Tag

#medusa

2 posts tagged #medusa.

Analysis · May 10, 2026 · The Commentary Desk

SimpleHelp CVE-2024-57727: a seven-day patch and a sixteen-month leak

SimpleHelp shipped a fix in seven days from full disclosure. Then they posted it to a forum. Ransomware affiliates have been pulling hashed admin credentials out of unpatched servers ever since.
Analysis · May 5, 2026 · The Field Notes Desk

PaperCut's other bug just became a ransomware vector again

CVE-2023-27351, the auth bypass that lived in CVE-2023-27350's shadow, is back. Storm-1175 is deploying Medusa ransomware through it with sub-24-hour exploitation tempo. CISA added it to KEV in April 2026. If you patched the RCE in 2023 and moved on, check whether the auth bypass actually closed.