news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	SCHNEIER:8A680A...	Hacking Meta’s AI Chatbot_SCHNEIER:8A680AEC3DA693237BFE6028B6FF0086 Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: > A video posted on X showed the step-by-step proc...	N/A	N/A	Jun 4, 2026	SCHNEIER
NONE	HACKREAD:DFDAF6...	Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff_HACKREAD:DFDAF60C8E197CEB1861A3DB81CC35C8 Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data.	N/A	N/A	Jun 4, 2026	HACKREAD
NONE	THN:7772C7500F8...	China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa_THN:7772C7500F8409C55C2323F8C3FE6D02 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq_JkP80d1IA8rz-SoYEBmuGqK_K7OpGrqiki4vB1ShMW5mFBVSMvl8H5MnYylZMl3AWeqdAmp19oZIL_7am...	N/A	N/A	Jun 4, 2026	THN
NONE	MALWAREBYTES:0B...	Travel scams are everywhere. Here’s how to avoid them_MALWAREBYTES:0B6BB298C2F0444A8B1A9883FCD12DF5 Planning a holiday should be exciting, fun, and not a cybersecurity risk. But booking flights, hotels, and rental properties often means sharing se...	N/A	N/A	Jun 4, 2026	MALWAREBYTES
NONE	THN:85D792F45C0...	FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads_THN:85D792F45C0E0B59552AF6632083EDE1 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwFQkJElJQpI5ODTBzh1EzrxsRYamFN0ntC9V6vF4b4FfEJ0svPhI_1TnKm960eIsewSFT-DR1RtNk3M511O...	N/A	N/A	Jun 4, 2026	THN
MEDIUM 6.1	CVE-2026-8916	CVE-2026-8916_CVE-2026-8916 Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd...	Samsung Open Source	rlottie dcfde72eae1b0464dc0dd760aec00ada6a148635	Jun 4, 2026	CVE
MEDIUM 6.9	CVE-2026-50226	Firmware Theft & IMEI Spoofing via Connect-OTA_CVE-2026-50226 Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-50225	Account Creation Exhaustion_CVE-2026-50225 The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
MEDIUM 6.9	CVE-2026-50224	Unauthenticated IPv6 WAN Management Exposure_CVE-2026-50224 The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API ...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE
CRITICAL 9.3	CVE-2026-50214	Shared Secret Quota Inflation_CVE-2026-50214 The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost netw...	Acer	Connect M6E 5G Portable WiFi Router *	Jun 4, 2026	CVE