Do Son, Author at Daily CyberSecurity • Page 93 of 725

Supply Chain Poison: Lotus Blossom Hits Notepad++ to Deploy “Chrysalis” Lotus Blossom Chrysalis Notepad++ Compromise

Supply Chain Poison: Lotus Blossom Hits Notepad++ to Deploy “Chrysalis”

Do Son February 5, 2026

The notorious Chinese state-sponsored threat group Lotus Blossom has resurfaced with a dangerous new toolkit, compromising the...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns of Unpatched Avation & RISS Critical Flaws

Do Son February 5, 2026

In a concerning update for the operational technology (OT) sector, the Cybersecurity and Infrastructure Security Agency (CISA)...

“Can You Hear Me?” BlueNoroff Hackers Use Fake Audio Glitch to Breach macOS BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

“Can You Hear Me?” BlueNoroff Hackers Use Fake Audio Glitch to Breach macOS

Do Son February 5, 2026

A routine business call turned into a nightmare for one macOS user after North Korean state-sponsored hackers...

Samsung MagicInfo9 Vulnerability CVE-2026-25202 Galaxy S26 benchmarks Samsung HBM4 NVIDIA certification Samsung Bixby Perplexity integration, One UI 8.5 AI assistant Samsung Taylor 2nm mass production, TSMC 2nm capacity constraint 2026 Samsung SATA SSD Discontinuation, SSD Market Shift Samsung SATA SSD Discontinuation, M.2 Market Shift Samsung Foundry 4nm Yield Tsavorite OPU Chip Order Samsung Project Moohan, Android XR Samsung OpenAI Partnership, AI Infrastructure Samsung Exynos 2600, 2nm GAA Tesla AI Chips, Samsung Foundry Deal Samsung Foldables, Galaxy Unpacked 2025 Samsung AI, Perplexity AI Samsung data breach Q990D firmware US tariffs

Signage Hijack: Samsung MagicInfo9 Flaws (CVSS 9.8) Expose Servers

Do Son February 5, 2026

Samsung’s MagicInfo9 Server, a widely used solution for managing digital signage displays, has been struck by a...

Ghost Folders: “Directory Shadowing” Hack Hijacks WordPress SEO WordPress Directory Shadowing SEO Spam Malware

Ghost Folders: “Directory Shadowing” Hack Hijacks WordPress SEO

Do Son February 5, 2026

A new and stealthy malware campaign is targeting WordPress sites, turning trusted pages into billboards for online...

Open VSX Hijacked: “GlassWorm” Malware Poisons VS Code Extensions

Do Son February 5, 2026

A sophisticated supply chain attack has struck the open-source ecosystem, leveraging compromised developer credentials to inject malware...

Industrial Alert: Critical Auth Bypass (CVSS 9.2) Hits Moxa Switches Moxa Linux kernel vulnerabilities Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Moxa Linux kernel vulnerabilities Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Industrial Alert: Critical Auth Bypass (CVSS 9.2) Hits Moxa Switches

Do Son February 5, 2026

Industrial networking giant Moxa has issued a high-severity security advisory urging customers to patch a wide range...

How Video Wall Controllers Improve Security Operations Centers Google SpaceX cloud deal

How Video Wall Controllers Improve Security Operations Centers

Do Son February 4, 2026

The right video wall setup helps control and security centers stay on top of potential crises, even...

PoC Public & Exploited: Critical SolarWinds Help Desk Flaw Exploited in the Wild State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

PoC Public & Exploited: Critical SolarWinds Help Desk Flaw Exploited in the Wild

Do Son February 4, 2026

The clock is ticking for organizations running SolarWinds Web Help Desk (WHD), as a nightmare scenario unfolds:...

Unpatchable & Critical: CISA Issues CVSS 10.0 Alert for Synectix Adapters CVE-2022-35914 Synectix LAN 232 TRIO CVE-2026-1633

Unpatchable & Critical: CISA Issues CVSS 10.0 Alert for Synectix Adapters

Do Son February 4, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a maximum-severity alert for the Synectix LAN 232...

Windows 11 KB5089549 network lag Windows 11 Home to Pro Education upgrade Windows 11 Start menu update Windows 11 update KB5079391 Windows 11 KB5085516 OOB update Windows 11 C drive permission error Windows 11 C drive access denied Windows native NVMe driver UEFI Secure Boot certificate rotation Windows 11 printer driver policy Windows 11 printer driver deprecation Windows 11 Build 26300 Sysmon Windows 11 Storage settings restriction Windows 11 Build 26300.7674, Windows Insider channel migration 2026 Windows 11 Update Fix KB5073455 shutdown bug, Secure Launch restart loop Windows 11 File Explorer search performance, Search Indexer RAM usage fix Windows 11 Gaming PC Specs, NVMe DirectStorage Windows 10 End of Support Windows 11 Slow Adoption Windows 11 Crash Loop KB5062553 Bug Update and Shut Down, KB5067036 Windows authentication, Kerberos bug Windows 11 fix, localhost bug Windows 11 Update Restart, Update and Shut Down Windows SMBv1 Windows 11 Arm, Easy Anti-Cheat Windows 11 error, Pluton Windows 11 24H2, Easy Anti-Cheat Windows Firewall Bug, Microsoft Update Error Windows 11, JScript9Legacy Windows Activation, TSforge Windows 11 Update, Firewall Error Windows 11 25H2, Annual Update Windows Resiliency Initiative, Kernel Security Windows 11 Upgrade, ESU Program Windows 11 Recall, Data Export Windows 11 Easy Anti-Cheat Windows 11 Update, Cumulative Update Windows Update, ACPI.sys Windows Updates, Enterprise Software Windows 11 Start Data Encryption Standard Printing Problems Windows 11 updates Estimated installation time Smart App Control, Windows 11 security

Native Sysmon Arrives in the Latest Windows 11 Insider Build 26300

Do Son February 4, 2026

Microsoft has recently disseminated Windows 11 Build 26300.7733, a functional update predicated on the 26H2 development branch,...

Google licenses app code Gemini API Prepaid Billing Gemini macOS Desktop Intelligence Gemini API Tier 2 upgrade Google Workspace CLI AI Google Gemini Import AI Chats Google AI Plus subscription 2026, Gemini 3 Pro vs AI Pro cost Apple, Google Gemini, Siri, Apple Intelligence, iOS 26, The Information, Fine-tuning, Private Cloud Compute, AI Partnership, Tech News 2026 Gemini Assistant transition 2026, Google Assistant sunset delay Nano Banana Pro AI Image Text Gemini Deep Research, Workspace Integration Gemini Canvas, presentation generation

Breaking the AI Silo: How Google’s New “Import AI Chats” Feature Ends Context Lock-In

Do Son February 4, 2026

Despite the passage of many years, the seamless migration of data between the Android and iOS ecosystems...

The Vanishing Taskbar: Windows 11’s Optional KB5074105 Update Rescues Users from “Explorer” Hell Windows 11 25H2 mandatory update Windows 11 KB5074105 fix Windows 11 Performance, Misleading Claim Windows 11 Kerberos

Windows 11 25H2 mandatory update Windows 11 KB5074105 fix Windows 11 Performance, Misleading Claim Windows 11 Kerberos

The Vanishing Taskbar: Windows 11’s Optional KB5074105 Update Rescues Users from “Explorer” Hell

Do Son February 4, 2026

On January 29, Microsoft disseminated the preview update KB5074105 for Windows 11 versions 24H2 and 25H2. While...

Silent Intrusion: “Metro4Shell” Exploited in the Wild Since December Metro4Shell CVE-2025-11953

Silent Intrusion: “Metro4Shell” Exploited in the Wild Since December

Do Son February 4, 2026

A new report from VulnCheck reveals that CVE-2025-11953, a critical flaw in the Metro development server dubbed...

Urgent Django Update: Patches 3 Critical SQL Injections & DoS Risks Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Urgent Django Update: Patches 3 Critical SQL Injections & DoS Risks

Do Son February 4, 2026

The maintainers of the popular Python web framework Django have issued an urgent security release to squash...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

React Under Siege: Two IPs Drive 56% of Critical CVE-2025-55182 Attacks

Do Son February 4, 2026

Two months after the disclosure of a catastrophic vulnerability in React Server Components, the attack landscape has...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

Chrome 144 Security Alert: V8 & Libvpx Flaws Expose Systems to Hacks

Do Son February 4, 2026

The Stable channel for desktop users has just received a crucial security update, patching two high-severity vulnerabilities...

Rooted via Wi-Fi 7: TP-Link Patches Command Injection in Archer BE230

Do Son February 4, 2026

A new security advisory from TP-Link has disclosed multiple authenticated command injection vulnerabilities affecting its Archer BE230 Wi-Fi...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVE-2026-24936: Critical ASUSTOR Flaw (CVSS 9.5) Allows Remote System Takeover

Do Son February 4, 2026

A severe vulnerability has been discovered in ASUSTOR ADM (ASUSTOR Data Master), the operating system that powers...

“IT Support” Imposters: ShinyHunters Vishing Rings Bypass MFA to Steal Data ShinyHunters Vishing Corporate Vishing Attacks

“IT Support” Imposters: ShinyHunters Vishing Rings Bypass MFA to Steal Data

Do Son February 4, 2026

A new report from Mandiant details how sophisticated voice phishing (vishing) rings are bypassing modern security controls...

Critical Alert 1 Active Exploit Detected Today