Progress Software released a security bulletin for a critical MOVEit Transfer vulnerability, CVE-2024-5806, warning that a threat actor could exploit the flaw to take control of affected systems. CISA urged organizations to review Progress Software’s June 2024 alert and apply updates, while reporting indicated the bug was being attacked within hours of public disclosure, raising the risk of rapid compromise for internet-exposed file-transfer servers.
The new exploitation wave revived scrutiny of the earlier MOVEit crisis, when the Clop ransomware-linked extortion campaign compromised organizations across the private and public sectors. Reported victims and affected entities included technology and IT firms, state and federal agencies, schools tied to the Teachers Insurance and Annuity Association of America retirement fund, Norton LifeLock owner Gen Digital, Vancouver Transit Police, Missouri agencies, and Extreme Networks, underscoring how vulnerabilities in widely deployed managed file-transfer software can cascade into broad supply-chain and data-theft incidents.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
Progress Software released a security bulletin for a critical MOVEit Transfer vulnerability tracked as CVE-2024-5806, warning that successful exploitation could let an attacker take control of an affected system. CISA advised users and administrators to review the June 2024 bulletin and apply updates.
Dark Reading reported that a newly disclosed MOVEit vulnerability was being exploited within hours of public disclosure, indicating rapid attacker activity against the flaw. This reflects active exploitation associated with the June 2024 MOVEit issue.
TechCrunch reported that schools said the teachers' retirement fund TIAA had been targeted by MOVEit hackers. This added a major financial-services-related victim affecting education stakeholders to the list of disclosed impacts.
CRN reported that eight technology and IT companies were targeted in the MOVEit attacks, underscoring the breadth of the victim set in the sector. The report reflected continued expansion of known affected organizations.
The Record reported that Norton LifeLock owner Gen Digital and Vancouver Transit Police confirmed breaches connected to the MOVEit vulnerabilities and attacks. These disclosures added both private-sector and public-sector victims to the incident timeline.
GovTech reported that more U.S. state and federal agencies were affected by the MOVEit compromise, showing the incident's spread into government organizations. The update indicated a widening impact beyond initially disclosed victims.
Computer Weekly reported that Extreme Networks had emerged as a victim of the Clop-linked MOVEit attacks. This marked one of the early named corporate victims publicly tied to the campaign.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
cisa.gov
Open sourcedarkreading.com
Open sourcegoogle.com
Open sourcecomputerweekly.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.