VỮNG MÃI MỘT NIỀM TIN
FROM MEETING INVITES TO MALWARE: HOW CALENDAR FILES BECOME A BACKDOOR FOR EMAIL ATTACKS
- 08/04/2026
A new cyberattack trend is rapidly spreading worldwide as threat actors abuse iCalendar (.ics) files—long considered harmless—to distribute malware, steal data, and even exploit zero-day vulnerabilities. Security researchers warn that this technique can bypass most traditional email security controls.
Critical Nginx UI Vulnerability: Hackers Can Download and Decrypt Server Backups
- 11/03/2026
A critical vulnerability has recently been discovered in Nginx UI, a popular web-based management interface for Nginx servers. The flaw could allow attackers to download and decrypt the entire system backup without any authentication. The vulnerability, identified as CVE-2026-27944, has a CVSS score of 9.8, which is close to the maximum severity level. With this level of risk, systems exposing Nginx UI to the internet could leak sensitive data—including user information, security keys, and SSL certificates—through nothing more than a simple HTTP request.
.jpg)
🚨 CyberStrikeAI Identified – AI Platform Behind Large-Scale FortiGate Scanning Campaign Across 55 Countries
- 09/03/2026
A recent analysis from the international cybersecurity community has revealed new details about the scale and operational methods behind the attack campaign targeting FortiGate devices that was first reported in February 2026. According to the findings, the campaign—which compromised more than 600 devices across 55 countries—may have been coordinated using an automated attack platform known as CyberStrikeAI.
The Dark Side of Pirated Software: A Global Malware Campaign Uncovered
- 08/01/2026
A large-scale malware distribution campaign recently dismantled by South Korean authorities has exposed the serious risks associated with using pirated software. Notably, the malware was spread through KMSAuto – an illegal activation tool for Windows and Microsoft Office that is widely used around the world.
.jpg)
Is Google Play Still Safe? PDF App Found Stealing Banking Credentials
- 19/12/2025
A new wave of Android banking malware has resurfaced, once again exposing the growing risks hidden inside seemingly harmless mobile applications. Security researchers warn that a fake PDF reader and file management app has successfully bypassed Google Play’s security checks, silently delivering the notorious Anatsa (TeaBot) malware to unsuspecting users.
MYSTERIOUS ‘ANONYMOUS COMPLAINT’ ENVELOPE WITH USB – DO NOT PLUG IN OR RISK LOSING ALL DATA!
- 09/12/2025
Recently, there have been multiple reports of people unexpectedly receiving express mail envelopes containing anonymous complaint letters accompanied by suspicious USB drives. Although they appear to be important documents, they have no sender, no signature, and no official seal, posing a potential trap set by malicious actors. According to cybersecurity experts, simply plugging the USB into a computer—even without opening any files—can trigger malware automatically, causing serious damage.
.png)
CRITICAL SECURITY NOTICE: NEW SSLVPN BUFFER OVERFLOW VULNERABILITY THREATENS SONICWALL DEPLOYMENTS
- 05/12/2025
SonicWall has issued an urgent security advisory regarding a newly discovered buffer overflow vulnerability affecting the SSLVPN service in SonicOS. Tracked as CVE-2025-40601 with a CVSS score of 7.5, this flaw allows unauthenticated remote attackers to crash the firewall and disrupt enterprise network connectivity.
URGENT ALERT: ORACLE EBS ZERO-DAY VULNERABILITY EXPLOITED BY CLOP RANSOMWARE
- 24/11/2025
A critical vulnerability in the Oracle E-Business Suite (EBS) is being exploited by the notorious Clop ransomware group, targeting large enterprises and organizations worldwide. The vulnerability, CVE-2025-61882, allows attackers to gain unauthorized access and control over core ERP functions, including procurement, logistics, and finance.
Global Internet Turmoil: A One-Hour Cloudflare Outage Exposes a Critical Weakness
- 19/11/2025
On the evening of November 18 (Vietnam time), a Cloudflare outage lasting just over one hour was enough to shake the entire Internet. Social networks, online payments, AI services, and gaming platforms all experienced simultaneous disruptions — revealing a troubling reality: a single malfunction at Cloudflare can turn the Internet into a “critical point of failure.”
Critical Dual CVSS 10 Vulnerabilities Highlight SAP’s November Security Updates
- 17/11/2025
SAP has released its November security patches, including 18 new fixes and 2 updates to previously published security notes. Notably, two vulnerabilities have been rated CVSS 10 and another critical flaw scored 9.9, all affecting essential components widely used across enterprise environments.
Attacks via Zoom and GitHub: GhostCall and GhostHire Campaigns Expanding Across the Web3 Landscape
- 04/11/2025
Cybersecurity researchers have recently uncovered two sophisticated attack campaigns targeting the global Web3 and blockchain ecosystem — named GhostCall and GhostHire. Both are linked to BlueNoroff, a subgroup of the infamous Lazarus Group, active since at least 2017 under the broader SnatchCrypto operation. Their primary targets include technology firms, investment funds, and Web3 developers across Japan, Australia, India, France, Singapore, Turkey, Sweden, and Hong Kong.
“AI Insider Threat”: When Business Chatbots Turn Into Internal Risks
- 29/10/2025
A recent discovery by cybersecurity researchers has raised alarms for businesses using automated AI assistants. In tests, researchers replicated a customer support chatbot on Microsoft Copilot Studio and demonstrated that, with just a few natural language commands, hackers could take control of the chatbot and exfiltrate all customer data.
GlassWorm – The Stealth Malware in the Extension Era
- 28/10/2025
A new supply chain attack campaign is silently spreading across the globe, targeting software developers — including users of OpenVSX and Microsoft Visual Studio Code (VS Code). The malicious software, named GlassWorm, has been downloaded more than 35,800 times, turning developers’ computers into “links” in a growing cybercriminal network.
24 Hours Seeking the Answer: When the Cloud Pillars Trembled and AWS Froze the Internet
- 22/10/2025
In today’s digital infrastructure landscape, three giants — Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) — form the foundation of the modern Internet. From streaming and e-commerce to digital banking and artificial intelligence, most of the world’s online operations rely on this trio of cloud powerhouses.
Hackers Hide Malware in Blockchain, Target WordPress Users
- 22/10/2025
Blockchain — often praised for its transparency and decentralization — has ironically become a fertile ground for cybercriminal exploitation
175 Malicious npm Packages Exploited in the Beamglea Phishing Campaign
- 14/10/2025
While developers continue to rely on open-source libraries like npm to save development time, cybercriminals are finding new ways to turn these trusted platforms into phishing infrastructures
GoAnywhere MFT Hit by Critical Vulnerability: Storm-1175 Exploits to Deploy Medusa Ransomware Summary
- 08/10/2025
The threat actor group Storm-1175 has exploited a critical vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere MFT to distribute Medusa ransomware. Rated with the maximum severity score of CVSS 10.0, the flaw has been actively exploited as a zero-day since early September 2025, threatening hundreds of systems worldwide.
PlugX and Bookworm Re-emerge in a New APT Campaign Targeting ASEAN Telecom Infrastructure
- 01/10/2025
In recent months, the cybersecurity community has observed a sophisticated and persistent APT campaign aimed at telecom infrastructure and several manufacturing sectors across Central Asia, South Asia, and the ASEAN region. This operation stands out due to the appearance of a new PlugX variant running alongside Bookworm, with multiple technical overlaps linked to China-based APT clusters — highlighting both coordination and technical investment from the threat actors.
Warning: Banking Trojan Attacks Target Android Users in Vietnam
- 24/09/2025
A new banking trojan campaign targets Android users in Vietnam and Indonesia, using fake apps to steal financial data and bypass security.
.png)
.png)
What is data protection officer/ DPO?
- 18/06/2020
DPO is an official and officially designated position. Data protection officer has a central advisory and oversight role in a company or organization. DPO's duties include:
Chinese stocks plummet as Huawei CFO arrest raises trade fears
- 12/12/2018
A string of Chinese stocks fell hard on Thursday after the arrest of Huawei’s chief financial officer Meng Wanzhou in Vancouver deepened concerns over U.S.-China trade tensions.
Building in Facebook’s Menlo Park campus evacuated after bomb threat
- 12/12/2018
Update 2: Everyone has been cleared to return to the buildings. Facebook spokesperson Genevieve Grdina issued this statement: “Late this afternoon, we received a bomb threat and took swift action to evacuate several buildings at our Menlo Park campus. We take the safety and security of our people at Facebook extremely seriously and are glad that everyone is safe. We are working closely with local authorities to investigate this threat and further monitor the situation.”
Multilingual Indian video app Roposo raises $10M from Tiger Global and Bertelsmann
- 12/12/2018
India has 22 official languages, which often presents a challenge for businesses that want to scale across the entire country. Video-sharing app Roposo, however, uses that to its advantage by offering content in several different regional languages. Based in Gurgaon, Roposo announced today that it has raised a $10 million Series C from returning investors Tiger Global and Bertelsmann, bring its total funding so far to $31 million. Roposo will use new funding for hiring, product development, and user acquisition.
.png)
.png)
.png)
.png)
.png)