FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard

Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.

By David Jones • Feb. 16, 2024

Ivanti Connect Secure threat activity continues as researchers flag additional flaws

The company revised a recent vulnerability disclosure after failing to credit security firm watchTowr.

By David Jones • Feb. 12, 2024

Attackers hit more networking gear, this time a critical Fortinet CVE

The active exploits of Fortinet appliances come during a heightened period of China state-linked malicious activity targeting networking equipment.

By Matt Kapko • Feb. 12, 2024

JetBrains warns of another critical CVE in on-premises TeamCity servers

The new vulnerability disclosure comes two months after authorities warned of other TeamCity exploitation activity linked to Midnight Blizzard.

By David Jones • Feb. 7, 2024

Ivanti VPNs face renewed threat activity after initial patch release and new CVEs

After weeks of mitigation efforts, CISA ordered federal civilian agencies to disconnect the devices.

By David Jones • Feb. 6, 2024

Schneider Electric restores sustainability operations after attack

The energy management company is still investigating the ransomware attack, which led to the theft of data.

By David Jones • Feb. 6, 2024

Delayed Ivanti patch arrives after weeks of exploitation

The company also disclosed two additional high-severity vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure.

By David Jones • Jan. 31, 2024

MOVEit liabilities mount for Progress Software

The company revealed multiple government investigations are underway into the MOVEit vulnerability. It’s also party to more than 100 class-action lawsuits.

By Matt Kapko • Jan. 30, 2024

AI-generated code leads to security issues for most businesses: report

More than three-quarters of developers bypass established protocols to use code completion tools despite potential risks, Snyk’s research found. 

By Lindsey Wilkinson • Jan. 30, 2024

Popular CI/CD tool Jenkins discloses critical CVE

The open source automation server software is used by more than 11 million developers globally, according to the project’s supporters.

By Matt Kapko • Jan. 29, 2024

Ivanti Connect Secure zero-day patches delayed

Researchers observed attackers attempting to manipulate Ivanti’s internal integrity checker, and the cause for the patch delay remains unclear.

By David Jones • Jan. 29, 2024

Nearly 800 GoAnywhere instances are unpatched, exposed to critical CVE

Although patching lags, the number of hosts with publicly exposed and vulnerable admin interfaces are limited.

By Matt Kapko • Jan. 26, 2024

GoAnywhere MFT customers confront yet another critical file-transfer CVE

File-transfer services, including GoAnywhere, were widely exploited by ransomware threat groups in 2023.

By Matt Kapko • Jan. 24, 2024

Atlassian Confluence Data Center under active exploitation in older versions

Security researchers warn that attacks are rapidly accelerating in recent days.

By David Jones • Jan. 23, 2024

CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities

Civilian agencies are under threat following a surge in nation-state linked exploitation of Ivanti Connect Secure and Ivanti Policy Secure devices.

By David Jones • Jan. 19, 2024

CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages

The federal agency’s early warning system notified organizations across multiple critical infrastructure sectors of potential impending attacks.

By Matt Kapko • Jan. 19, 2024

Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative

A suspected state-linked hacker is manipulating an integrity tool used to check systems as customers still await an initial patch.

By David Jones • Jan. 19, 2024

Citrix warns of limited exploitation in a pair of Netscaler zero days

The company said the vulnerabilities are unrelated to CitrixBleed, but urged customers to immediately apply fixes to protect their systems.

By David Jones • Jan. 18, 2024

Progress Software shakes off MOVEit’s financial consequences, maintains customers

Executives described the file-transfer service as one of its stronger performing products and said customers remain loyal.

By Matt Kapko • Jan. 18, 2024

Ivanti Connect Secure exploitation accelerates, 1,700 devices compromised worldwide

Researchers warn additional threat actors are actively working to take advantage of two chained together vulnerabilities.

By David Jones • Jan. 17, 2024

Progress Software’s MOVEit meltdown: uncovering the fallout

Businesses use the file-transfer service because it checks the compliance boxes for keeping data safe. Though initial attacks were targeted, thousands of bystanding businesses were hit indiscriminately.

By Matt Kapko , Julia Himmel • Jan. 16, 2024

Ivanti Connect Secure attacks part of deliberate espionage operation

Researchers warn the previously unknown actor has developed custom malware designed to maintain persistent access on targeted networks and evade detection.

By David Jones • Jan. 12, 2024

Ivanti Connect Secure devices face active exploitation, patch schedule staggered

Unauthenticated attackers can take control of systems by exploiting the zero days, which a suspected state-linked threat actor is chaining together. 

By David Jones • Jan. 11, 2024

Apache OFBiz critical CVE leads to surge in exploitation attempts

A patch for a prior vulnerability failed to resolve the root cause of an issue, leading to additional threat activity.

By David Jones • Jan. 5, 2024

CISA seeks comment on secure by design principles to boost global software security

The agency issued an RFI seeking industry input on costs, how to incorporate security into higher education and how to reduce recurring security vulnerabilities.

By David Jones • Dec. 21, 2023