Flaw Compromises ASUSTOR FTP Backups Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Critical 9.2 Severity Path Traversal Flaw Compromises ASUSTOR FTP Backups

Do Son February 25, 2026

ASUSTOR has released an urgent security statement detailing multiple critical and high-severity vulnerabilities affecting its ASUSTOR Data...

Accidental Overlord: How a PS5 Controller Mod Unlocked a 7,000-Unit Robot Vacuum Army

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Accidental Overlord: How a PS5 Controller Mod Unlocked a 7,000-Unit Robot Vacuum Army

Do Son February 25, 2026

The vast majority of autonomous vacuum cleaners are equipped with integrated cameras and remote manipulation capabilities, with...

Apple Shatters Tradition with a Touchscreen OLED MacBook Pro MacBook Pro OLED touch screen MacBook Pro Touchscreen, M6 Chip OLED M5 MacBook Pro, 24-Hour Battery

MacBook Pro OLED touch screen MacBook Pro Touchscreen, M6 Chip OLED M5 MacBook Pro, 24-Hour Battery

Apple Shatters Tradition with a Touchscreen OLED MacBook Pro

Do Son February 25, 2026

Apple, having long maintained the steadfast conviction that “laptops ought not to possess touchscreens,” appears finally prepared...

Google’s $40B Gamble on Water-Free AI Cooling in the Arid Heart of Texas

Google’s $40B Gamble on Water-Free AI Cooling in the Arid Heart of Texas

Do Son February 25, 2026

Beneath the meteoric surge in AI computational prowess, the staggering consumption of aqueous and electrical resources is...

Fintech Shakeup: Stripe Explores Acquisition of Rival PayPal in $159B Valuation Surge Stripe PayPal acquisition

Stripe PayPal acquisition

Fintech Shakeup: Stripe Explores Acquisition of Rival PayPal in $159B Valuation Surge

Do Son February 25, 2026

According to an exclusive expose published today by Bloomberg, the payment processing titan Stripe Inc. has manifested...

OpenAI Responses API Now Ingests Excel, Word, and PowerPoint Directly ChatGPT advertising US only OpenAI GPT-5.4 launch OpenAI Responses API file support ChatGPT Ads pricing ChatGPT conversational advertising, OpenAI monetization strategy 2026 OpenAI Code Red, ChatGPT Sycophancy Crisis AI music ChatGPT memory, targeted ads ChatGPT User Milestone, Generative AI Adoption ChatGPT ads, AI monetization GPT-5, OpenAI

ChatGPT advertising US only OpenAI GPT-5.4 launch OpenAI Responses API file support ChatGPT Ads pricing ChatGPT conversational advertising, OpenAI monetization strategy 2026 OpenAI Code Red, ChatGPT Sycophancy Crisis AI music ChatGPT memory, targeted ads ChatGPT User Milestone, Generative AI Adoption ChatGPT ads, AI monetization GPT-5, OpenAI

OpenAI Responses API Now Ingests Excel, Word, and PowerPoint Directly

Do Son February 25, 2026

Following the global debut of the GPT-5.3-Codex programming model, OpenAI has concurrently expanded the repertoire of supported...

The Self-Correcting Architect: OpenAI Launches GPT-5.3-Codex to Lead the Agentic Coding Era GPT-5.3-Codex release

GPT-5.3-Codex release

The Self-Correcting Architect: OpenAI Launches GPT-5.3-Codex to Lead the Agentic Coding Era

Do Son February 25, 2026

On February 5, 2026, OpenAI unveiled its specialized programming model, GPT-5.3-Codex. Initially, access was restricted to ChatGPT...

Workstation in Your Pocket: Claude Code Unveils “Remote Control” for Total Mobile Dev Autonomy Claude Code Remote Control

Claude Code Remote Control

Workstation in Your Pocket: Claude Code Unveils “Remote Control” for Total Mobile Dev Autonomy

Do Son February 25, 2026

The AI-driven programming suite Claude Code has recently unveiled its sophisticated Remote Control capability, currently accessible as...

27-Year-Old Telnet Flaw Resurfaces to Grant Attackers Instant Root Access

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

27-Year-Old Telnet Flaw Resurfaces to Grant Attackers Instant Root Access

Do Son February 25, 2026

A new technical analysis by security researcher Justin Swartz reveals that a critical vulnerability first identified in...

Death of the XSS Bug? Firefox 148 Debuts the Sanitizer API to Neutralize Malicious Scripts Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Death of the XSS Bug? Firefox 148 Debuts the Sanitizer API to Neutralize Malicious Scripts

Do Son February 25, 2026

Cross-site scripting (XSS) has haunted web developers for decades, consistently ranking as one of the most pervasive...

The AI Evolution of Mobile Malware: SURXRAT V5 Combines Surveillance, Ransomware, and LLMs SURXRAT V5 AI-Assisted Android Malware

SURXRAT V5 AI-Assisted Android Malware

The AI Evolution of Mobile Malware: SURXRAT V5 Combines Surveillance, Ransomware, and LLMs

Do Son February 25, 2026

The Android malware landscape is undergoing a significant transformation, shifting away from simple data theft toward professionalized,...

Sanctions and Stolen Secrets: U.S. Cracks Down on ‘Operation Zero’ Exploit Brokerage Operation Zero Exploit Brokers VOLTZITE Threat Group

Operation Zero Exploit Brokers VOLTZITE Threat Group

Sanctions and Stolen Secrets: U.S. Cracks Down on ‘Operation Zero’ Exploit Brokerage

Do Son February 25, 2026

The U.S. Department of the Treasury has taken a decisive stand against the illicit trade of digital...