China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches - https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/

Critical Privilege Escalation in LiteSpeed Cache Plugin Affecting 5+ Million Sites - https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites

Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987) - https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987

Stable Channel Update for Desktop, Wednesday, August 21, 2024 - https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html 

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure - https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/ 

Enterprise Server 3.13.3 - https://docs.github.com/en/[email protected]/admin/release-notes 

PG_MEM: A Malware Hidden in the Postgres Processes - https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/ 

Be careful what you pwish for – Phishing in PWA applications - https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/ 

New Backdoor Targeting Taiwan Employs Stealthy Communications - https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns 

GreenCharlie Infrastructure Targeting US Political Entities with Advanced Phishing and Malware - https://www.recordedfuture.com/research/greencharlie-infrastructure-linked-us-political-campaign-targeting 

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions - https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/

CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks - https://thehackernews.com/2024/08/cisa-warns-of-critical-jenkins.html 

Experts warn of exploit attempt for Ivanti vTM bug - https://securityaffairs.com/167250/hacking/exploit-attempt-ivanti-vtm-bug.html 

BlindEagle flying high in Latin America - https://securelist.com/blindeagle-apt/113414/ 

Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset - https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering 

Windows driver zero-day exploited by Lazarus hackers to install rootkit - https://www.bleepingcomputer.com/news/microsoft/windows-driver-zero-day-exploited-by-lazarus-hackers-to-install-rootkit/ 

"WireServing" Up Credentials: Escalating Privileges in Azure Kubernetes Services - https://cloud.google.com/blog/topics/threat-intelligence/escalating-privileges-azure-kubernetes-services/ 

Disrupting a covert Iranian influence operation - https://openai.com/index/disrupting-a-covert-iranian-influence-operation/ 

Iran steps into US election 2024 with cyber-enabled influence operations - https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdf  

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove - https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/ 

Ailurophile: New Infostealer sighted in the wild - https://www.gdatasoftware.com/blog/2024/08/38005-ailurophile-infostealer 

CISA warns critical SolarWinds RCE bug is exploited in attacks - https://www.bleepingcomputer.com/news/security/cisa-warns-critical-solarwinds-rce-bug-is-exploited-in-attacks/

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments - https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/ 

Ransomware attackers introduce new EDR killer to their arsenal - https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/ 

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers - https://www.fortinet.com/blog/threat-research/valleyrat-campaign-targeting-chinese-speakers 

Tusk: unraveling a complex infostealer campaign - https://securelist.com/tusk-infostealers-campaign/113367/ 

FIN7: The Truth Doesn't Need to be so STARK - https://www.team-cymru.com/post/fin7-the-truth-doesn-t-need-to-be-so-stark 

WHD 12.8.3 Hotfix 1 - https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign - https://cyble.com/blog/analysing-the-utg-q-010-campaign/ 

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia - https://securelist.com/eastwind-apt-campaign/113345/ 

PrestaShop GTAG Websocket Skimmer - https://blog.sucuri.net/2024/08/prestashop-gtag-websocket-skimmer.html 

Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited - https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ 

SAP Security Patch Day – August 2024 - https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html 

Security Advisory: Ivanti Virtual Traffic Manager (vTM ) (CVE-2024-7593) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US 

Compromising Microsoft's AI Healthcare Chatbot Service - https://www.tenable.com/blog/compromising-microsofts-ai-healthcare-chatbot-service 

Deciphering the Brain Cipher Ransomware - https://www.group-ib.com/blog/brain-cipher-ransomware/

CISA Releases Ten Industrial Control Systems Advisories - https://www.cisa.gov/news-events/alerts/2024/08/13/cisa-releases-ten-industrial-control-systems-advisories 

The Hidden Door: How CVE-2024-23897 Enabled Ransomware Attack on Indian Banks - https://blogs.juniper.net/en-us/threat-research/cve-2024-23897-enabled-ransomware-attack-on-indian-banks 

Technical Analysis: CVE-2024-30103 - https://blog.morphisec.com/cve-2024-30103-technical-analysis 

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability - https://thehackernews.com/2024/08/freebsd-releases-urgent-patch-for-high.html 

FBI disrupts the Dispossessor ransomware operation, seizes servers - https://www.bleepingcomputer.com/news/security/fbi-disrupts-the-dispossessor-ransomware-operation-seizes-servers/ 

Ligação a cobrar: como criminosos estão atacando atendentes de call centers usando engenharia social - https://sidechannel.blog/ligacao-a-cobrar-como-criminosos-estao-atacando-atendentes-de-call-centers/ 

QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share - https://www.safebreach.com/blog/rce-attack-chain-on-quick-share 

Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share - https://thehackernews.com/2024/08/researchers-uncover-10-flaws-in-googles.html 

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE - https://www.microsoft.com/en-us/security/blog/2024/08/08/chained-for-attack-openvpn-vulnerabilities-discovered-leading-to-rce-and-lpe/ 

DEF CON Official Talk | AMD Sinkclose: Universal Ring-2 Privilege Escalation | Las Vegas, NV - https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/ 

Guest Memory Vulnerabilities - https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html