The attackers use social engineering tactics to get users to run a PowerShell script, compromising their systems. The scam starts with an email containing an HTML file that tricks the recipient into clicking on a button to fix a fake DNS issue.

The vulnerability, tracked as CVE-2024-6327, allows attackers to execute code on unpatched servers through deserialization of untrusted data. The issue affects Report Server 2024 Q2 (10.1.24.514) and earlier versions.

Two Russian nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in a federal court in Newark for their roles in the LockBit ransomware operation.

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a directive to federal agencies to fix a critical vulnerability in GeoServer, a popular open-source server, that is actively being exploited.

To ensure victims cannot recover encrypted files easily, the ransomware deletes the Volume Shadow Copy Service (VSS) and makes adjustments to the boot configuration to prevent errors upon restart.

Palo Alto Networks has released security updates to address five vulnerabilities in its products, including a critical flaw in the Expedition tool that could enable admin account takeover.

The PHP vulnerability, tracked as CVE-2024-4577, with a CVSS score of 9.8, allows attackers to execute commands on Windows systems using Chinese and Japanese language settings.

The most severe flaw is an improper authorization issue (CVE-2024-6235) with a CVSS score of 9.4, allowing attackers to access sensitive information through the NetScaler Console IP.

VMware has fixed a high-severity SQL-Injection vulnerability, known as CVE-2024-22280, in its Aria Automation platform. This flaw could allow authenticated users to execute unauthorized database operations through specially crafted SQL queries.

The vulnerabilities added include CVE-2024-23692 affecting Rejetto HTTP File Server, CVE-2024-38080 impacting Windows Hyper-V, and CVE-2024-38112 targeting Windows MSHTML Platform.