Attackers lodge backdoors into Ivanti Connect Secure devices

Shadowserver scans found 379 compromised Ivanti Connect Secure devices. Researchers said the situation is serious and likely impacts more organizations.

By Matt Kapko • Jan. 24, 2025

Blue Yonder investigating Clop ransomware threat linked to exploited Cleo CVEs

The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.

By David Jones • Jan. 17, 2025

CISA pins modest security gains to performance goals program

The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

By Matt Kapko • Jan. 14, 2025

CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

By David Jones • Jan. 14, 2025

Ivanti zero-day has researchers scrambling

Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.

By Matt Kapko • Jan. 13, 2025

Ivanti customers confront new zero-day with suspected nation-state nexus

The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.

By Matt Kapko • Jan. 9, 2025

CISA says hack targeting Treasury Department did not impact other federal agencies

BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.

By David Jones • Jan. 7, 2025

Censys researchers warn 8,600 BeyondTrust instances still exposed

As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.

By David Jones • Jan. 3, 2025

Researchers warn of active exploitation of critical Apache Struts 2 flaw

Exploitation activity was observed about a week after the CVE was disclosed. 

By David Jones • Dec. 20, 2024

BeyondTrust customers hit by wave of attacks linked to compromised API key

The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.

By Matt Kapko • Dec. 20, 2024

Mandiant traces Cleo file-transfer exploits back to October

The threat intelligence firm observed deployment of backdoors, but has not seen mass data theft thus far.

By David Jones • Updated Dec. 19, 2024

Pennsylvania representative pitches bill to double cyber assistance for local water systems

The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.

By David Jones • Dec. 17, 2024

Cleo releases CVE for actively exploited flaw in file-transfer software

Researchers confirmed a new zero-day vulnerability is separate from a flaw originally disclosed in October. A notorious ransomware group linked itself to the attacks.

By David Jones • Dec. 16, 2024

Security community raises concern as Cleo file-transfer CVE delayed

After the company urged users to patch a critical flaw, researchers are asking about the lack of a CVE and additional guidance.

By David Jones • Dec. 13, 2024

Cleo releases new patch as threat groups ramp up exploitation of critical CVE

Researchers warned that companies primarily in the trucking, food, retail and shipping industries were under attack.

By David Jones • Dec. 12, 2024

Critical flaw in Cleo file-transfer software is under mass exploitation

The company is working on a new patch and CVE as an existing patch for a previously disclosed vulnerability is not providing adequate protection.

By David Jones • Updated Dec. 11, 2024

CISA, German cyber authorities warn Zyxel firewalls facing active exploitation

Attackers have targeted dozens of companies with Helldown ransomware, researchers found.

By David Jones • Dec. 4, 2024

Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited

The security vendor maintains only a limited number of customers’ firewalls have been exploited by a zero-day it patched earlier this week.

By Matt Kapko • Nov. 22, 2024

Palo Alto Networks customers grapple with another actively exploited zero-day

The security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE entry and patch came 10 days later.

By Matt Kapko • Nov. 19, 2024

Federal probe finds vulnerabilities across more than 300 US water systems

The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.

By David Jones • Nov. 19, 2024

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

CISA warned of two critical and actively exploited vulnerabilities in Expedition one week after another CVE came under active exploitation in the same product.

By Matt Kapko • Nov. 15, 2024

Microsoft revamps how it will disclose vulnerabilities

The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs.

By David Jones • Nov. 15, 2024

Citrix Session Recording users warned of CVEs that allow hackers to gain control

Security researchers at watchTowr discovered the flaw and claim attackers can gain access without authentication, a finding which Citrix disputes.

By David Jones • Nov. 13, 2024

Zero-days from top security vendors were most exploited CVEs in 2023

The top five vulnerabilities exploited by attackers last year were found in security gear from Citrix, Cisco and Fortinet, the Five Eyes’ cyber agencies found.

By Matt Kapko • Nov. 13, 2024

Critical Veeam CVE targeted by new ransomware variant

Multiple ransomware variants are now targeting the CVE, which has a CVSS of 9.8. For customers, the risk of exploitation is only increasing.

By Matt Kapko • Nov. 12, 2024