Adobe patched 35 security vulnerabilities across a range of its products, including Acrobat, Reader, Illustrator, Substance 3D Painter, Aero, Animate, FrameMaker, and Dreamweaver.

VMware addressed four vulnerabilities, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 hacking contest, in its Workstation and Fusion desktop hypervisors.

Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY, a third-party component, for SSH connections to guest VMs. However, PuTTY inclusion was deprecated with XenCenter version 8.2.6, and any versions after 8.2.7 will not include PuTTY.

The attackers exploited two zero-day vulnerabilities in Ivanti Connect Secure to gain initial access to MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE) in late December 2023.

The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him.

The nation-state actor APT28 exploited the zero-day flaw CVE-2023-23397 in attacks against European entities since April 2022. The Russia-linked APT also targeted NATO entities and Ukrainian government agencies.

Law enforcement authorities seized the Lockbit group's Tor website again and they plan to reveal the identities of the LockBitSupps and other gang members on May 7, 2024.

Trend Micro researchers revealed that the botnet, primarily operating through compromised Ubiquiti EdgeRouters, is used for various malicious activities such as credential harvesting, proxying network traffic, and hosting phishing landing pages.

This flaw allows for an account takeover via Password Reset, enabling attackers to hijack accounts without any interaction. The affected versions range from 16.1 to 16.7, with GitLab releasing patches for versions 16.1.6 to 16.7.2.

The FCC has fined four major U.S. wireless carriers - AT&T, Sprint, T-Mobile, and Verizon - a total of nearly $200 million for unlawfully selling access to their customers' real-time location data without consent.