Write-up of CVE-2021-30481 Source engine remote code execution via game invites https://secret.club/2021/04/20/source-engine-rce-invite.html

Pulse Connect Secure remote code execution through authentication bypass. CVSS V3.1 risk score is 10/10. The vulnerability has been exploited in the wild by the threat actor UNC2630. According to Fireeye UNC2630 may have ties with APT5 and the Chinese government. https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html

Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316) https://shenaniganslabs.io/2021/04/13/Airstrike.html

Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/

Valve Steam remote code execution. This vulnerability works for all Source Engine games. Exploitation video:

POC and analysis of Windows IPv6 Fragmentation Vulnerability (CVE-2021-24086): https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html Another POC is here: https://github.com/0vercl0k/CVE-2021-24086

Exploit of CVE-2020-16040 Google Chrome <= 87.0.4280.88 vulnerability https://github.com/r4j0x00/exploits/tree/master/CVE-2020-16040

CVE-2019-8761 is an interesting macOS bug that lets attackers execute HTML within a TXT file, leak files, and do all sorts of other funky things https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html

Zoom Unintended Screen Sharing Vulnerability POC:

This looks like a false positive, because: * obtaining the MS AJAX framework script is not a security vulnerability - it is a publicly available script that can also be served from the standard webresource handler * the presence of code that contains the `true` keyword (which is a reserved word in JavaScript as well) does not prove a command was executed on the server * the Telerik WebResource handler is supposed to combine scripts based on server settings and the fact that requesting the handler returns Telerik code is not a vulnerability by itself - this is also code that is publicly avaialble (for example, from the Telerik CDN) and it is a JavaScript code that is not generated based on