Collecting Cyber-News from over 60 sources

Tag: moveIT

Boulevard of Broken Dreams: 2 Decades of Cyber Fails

May 18, 2026 11:00 PM

Tags: breach, business, cyber, moveIT, update

From the MGM and Caesars fiasco and MOVEit’s patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/broken-dreams-2-decades-cyber-fails
Boulevard of Broken Dreams: 2 Decades of Cyber Fails

May 18, 2026 11:00 PM

Tags: breach, business, cyber, moveIT, update

From the MGM and Caesars fiasco and MOVEit’s patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/broken-dreams-2-decades-cyber-fails
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
Authentication Bypass und Privilege Escalation – Angreifer können Authentifizierung von MOVEit komplett umgehen

May 15, 2026 8:00 AM

Tags: authentication, moveIT

First seen on security-insider.de Jump to article: www.security-insider.de/moveit-automation-schwachstellen-auth-bypass-privilege-escalation-a-eaf1ae019bc7017e12d2ffaa20c8de4b/
MOVEit automation flaws could enable full system compromise

May 5, 2026 12:49 AM

Tags: access, authentication, automation, cve, exploit, flaw, moveIT, software, unauthorized, vulnerability

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access…
NY Fines Delta Dental $2.25M Over 2023 MOVEit Hack

May 4, 2026 10:49 PM

Tags: cyber, exploit, moveIT, radius, software, vulnerability, zero-day

Investigators Find Violations of State Cyber Regulations. New York fined Delta Dental $2.25 million for the company’s response to the mass exploit of a zero-day vulnerability in Progress Software’ MOVEit file transfer application. Delta Dental is one of thousands of organizations caught up in the blast radius of an automated 2023 Memorial Day hack. First…
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

May 4, 2026 7:49 PM

Tags: authentication, automation, flaw, moveIT, software, update

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The First seen…
New MOVEit vulnerabilities prompt urgent patch warning

May 4, 2026 6:48 PM

Tags: moveIT, software, tool, update, vulnerability

Progress Software warned customers to immediately upgrade the file-transfer tool to fix the serious flaws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

May 4, 2026 5:48 PM

Tags: authentication, automation, exploit, moveIT, software, vulnerability

Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/critical-moveit-automation-auth-bypass-vulnerability-fixed-cve-2026-4670/
New MOVEit vulnerabilities prompt urgent vendor warning

May 4, 2026 5:48 PM

Tags: moveIT, software, tool, vulnerability

Progress Software warned customers to immediately upgrade to versions of the file-transfer tool that fix the serious flaws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/
Progress warns of critical MOVEit Automation auth bypass flaw

May 4, 2026 2:49 PM

Tags: authentication, automation, flaw, moveIT, software, update, vulnerability

Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/moveit-automation-customers-warned-to-patch-critical-auth-bypass-flaw/
MOVEit Authentication Bypass Vulnerability Sparks Security Concerns

May 4, 2026 9:48 AM

Tags: access, authentication, automation, cyber, data, flaw, moveIT, software, unauthorized, vulnerability

Progress Software has issued a critical security alert for its MOVEit Automation software. Two severe vulnerabilities have been discovered that could allow attackers to bypass authentication and escalate their privileges. Because of the critical nature of these flaws, administrators are urged to apply the latest security patches immediately to prevent unauthorized access and data exposure.…
Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Apr 22, 2026 2:39 PM

Tags: firewall, flaw, moveIT, software, vulnerability, waf

Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/progress-waf-bypass-cve-2026-21876/
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI

Apr 10, 2026 4:53 PM

Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-day

See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI

Apr 10, 2026 4:53 PM

Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-day

See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…
Rogues gallery: 15 worst ransomware groups active today

Mar 9, 2026 10:47 AM

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, data-breach, defense, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, insurance, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vpn, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
Why outsourced cyber defenses create systemic risks

Dec 23, 2025 3:19 PM

Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trust

Risk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…
moveIT a series of breaches, all enabled by APIs FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, attack, authentication, breach, cloud, cve, data, endpoint, flaw, germany, identity, injection, malicious, moveIT, remote-code-execution, software, sql, vulnerability

Nov 11, 2025 – Jeremy Snyder – In mid-2023, a software vulnerability was discovered in a file transfer application known as moveIT. Because of the application’s popularity, numerous companies and organizations have found themselves vulnerable to the breach. This blog post will attempt to explain the vulnerability, map out the kill chain (also sometimes called…
moveIT a series of breaches, all enabled by APIs FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, attack, authentication, breach, cloud, cve, data, endpoint, flaw, germany, identity, injection, malicious, moveIT, remote-code-execution, software, sql, vulnerability

Nov 11, 2025 – Jeremy Snyder – In mid-2023, a software vulnerability was discovered in a file transfer application known as moveIT. Because of the application’s popularity, numerous companies and organizations have found themselves vulnerable to the breach. This blog post will attempt to explain the vulnerability, map out the kill chain (also sometimes called…
Progress Fixes High-Severity MOVEit Transfer Vulnerability

Nov 3, 2025 10:19 AM

Tags: flaw, moveIT, service, vulnerability

Progress patches a MOVEit Transfer flaw letting attackers exhaust resources and cause denial-of-service without authentication. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/moveit-vulnerability-transfer-resource/
Progress Fixes High-Severity MOVEit Transfer Vulnerability

Nov 3, 2025 10:19 AM

Tags: flaw, moveIT, service, vulnerability

Progress patches a MOVEit Transfer flaw letting attackers exhaust resources and cause denial-of-service without authentication. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/moveit-vulnerability-transfer-resource/
Progress Releases Patch for MOVEit Transfer Resource Consumption Flaw

Oct 31, 2025 10:19 AM

Tags: cve, cyber, flaw, moveIT, software, update, vulnerability

Progress Software has released security patches to address a high-severity vulnerability in its MOVEit Transfer platform discovered on October 29, 2025. The flaw, tracked asCVE-2025-10932, affects the AS2 module and allows attackers to consume system resources without proper restrictions. Attribute Details CVE ID CVE-2025-10932 Vulnerability Type Uncontrolled Resource Consumption (CWE-400) Affected Component Progress MOVEit Transfer…
Gladinet file sharing zero-day brings patched flaw back from the dead

Oct 13, 2025 9:23 PM

Tags: attack, cloud, control, cve, data, exploit, extortion, flaw, moveIT, risk, soc, software, tactics, update, vulnerability, windows, zero-day

What to do: All versions of CentreStack and Triofox file sharing servers up to and including 16.7.10368.56560 are vulnerable to CVE-2025-11371.The bad news is that Gladinet has yet to issue a patch for this, which means that for the time being the best customers can do is to apply the recommended mitigation.Luckily, according to Huntress,…
Cl0p-linked threat actors target Oracle E-Business Suite in extortion campaign

Oct 3, 2025 5:41 AM

Tags: access, attack, breach, business, communications, corporate, data, email, exploit, extortion, group, hacker, Internet, login, mfa, monitoring, moveIT, network, oracle, passkey, password, ransomware, tactics, threat, vulnerability, zero-day, zero-trust

Execs: Don’t ‘engage rashly’: There are no common vulnerabilities and exposures (CVEs) for this attack; the issue “stems from configuration and default business logic abuse rather than a specific vulnerability,” according to Halcyon.The firm advises organizations to check if EBS portals are publicly accessible (via /OA_HTML/AppsLocalLogin.jsp#) and if so, immediately restrict exposure. It is also…
Nuance Agrees to Pay $8.5M to Settle MOVEit Hack Litigation

Aug 21, 2025 10:54 PM

Tags: communications, data, exploit, flaw, hacker, healthcare, microsoft, moveIT, software, zero-day

Settlement Is Latest Among Scores of Other MOVEit Lawsuits Still Pending. Nuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software’s MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance’s healthcare clients.…
Microsoft’s Nuance coughs up $8.5M to rid itself of MOVEit breach suit

Aug 18, 2025 6:54 PM

Tags: breach, microsoft, moveIT, supply-chain

Supply chain breach has been a major target of legal action First seen on theregister.com Jump to article: www.theregister.com/2025/08/18/nuance_lawsuit/
Microsoft’s Nuance coughs up $8.5M to rid itself of MOVEit breach suit

Aug 18, 2025 6:54 PM

Tags: breach, microsoft, moveIT, supply-chain

Supply chain breach has been a major target of legal action First seen on theregister.com Jump to article: www.theregister.com/2025/08/18/nuance_lawsuit/
Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks

Jul 2, 2025 12:34 PM

Tags: attack, cybercrime, data, moveIT, rce, remote-code-execution, tool, vulnerability

Experts say they don’t expect the MOVEit menace to do much about it First seen on theregister.com Jump to article: www.theregister.com/2025/07/02/cl0p_rce_vulnerability/
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Jun 27, 2025 10:36 AM

Tags: cve, data, exploit, flaw, government, intelligence, moveIT, threat

Threat intelligence firm GreyNoise is warning of a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025″, suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive…