Vulnerabilities
- Check Point releases emergency fix for VPN zero-day exploited in attacks
- Foxit PDF Reader and Editor Flaw Let Attackers Escalate Privilege
- PoC Exploit Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
- GitLab XSS Vulnerability Could Allow Account Takeover
- Multiple Vulnerabilities Found In Cacti Network Monitoring Tool
- Hackers Exploit WordPress Plugin to Steal Credit Card Data
- DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn
- PoC Exploit Released For macOS Privilege Escalation Vulnerability
- Zscaler Client Connector Zero-interaction Privilege Escalation Vulnerability
- TP-Link fixes critical RCE bug in popular C5400X gaming router
- GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials
- Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks
- Hackers Advertising Pulse Connect Secure VPN RCE 0-Day
- More on Ivanti Connect Secure: Ivanti Zero-day Vulnerabilities: CVE-2023-46805 & CVE-2024-21887 | Rapid7 Blog
- LangChain JS Framework Vulnerability Let Hackers Read Arbitrary File on Servers
- Google Patched Another Chrome Zero-Day Under Active Attack
- Hackers Backdoored Courtroom Video Recording Software With System Hijacking Malware
TTP
- Hackers Using Greatness PaaS tool to Steal Microsoft 365 Login Credentials
- Hackers phish finance orgs using trojanized Minesweeper clone
- Beware of Fake Antivirus Websites Delivering Windows & Android Malware
Breaches
- Hackers Claim Ticketmaster Data Breach: 560M User Details and Payment Card Exposed
- Google won’t comment on a potentially massive search leak
Noteworthy
- OPNsense Roadmap - Planned enhancements and innovations
- https://ghostbsd.org/news/GhostBSD_24.04.1_Is_Now_Available
Miscellaneous
- PayPal is building an ad network based on your Venmo data
- YouTube rolls out its new Playables games to all users
- Ad blocker users say YouTube videos are now skipping to the end
- WhatsApp Chats Vulnerable To Government Monitoring – Report
- NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers
- Ransomhub Attacking Industrial Control Systems To Encrypt And Exfiltrate Data
Stream Link
https://youtube.com/live/wVhDnG7eAYw?list=PLSJyoFloAkDo93fi_o0WJD9-gJzfpWizG