https://www.tenable.com/blog/microsofts-feb-2024-patch-tuesday-cve-2024-21351-cve-2024-21412

https://www.tenable.com/blog/cve-2024-21762-critical-fortinet-fortios-out-of-bound-write-ssl-vpn-vulnerability

https://www.tenable.com/blog/frequently-asked-questions-on-security-incident-at-anydesk

https://www.tenable.com/blog/cve-2023-46805-cve-2024-21887-cve-2024-21888-and-cve-2024-21893-frequently-asked-questions

https://www.tenable.com/blog/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-vulnerability

https://www.tenable.com/blog/cve-2023-22527-atlassian-confluence-data-center-and-server-template-injection-exploited-in-the

https://www.tenable.com/blog/oracle-january-2024-critical-patch-update-addresses-191-cves

https://www.tenable.com/blog/cve-2023-6548-cve-2023-6549-zero-day-vulnerabilities-netscaler-adc-gateway-exploited

https://www.tenable.com/blog/cve-2023-46805-cve-2024-21887-zero-day-vulnerabilities-exploited-in-ivanti-connect-secure-and

https://www.tenable.com/blog/microsofts-january-2024-patch-tuesday-addresses-48-cves-cve-2024-20674

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” […]

https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/

Mobile transactions could’ve been disabled, created and signed by attackers.

https://threatpost.com/xiaomi-phones-found-vulnerable-to-payment-forgery/180416/

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

https://threatpost.com/black-hat-and-def-con-roundup/180409/

The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.

https://threatpost.com/zeppelin-ransomware-resurfaces/180405/

August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.

https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.

https://threatpost.com/open-redirect-flaw-snags-amex-snapchat-user-data/180354/