Skip to content
inionline.net
  • Managed IT Support Services
  • Contact Us
inionline.net
  • Blog

    New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

    An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system. Adam Kues at…

    Read More New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run CodeContinue

  • Blog

    OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

    Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it….

    Read More OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS RequestsContinue

  • Blog

    Inc Ransomware Exploits SonicWall SMA Zero-Days

    When chained together, the two vulnerabilities allow threat actors to gain root-level capabilities on SonicWall’s mobile access appliances.

    Read More Inc Ransomware Exploits SonicWall SMA Zero-DaysContinue

  • Blog

    Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

    Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an “unprecedented” four-tier blockchain-based command-and-control (C2) infrastructure spanning Tron,

    Read More Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RATContinue

  • Blog

    New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

    A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast…

    Read More New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes TokensContinue

  • Blog

    The Real AI Threat Is Blind Trust

    AI models left to both interpret and execute commands eliminate critical cybersecurity oversight.

    Read More The Real AI Threat Is Blind TrustContinue

  • Blog

    GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

    Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group known for its targeting of the gambling and gaming sectors…

    Read More GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate TheftContinue

  • Blog

    Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

    North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. “Any user who ran the project ended up with a four-stage payload aligned with OTTERCOOKIE: a browser credential and crypto…

    Read More Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag ImagesContinue

  • Blog

    Gold Eagle Clearinghouse Targets Security Gap, But How Is Unclear

    The White House launched Gold Eagle to coordinate vulnerability response in a new AI world, but multiple questions linger over how it’s being implemented.

    Read More Gold Eagle Clearinghouse Targets Security Gap, But How Is UnclearContinue

  • Blog

    Google Bets ‘Agentic Defense’ Strategy Can Outpace Attackers

    Google Cloud incorporates key Wiz capabilities into an agentic defense platform to automate threat detection and remediation against AI attacks.

    Read More Google Bets ‘Agentic Defense’ Strategy Can Outpace AttackersContinue

Page navigation

1 2 3 … 529 Next PageNext
Facebook
Privacy Policy
Background by Vecteezy

Web Design 2024 SekuritasIT

Veteran Owned and Operated

Scroll to top
  • Managed IT Support Services
  • Contact Us