On September 25, 2024, Automattic, the company behind WordPress, blocked WP Engine's access to key WordPress resources, affecting numerous users who depend on WP Engine’s platform for website hosting and management. The incident stems from a policy dispute between the two companies, which could result in disruptions for WP Engine customers, particularly those relying on essential updates and resources directly from WordPress.org.‍

A severe zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls is being actively exploited. This critical command injection vulnerability exists within the GlobalProtect Gateway feature and requires a specific configuration for successful exploitation. If exploited, unauthenticated attackers could execute arbitrary code with root privileges, granting them complete control over affected firewalls.

A critical vulnerability (CVE-2024-3094) has been identified in XZ Utils versions 5.6.0 and 5.6.1. This data compression utility is widely used in many operating systems, primarily Linux distributions. The vulnerability introduces a backdoor, potentially granting malicious actors full remote control of affected systems. Immediate action is required. XZ Utils is a command-line tool on Unix-like operating systems for file compression and decompression. It also includes a library (liblzma) that other software can use. The backdoor was discovered by a PostgreSQL developer at Microsoft. As of March 30, 2024, there's no evidence of active exploitation, but the situation is evolving.