CheckPoint researchers disclose details of easy-to-exploit flaw in popular Zoom video conferencing software. The flaw resides in Zoom’s customizable URL feature dubbed Vanity URL, aiming to let companies create a custom URL on its subdomain and branded landing page. A user receiving this invitation link may fall under the attacker’s trap, thinking that the invitation was genuine and issued from a real organization. Attack via direct links: A hacker can change the invitation URL, such as https://zoom.us/j/##########, to include a registered sub-domain of their choice.
Source: https://thehackernews.com/2020/07/zoom-vanity-url-vulnerability.html