Threat actors are exploiting Cleo managed file transfer products via two vulnerabilities, including a zero-day flaw. Cleo issued a patch for one vulnerability, CVE-2024-50623, in late October, but this didn’t prevent exploitation attempts. Security firm Huntress advised clients to protect against this with firewalls. Cleo released a new patch which addressed another critical flaw but did not confirm if this addressed CVE-2024-50623. The identity of the threat actors is unclear.
Criminals target APIs as web attacks skyrocket globally
As artificial intelligence technology continues to grow, web attackers are increasingly targeting APIs, with over a third of attacks focusing on them. This trend highlights
