CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway
https://security.paloaltonetworks.com/CVE-2024-3400
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks
https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-pan-os-firewall-zero-day-used-in-attacks/
Kaspersky analysis of the backdoor in XZ | Securelist
https://securelist.com/xz-backdoor-story-part-1/112354/
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
https://unit42.paloaltonetworks.com/cve-2024-3400/
DLL code for testing CVE-2024-21378 in MS Outlook · GitHub
https://gist.github.com/Homer28/7f3559ff993e2598d0ceefbaece1f97f
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) | Volexity
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
Fixed python zipapp extension on windows in IsExecutableName by el-garro · Pull Request #27737 · telegramdesktop/tdesktop · GitHub
https://github.com/telegramdesktop/tdesktop/pull/27737/commits/effad980f712cd1a4e8cee4fca42193fe5a612de
Roku warns 576,000 accounts hacked in new credential stuffing attacks
https://www.bleepingcomputer.com/news/security/roku-warns-576-000-accounts-hacked-in-new-credential-stuffing-attacks/
Exploring Hell's Gate - RedOps - English
https://redops.at/en/blog/exploring-hells-gate
Rust-for-Malware-Development/api_hooking.rs at main · Whitecat18/Rust-for-Malware-Development · GitHub
https://github.com/Whitecat18/Rust-for-Malware-Development/blob/main/api_hooking.rs
eSentire | The Return of the Bat: FakeBat’s Payk RunPE Arsenal
https://www.esentire.com/blog/the-return-of-the-bat-fakebats-payk-runpe-arsenal
https://www.reddit.com/r/iphone/s/EaDRJwGO1u
https://www.reddit.com/r/iphone/s/EaDRJwGO1u
Digging into Linux namespaces - part 2
https://blog.quarkslab.com/digging-into-linux-namespaces-part-2.html
TA547 targets German organizations with Rhadamanthys malware
https://securityaffairs.com/161747/cyber-crime/ta547-targeting-german-orgs.html
LastPass: Hackers targeted employee in failed deepfake CEO call
https://www.bleepingcomputer.com/news/security/lastpass-hackers-targeted-employee-in-failed-deepfake-ceo-call/
Metasploit Meterpreter Installed via Redis Server - ASEC BLOG
https://asec.ahnlab.com/en/64034/
LastPass employee targeted via audio deepfake call
https://securityaffairs.com/161760/cyber-crime/lastpass-employee-targeted-deepfake.html
Step by Step Complete Beginners guide of iOS penetration testing with corellium | by Sandeep Vishwakarma | Apr, 2024 | InfoSec Write-ups
https://infosecwriteups.com/step-by-step-complete-beginners-guide-of-ios-penetration-testing-with-corellium-2b9e9c6382c2?source=rss----7b722bfd1b8d---4
TEDxUKY 2024 - YouTube
https://www.youtube.com/live/25xOclDOV_U?feature=shared&t=10388
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html
Palo Alto Networks Warns of Exploited Firewall Vulnerability - SecurityWeek
https://www.securityweek.com/palo-alto-networks-warns-of-exploited-firewall-vulnerability/
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
https://thehackernews.com/2024/04/popular-rust-crate-liblzma-sys.html
Ex-Amazon engineer gets 3 years for hacking crypto exchanges
https://www.bleepingcomputer.com/news/security/ex-amazon-engineer-gets-3-years-for-hacking-crypto-exchanges/
US-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race - SecurityWeek
https://www.securityweek.com/us-china-competition-to-field-military-drone-swarms-could-fuel-global-arms-race/
U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks
https://thehackernews.com/2024/04/us-federal-agencies-ordered-to-hunt-for.html
Digging into Linux namespaces - part 1
https://blog.quarkslab.com/digging-into-linux-namespaces-part-1.html
Netlas: Comprehensive Internet-Wide Scanning & OSINT Platform
http://Netlas.io
Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html
How I got RCE in one of Bugcrowd's Public Programs | by Yousef Mohamed | Medium
https://medium.com/@yousefmoh15/how-i-got-rce-in-one-of-bugcrowds-public-programs-5725c8dc46ce
FBI warns of massive wave of road toll SMS phishing attacks
https://www.bleepingcomputer.com/news/security/fbi-warns-of-massive-wave-of-road-toll-sms-phishing-attacks/
LastPass Employee Targeted With Deepfake Calls - SecurityWeek
https://www.securityweek.com/lastpass-employee-targeted-with-deepfake-calls/
Darknet Resources You Need to Use When Doing CTI | Medium
https://medium.com/@DarkWebInformer/darknet-resources-you-need-to-use-when-doing-cyber-threat-intelligence-part-1-of-many-9a6c28792d97
GitHub - jsecurity101/MSFT_DriverBlockList: Repository of Microsoft Driver Block Lists based off of OS-builds
https://github.com/jsecurity101/MSFT_DriverBlockList