Summary: An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting 7M+ WP sites and how easily these XSS vulnerabilities can be exploited. We also talk about the SQL Injection vulnerabilities in Tutor LMS. The fire at OVH in France that took 3.5 million sites offline also took down some advanced persistent threat (APT) actors. And there's yet another Chrome use-after-free zero-day vulnerability being actively exploited.
