Security News > 2023 > June > MOVEit Transfer zero-day attacks: The latest info
There's new information about the zero-day vulnerability in Progress Software's MOVEit Transfer solution exploited by attackers and - more importantly - patches and helpful instructions for customers.
The MOVEit Transfer zero-day and updated mitigation and remediation advice.
Progress Software has updated the security advisory and confirmed that the vulnerability is a SQL injection vulnerability in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database.
All MOVEit Transfer versions are affected by the flaw.
Disabling all HTTP and HTTPs traffic to the MOVEit Transfer environment.
Enabling all HTTP and HTTPs traffic to the MOVEit Transfer environment.
News URL
https://www.helpnetsecurity.com/2023/06/02/moveit-transfer-zero-day-attacks/
Related news
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)