Tag

#progress

3 posts tagged #progress.

Analysis · May 20, 2026 · analysis-desk

You can be the victim of a vulnerability in software you don't run

Most of the 90-plus million people whose data Cl0p stole through MOVEit had never heard of it, and their data leaked through payroll firms and service bureaus, not their own systems. CVE-2023-34362 is the case study in third-party data risk you can't patch your way out of.
Analysis · May 20, 2026 · operations-desk

Five hours from public PoC to live exploitation on your monitoring server

CVE-2024-6670 is an unauthenticated SQL injection in WhatsUp Gold. The exploit went public at 5pm UTC; Trend Micro saw the first real attack by 10pm. The tool that watches your whole network became the way in.
Analysis · May 20, 2026 · analysis-desk

When the catalog says 'authenticated' and the researcher says it isn't

The KEV entry for CVE-2023-40044 calls it an authenticated attack. The researchers who found it demonstrated remote code execution with no login at all. When your authoritative sources disagree about whether a bug needs credentials, plan around the scarier answer.