{"vulnerability": "cve-2023-34362", "sightings": [{"uuid": "79095668-42a8-4744-ac66-95fb3ea29f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "", "content": "", "creation_timestamp": "2024-11-12T17:16:10.248312Z"}, {"uuid": "11d3b1be-9e25-4385-b4f3-cafc9c38e973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/4a0ea337-6c2a-4806-ba26-4521609b1d06", "content": "", "creation_timestamp": "2023-06-03T20:36:45.000000Z"}, {"uuid": "0d76c814-6f60-4de0-b0bc-1d13e94b4df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/83b91887-974a-4613-bbf4-369408cdec6c", "content": "", "creation_timestamp": "2023-06-08T10:26:07.000000Z"}, {"uuid": "cc194cbf-2a32-473b-bff0-0a3bf5e5132e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/6e8ebc4b-bfda-4aac-a2ef-aea3d93b6e10", "content": "", "creation_timestamp": "2023-06-08T10:12:22.000000Z"}, {"uuid": "294a0b33-a875-48be-ab12-1fdb0c7840e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/a4be5c40-0c15-41f2-bd51-1d2bef324865", "content": "", "creation_timestamp": "2023-09-01T12:03:02.000000Z"}, {"uuid": "38bcdc3b-cee6-4fd7-9952-6c0cd368bb91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "1fd4ae39-a016-43d3-afce-c4b88ed3f4ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/6cab6c72-3fc4-4b18-9265-bca2fcf97d70", "content": "", "creation_timestamp": "2023-06-21T12:43:00.000000Z"}, {"uuid": "a9b5349d-5b84-4fa3-87d8-8112e30ad236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971826", "content": "", "creation_timestamp": "2024-12-24T20:34:33.629782Z"}, {"uuid": "47e4c2d9-c139-4e72-aed9-fc3d6bebc718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "ed6cac47-c6a5-4ba9-94f3-775da3413559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:54.000000Z"}, {"uuid": "446c7179-15f5-4cab-b216-78ed6af9a91a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:43.000000Z"}, {"uuid": "2fe3a40e-3d49-4906-95ed-d36bd3338a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://www.hackthebox.com/blog/cve-2023-34362-explained", "content": "", "creation_timestamp": "2025-07-01T09:05:47.603638Z"}, {"uuid": "7d21c224-7ec1-4be5-a4e2-b3185c36efb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114779273882394881", "content": "", "creation_timestamp": "2025-07-01T17:58:49.642238Z"}, {"uuid": "34dce9f0-9bf2-4ca7-8148-e72af301cd19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/moveit_cve_2023_34362.rb", "content": "", "creation_timestamp": "2023-06-22T18:39:14.000000Z"}, {"uuid": "261398de-7a1b-4f63-816c-1b43603ad0ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-85aeda5d-3a0884ef4e0bac3a", "content": "", "creation_timestamp": "2025-07-23T06:09:00.720250Z"}, {"uuid": "99a9a2b0-25a2-4642-951c-8c89c0a9cffe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "6ddd9bb8-2559-499c-87a5-895883921086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:00.000000Z"}, {"uuid": "f1c23541-faa0-4ac2-a7ad-0b836178fa44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://bsky.app/profile/cvedatabase.bsky.social/post/3mf24woicg62n", "content": "", "creation_timestamp": "2026-02-17T08:19:01.851258Z"}, {"uuid": "78425298-fca3-4544-8d4b-40bfe71e9d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/83b91887-974a-4613-bbf4-369408cdec6c", "content": "", "creation_timestamp": "2026-02-08T22:57:15.000000Z"}, {"uuid": "e7cd24c2-cd8a-44fd-9d62-faed84372eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "MISP/6e8ebc4b-bfda-4aac-a2ef-aea3d93b6e10", "content": "", "creation_timestamp": "2026-02-08T22:05:14.000000Z"}, {"uuid": "13a15e7d-7788-4443-af6d-f2bfcc7d610d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://gist.github.com/alamsnatec/d44e75072ddcea188365064c8bbab7bf", "content": "", "creation_timestamp": "2026-02-19T11:33:52.000000Z"}, {"uuid": "16d04060-2d3f-44ce-a539-d23ffa08b856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1aae08d5-0d6f-43c1-b281-1655a25b7888", "content": "", "creation_timestamp": "2026-02-02T12:26:58.044645Z"}, {"uuid": "1e0e5b2f-68cb-4b84-9ebd-57f71d18bca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7789", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aModified RCE with a remote shell and logging\nURL\uff1ahttps://github.com/glen-pearson/MoveIT-CVE-2023-34362-RCE\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-06-28T21:21:34.000000Z"}, {"uuid": "21daf63e-3819-4556-96e4-2d5867e3d30e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7786", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aModified RCE with a remote shell and logging\nURL\uff1ahttps://github.com/glen-pearson/CVE-2023-34362-RCE\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-06-28T17:23:59.000000Z"}, {"uuid": "0d6d87fe-aa4c-43c9-8f50-9d146ba91cf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/true_secator/7173", "content": "GreyNoise \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e \u0430\u043d\u043e\u043c\u0430\u043b\u044c\u043d\u043e\u043c \u0432\u0441\u043f\u043b\u0435\u0441\u043a\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c Progress MOVEit Transfer, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 27 \u043c\u0430\u044f 2025 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0433\u043e\u0442\u043e\u0432\u044f\u0442\u0441\u044f \u043a \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u043b\u0438 \u0438\u0449\u0443\u0442 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\nMOVEit Transfer - \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0444\u0430\u0439\u043b\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0435 \u043a\u0440\u0443\u043f\u043d\u044b\u043c \u0431\u0438\u0437\u043d\u0435\u0441\u043e\u043c \u0438 \u0433\u043e\u0441\u0441\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0434\u043b\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e \u043e\u0431\u043c\u0435\u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438. \u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u043b\u044e\u0431\u043b\u0435\u043d\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f.\n\n\u0414\u043e \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u043d\u043e\u0439 \u0434\u0430\u0442\u044b \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f - \u043e\u0431\u044b\u0447\u043d\u043e \u0432 \u0434\u0435\u043d\u044c \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u043e\u0441\u044c \u043c\u0435\u043d\u0435\u0435 10 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u043d\u043e 27 \u043c\u0430\u044f \u044d\u0442\u043e \u0447\u0438\u0441\u043b\u043e \u0440\u0435\u0437\u043a\u043e \u0432\u043e\u0437\u0440\u043e\u0441\u043b\u043e \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 100 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0445 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0430 28 \u043c\u0430\u044f \u2014 \u0434\u043e 319 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u0435\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u044b\u0439 \u043e\u0431\u044a\u0435\u043c \u0442\u0430\u043a\u0438\u0445 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u043f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u043b\u0441\u044f \u0438 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b \u043e\u0442 200 \u0434\u043e 300 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0432 \u0434\u0435\u043d\u044c, \u0447\u0442\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043e\u0442\u043a\u043b\u043e\u043d\u0435\u043d\u0438\u0435\u043c \u043e\u0442 \u043e\u0431\u044b\u0447\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438.\n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 90 \u0434\u043d\u0435\u0439 \u0431\u044b\u043b\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e 682 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0445 IP-\u0430\u0434\u0440\u0435\u0441\u0430, \u0430 \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 24 \u0447\u0430\u0441\u0430 - \u0438 \u0432\u043e\u0432\u0441\u0435 449, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 344 \u0431\u044b\u043b\u0438 \u043e\u0442\u043d\u0435\u0441\u0435\u043d\u044b \u043a \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445, \u0430 77 \u0431\u044b\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u044b \u043a\u0430\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435.\n\n\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0434\u0438\u0441\u043b\u043e\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432 \u0421\u0428\u0410, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044f, \u042f\u043f\u043e\u043d\u0438\u044f, \u0421\u0438\u043d\u0433\u0430\u043f\u0443\u0440, \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u044f, \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u044b, \u042e\u0436\u043d\u0430\u044f \u041a\u043e\u0440\u0435\u044f, \u0413\u043e\u043d\u043a\u043e\u043d\u0433 \u0438 \u0418\u043d\u0434\u043e\u043d\u0435\u0437\u0438\u044f.\n\nGreyNoise \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430, \u0447\u0442\u043e 12 \u0438\u044e\u043d\u044f 2025 \u0433\u043e\u0434\u0430 \u043e\u043d\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0432\u0443\u0445 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 MOVEit Transfer (CVE-2023-34362 \u0438 CVE-2023-36934).\n\nCVE-2023-34362 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u0442\u0435\u043c, \u0447\u0442\u043e \u0440\u0430\u043d\u0435\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0431\u0430\u043d\u0434\u043e\u0439 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Cl0p \u0432 \u0445\u043e\u0434\u0435 \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 2023 \u0433\u043e\u0434\u0443, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0432\u0448\u0435\u0439 \u0431\u043e\u043b\u0435\u0435 2770 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439.\n\n\u041e\u0447\u0435\u0432\u0438\u0434\u043d\u043e, \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0433\u0443\u0442 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u043d\u0430 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u043d\u043e\u0432\u043e\u0439 \u0432\u043e\u043b\u043d\u044b \u0430\u0442\u0430\u043a \u043d\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b MOVEit Transfer. \n\n\u0412 \u043e\u0431\u0449\u0435\u043c, \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2025-06-27T09:50:50.000000Z"}, {"uuid": "e0f6a7e0-1e41-49ba-ab67-9eaae1151922", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/cKure/11070", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2023-34362: Zero-Day vulnerability in 'MOVEit Transfer' exploited for data theft.\n\nhttps://www.mandiant.com/resources/blog/zero-day-moveit-data-theft", "creation_timestamp": "2023-06-04T18:35:45.000000Z"}, {"uuid": "209bf522-f777-4753-8dd3-a5bab5dd086a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11114", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2023-34362: \ud83d\udea8MOVEit mayhem 3: \u201cDisable HTTP and HTTPS traffic immediately. \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34362\n\nhttps://nakedsecurity.sophos.com/2023/06/15/moveit-mayhem-3-disable-http-and-https-traffic-immediately/\n\nhttps://nakedsecurity.sophos.com/2023/06/05/moveit-zero-day-exploit-used-by-data-breach-gangs-the-how-the-why-and-what-to-do/\n\nhttps://www.fortinet.com/blog/threat-research/moveit-transfer-critical-vulnerability-cve-2023-34362-exploited-as-a-0-day", "creation_timestamp": "2023-06-16T20:04:19.000000Z"}, {"uuid": "a498e871-5383-434b-a59a-74ba741d0e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4503", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aAn investigation into CVE-2023-34362.\nURL\uff1ahttps://github.com/a3cipher/CVE-2023-34362\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-07T03:38:51.000000Z"}, {"uuid": "918e25aa-6b6f-40d4-92fd-8e42d1fd60a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4542", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCSV File Containing CVE-2023-34362 IOCs\nURL\uff1ahttps://github.com/lithuanian-g/cve-2023-34362-iocs\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-12T10:10:21.000000Z"}, {"uuid": "5790bafd-27b6-4f14-888c-76821bcd5638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/GithubRedTeam/4546", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMOVEit CVE-2023-34362\nURL\uff1ahttps://github.com/AgentY0/CVE-2023-34965\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-12T12:50:53.000000Z"}, {"uuid": "e6118ffa-fee5-4faa-8f9a-42e055dc4aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/GithubRedTeam/4545", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMOVEit CVE-2023-34362\nURL\uff1ahttps://github.com/happy0717/CVE-2023-34965\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-12T12:38:06.000000Z"}, {"uuid": "8b7675b1-5875-4aad-bda9-19d1aa9736e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4500", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-34362-IOCs. More information on Deep Instinct's blog site.\nURL\uff1ahttps://github.com/deepinstinct/MOVEit_CVE-2023-34362_IOCs\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-06T15:46:54.000000Z"}, {"uuid": "46a939b0-99d9-4442-8785-4793de1588eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/GithubRedTeam/4532", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software, tracked as CVE-2023-34362, to steal data from organizations.\nURL\uff1ahttps://github.com/CyberKendra/MoveIt-Victims-List\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-10T08:58:17.000000Z"}, {"uuid": "975b8c25-43b0-4d90-a3dc-840253d20de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4544", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMOVEit CVE-2023-34362\nURL\uff1ahttps://github.com/horizon3ai/CVE-2023-34362\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-12T11:38:37.000000Z"}, {"uuid": "57ce0294-5524-4657-b2f5-62d825c6d609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4547", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-34362: MOVEit Transfer Unauthenticated RCE\nURL\uff1ahttps://github.com/sfewer-r7/CVE-2023-34362\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-12T13:53:17.000000Z"}, {"uuid": "35f34803-aa46-4d7e-9e7e-48f09bd3c1e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4570", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aRepository with everything I have tracking the impact of MOVEit CVE-2023-34362\nURL\uff1ahttps://github.com/kenbuckler/MOVEit-CVE-2023-34362\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-16T00:50:48.000000Z"}, {"uuid": "cad497cc-0679-4156-8544-bfaf861c6f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4715", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPOC for CVE-2023-34362 affecting MOVEit Transfer\nURL\uff1ahttps://github.com/Malwareman007/CVE-2023-34362\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-09T18:47:56.000000Z"}, {"uuid": "8b592400-be44-4d37-a3e9-db94dcd385eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5054", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aan exploit of POC for CVE-2023-34362 affecting MOVEit Transfer\nURL\uff1ahttps://github.com/errorfiathck/MOVEit-Exploit\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-31T13:36:22.000000Z"}, {"uuid": "5e0db897-e874-4c53-a080-31564f89e91b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6349", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA video presentation analysing the technical details, scale and lessons to be learned from the MOVEit CVE-2023=3462(CS50 Introduction to Cyber Security Finale Project)\nURL\uff1ahttps://github.com/Chinyemba-ck/MOVEit-CVE-2023-34362\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2024-01-01T00:58:41.000000Z"}, {"uuid": "0b87575e-90bf-44be-9cee-a7009f3c4d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/exploits666/17", "content": "MOVEit CVE-2023-34362 (don\u2019t listen to rumours\u2026. I will release this and will also update further if needs be live in real-time) ^_^ YES, ofc it will be FREE ^_^ Stay tuned, regards, \n\ud83d\udc51Team AG \ud83d\udc51", "creation_timestamp": "2024-11-11T22:56:00.000000Z"}, {"uuid": "37f7ac69-650a-4307-99a8-77b0ebe45c6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/itsec_news/2919", "content": "\u200b\u26a1\ufe0f\u041f\u0430\u0434\u0435\u043d\u0438\u0435 \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0445 \u043a\u0440\u0435\u043f\u043e\u0441\u0442\u0435\u0439: \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 MOVEit, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0442\u0440\u044f\u0441\u043b\u0430 \u043c\u0438\u0440.\n\n\ud83d\udcac \u0425\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 MOVEit Transfer \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u043d\u0430\u043d\u043e\u0441\u0438\u0442\u044c \u0443\u0449\u0435\u0440\u0431, \u0447\u0438\u0441\u043b\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u0440\u0438\u0431\u043b\u0438\u0436\u0430\u0435\u0442\u0441\u044f \u043a 400. \u0413\u0440\u0443\u043f\u043f\u0430 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 Clop \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Progress Software \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0442\u0435\u0439. \u0421\u0440\u0435\u0434\u0438 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u0445 \u2013 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0446\u0438\u0438 \u0438 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430 \u0421\u0428\u0410, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0414\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438 \u0421\u0428\u0410 , Shell , Deutsche Bank \u0438 PwC .\n\n\u041f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 19 \u0438\u044e\u043b\u044f, \u0431\u044b\u043b\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043e 383 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0431\u043e\u043b\u0435\u0435 20 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0447\u0435\u043b\u043e\u0432\u0435\u043a. \u0418\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u0441 MOVEit \u0441\u0440\u0430\u0432\u043d\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0441 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c \u0441\u043b\u0443\u0447\u0430\u0435\u043c \u0432\u0437\u043b\u043e\u043c\u0430 SolarWinds , \u0445\u043e\u0442\u044f \u0438 \u043d\u0435 \u0442\u0430\u043a\u0438\u043c \u0440\u0430\u0437\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c. \u041e\u0436\u0438\u0434\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0443\u0431\u044b\u0442\u043a\u0438 \u0431\u0443\u0434\u0443\u0442 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u043a\u0440\u0435\u0434\u0438\u0442\u043e\u0432 \u0434\u043b\u044f \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u043b\u044e\u0434\u0435\u0439 \u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0441\u0443\u0434\u0435\u0431\u043d\u044b\u0445 \u0438\u0441\u043a\u043e\u0432.\n\n\u0411\u0440\u0438\u0442\u0430\u043d\u0441\u043a\u0438\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0440\u0430\u0441\u0447\u0451\u0442\u0430 \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u044b \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u043e\u043c Zellis \u043e\u0434\u0438\u043d \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043f\u0435\u0440\u0432\u044b\u0445 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b , \u0447\u0442\u043e \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0441\u044f \u0443\u0442\u0435\u0447\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0432\u043b\u0438\u044f\u043b\u0430 \u043d\u0430 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0435\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 BBC , British Airways \u0438 \u0430\u043f\u0442\u0435\u0447\u043d\u0443\u044e \u0441\u0435\u0442\u044c Boots .\n\n\u0421\u0442\u043e\u0438\u0442 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u0432\u0437\u043b\u043e\u043c MFT-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b MOVEit Transfer \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0451\u043b 27 \u043c\u0430\u044f \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f CVE-2023-34362 . \u0417\u0430 \u0432\u0440\u0435\u043c\u044f \u043d\u0430\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 MOVEit \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043f\u043e\u0445\u0438\u0442\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u0442\u0435\u043d \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439. \u0418 \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u0432\u0441\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e\u0431 \u0443\u0442\u0435\u0447\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e. \u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b, \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0438\u0441 MOVEit Transfer \u0433\u043e\u0442\u043e\u0432\u0438\u043b\u043e\u0441\u044c \u0435\u0449\u0451 \u0432 2021 \u0433\u043e\u0434\u0443, \u043a\u043e\u0433\u0434\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u043e\u0449\u0443\u043f\u044b\u0432\u0430\u043b\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u041f\u041e \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0438 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 ( CVE-2023-34362 ), \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f. \u0417\u0430\u0442\u0435\u043c \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 \u0435\u0449\u0435 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 9 \u0438 15 \u0438\u044e\u043d\u044f ( CVE-2023-35036 \u0438 CVE-2023-35708 ). \u0412 \u043d\u0430\u0447\u0430\u043b\u0435 \u0438\u044e\u043b\u044f \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0435\u0449\u0435 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 ( CVE-2023-36934 , CVE-2023-36932 , \u0438 CVE-2023-36933 ).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Bitsight, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f \u0432\u0441\u0435 \u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u0438\u0437-\u0437\u0430 \u0438\u0445 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0430. \u041e\u0434\u043d\u0430\u043a\u043e \u0442\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u043e\u0434\u043d\u043e\u0440\u0430\u0437\u043e\u0432\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u0430\u0436\u0434\u043e\u0439 \u0430\u0442\u0430\u043a\u0438, \u043f\u043e\u0441\u043b\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0438\u0441\u043a\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-07-23T12:50:28.000000Z"}, {"uuid": "2a2d446d-2c0b-4439-99f7-b20e1d818100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/itsec_news/2753", "content": "\u200b\u26a1\ufe0f\u0425\u0430\u043a\u0435\u0440\u044b \u043d\u0435 \u0434\u0440\u0435\u043c\u043b\u044e\u0442: \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0443\u044e \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u0443\u044e \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u044e \u0438 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 \u044f\u0434\u0435\u0440\u043d\u044b\u0445 \u043e\u0442\u0445\u043e\u0434\u043e\u0432.\n\n\ud83d\udcac \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0438 , \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0444\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432 \u0421\u0428\u0410, \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438 \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0439 \u0438 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 \u0440\u0430\u0434\u0438\u043e\u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043e\u0442\u0445\u043e\u0434\u043e\u0432, \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0435 \u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e\u043c \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438 \u0421\u0428\u0410. \u041e\u0431 \u044d\u0442\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0447\u0435\u043b\u043e\u0432\u0435\u043a, \u0437\u043d\u0430\u043a\u043e\u043c\u044b\u0439 \u0441 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0435\u0439.\n\n\u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044c \u043c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u0430 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b \u0432 \u0447\u0435\u0442\u0432\u0435\u0440\u0433, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u0432\u0443\u0445 \u201c\u0441\u0443\u0431\u044a\u0435\u043a\u0442\u043e\u0432\u201d \u043c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u0430 \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u0445\u043e\u0442\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u0435 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u043f\u043e\u043a\u0430 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b. \u0412 \u0445\u043e\u0434\u0435 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0444\u0430\u0439\u043b\u043e\u0432, \u0447\u0442\u043e\u0431\u044b \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432.\n\n\u201c\u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043d\u044f\u043b\u043e \u043c\u0435\u0440\u044b \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u043e \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\u201d, - \u0441\u043a\u0430\u0437\u0430\u043b \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044c \u043c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u0430. \u201c\u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u043e \u041a\u043e\u043d\u0433\u0440\u0435\u0441\u0441 \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u043e\u0440\u0433\u0430\u043d\u0430\u043c\u0438, \u0410\u041a\u0418\u0411 \u0438 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u043c\u0438 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430 \u0438 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f\u201d.\n\n\u0421\u0440\u0435\u0434\u0438 \u0436\u0435\u0440\u0442\u0432 \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u043f\u043e\u0434\u0440\u044f\u0434\u0447\u0438\u043a \u043e\u0442\u0434\u0435\u043b\u0430 \u043d\u0430\u0443\u043a\u0438 \u0438 \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0439 \u043c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u0430, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u041d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041e\u0443\u043a-\u0420\u0438\u0434\u0436 \u0432 \u0422\u0435\u043d\u043d\u0435\u0441\u0441\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u044f\u0434\u0435\u0440\u043d\u043e\u0439 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438. \u0418\u043d\u0441\u0442\u0438\u0442\u0443\u0442 \u043d\u0430\u0443\u0447\u043d\u043e\u0433\u043e \u0438 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u041e\u0443\u043a-\u0420\u0438\u0434\u0436 \u043f\u043e\u0434\u0447\u0438\u043d\u044f\u0435\u0442\u0441\u044f \u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e \u043f\u043e \u0434\u0435\u043b\u0430\u043c \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041e\u0443\u043a-\u0420\u0438\u0434\u0436, \u043d\u043e \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044c \u041f\u044d\u043c \u0411\u043e\u043d\u043d\u0438 \u0441\u043a\u0430\u0437\u0430\u043b\u0430, \u0447\u0442\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u044b \u043d\u0435 \u0438\u043c\u0435\u043b\u0438 \u043d\u0438\u0447\u0435\u0433\u043e \u043e\u0431\u0449\u0435\u0433\u043e \u0441 \u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0435\u0439. \u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438 \u0437\u0430\u044f\u0432\u0438\u043b\u043e, \u0447\u0442\u043e \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u044f \u043d\u0435 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0430 \u043e\u0442 \u0430\u0442\u0430\u043a\u0438.\n\n\u0422\u0430\u043a\u0436\u0435 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b \u041f\u0438\u043b\u043e\u0442\u043d\u044b\u0439 \u0437\u0430\u0432\u043e\u0434 \u043f\u043e \u0438\u0437\u043e\u043b\u044f\u0446\u0438\u0438 \u043e\u0442\u0445\u043e\u0434\u043e\u0432 \u043c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u0430 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438 \u0432 \u041a\u0430\u0440\u043b\u0441\u0431\u0430\u0434\u0435, \u0448\u0442\u0430\u0442 \u041d\u044c\u044e-\u041c\u0435\u043a\u0441\u0438\u043a\u043e, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0445\u0440\u0430\u043d\u0438\u0442 \u044f\u0434\u0435\u0440\u043d\u044b\u0435 \u043e\u0442\u0445\u043e\u0434\u044b \u043e\u0442 \u043e\u0440\u0443\u0436\u0438\u044f \u0441\u0442\u0440\u0430\u043d\u044b \u043d\u0430 \u0433\u043b\u0443\u0431\u0438\u043d\u0435 \u0442\u044b\u0441\u044f\u0447 \u0444\u0443\u0442\u043e\u0432 \u043f\u043e\u0434 \u0437\u0435\u043c\u043b\u0435\u0439. \u0412 \u0447\u0435\u0442\u0432\u0435\u0440\u0433 \u0441\u0430\u0439\u0442 \u0437\u0430\u0432\u043e\u0434\u0430 \u0431\u044b\u043b \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d. \u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044c \u0437\u0430\u0432\u043e\u0434\u0430 \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e.\n\n\u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410, \u043f\u043e\u0434\u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u043e, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u043e\u0441\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432. \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0443, \u0445\u0430\u043a\u0435\u0440\u044b, \u0433\u043e\u0432\u043e\u0440\u044f\u0449\u0438\u0435 \u043d\u0430 \u0440\u0443\u0441\u0441\u043a\u043e\u043c \u044f\u0437\u044b\u043a\u0435 \u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u043a\u0430\u043a Clop, \u0441\u043e\u0432\u0435\u0440\u0448\u0438\u043b\u0438 \u0440\u044f\u0434 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0445 \u0430\u0442\u0430\u043a, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u043d\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 MOVEit, \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0444\u0430\u0439\u043b\u043e\u0432.\n\n\u0414\u0438\u0440\u0435\u043a\u0442\u043e\u0440 \u0410\u041a\u0418\u0411 \u0414\u0436\u0435\u043d \u0418\u0441\u0442\u0435\u0440\u043b\u0438 \u0441\u043a\u0430\u0437\u0430\u043b\u0430, \u0447\u0442\u043e \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u0444\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430\u043c, \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u043c \u043e\u0442 \u0430\u0442\u0430\u043a\u0438 MOVEit. \u0418\u0441\u0442\u0435\u0440\u043b\u0438 \u0441\u043a\u0430\u0437\u0430\u043b\u0430, \u0447\u0442\u043e \u201c\u043d\u0430\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u044b \u0437\u043d\u0430\u0435\u043c\u201d \u0445\u0430\u043a\u0435\u0440\u044b \u0442\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0430\u0434\u0443\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0445\u0440\u0430\u043d\u044f\u0449\u0443\u044e\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 MOVEit, \u0438 \u0447\u0442\u043e \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u0447\u0430\u0441\u0442\u044f\u043c \u0441\u0435\u0442\u0435\u0439.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Moveit - \u044d\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435 MOVEit Transfer, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u043c \u0447\u0435\u0440\u0435\u0437 \u044d\u0442\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Microsoft \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2023-34362. \u041e\u043d\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 MOVEit Transfer Web Admin.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 MOVEit Transfer, \u0447\u0442\u043e \u0434\u0430\u0435\u0442 \u0438\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u0444\u0430\u0439\u043b\u043e\u0432, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0445\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0438 \u043a\u0440\u0430\u0441\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u044b \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 Azure.\n\n\u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c MOVEit Transfer - \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Progress Software - \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0435\u0433\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u0435\u0440 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u0440\u0438\u0441\u043a\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a MOVEit Transfer Web Admin \u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-06-18T15:54:32.000000Z"}, {"uuid": "41a66635-29f2-4ca7-9a9e-5722d593274c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/itsec_news/2677", "content": "\u200b\u26a1\ufe0f \u0412\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 Clop \u00ab\u043f\u0440\u043e\u0449\u0443\u043f\u044b\u0432\u0430\u043b\u0438 \u043f\u043e\u0447\u0432\u0443\u00bb \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 MOVEit Transfer \u0435\u0449\u0451 \u0432 2021 \u0433\u043e\u0434\u0443.\n\n\ud83d\udcac \u041a\u0430\u043a \u0441\u0442\u0430\u043b\u043e \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Kroll, \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0438\u0437 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0431\u0430\u043d\u0434\u044b Clop \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0441\u043e \u0441\u043f\u043e\u0441\u043e\u0431\u0430\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f MOVEit Transfer, \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u0430\u043a CVE-2023-34362 , \u0435\u0449\u0451 \u0432 \u0438\u044e\u043b\u0435 2021 \u0433\u043e\u0434\u0430, \u0430 \u043f\u043e\u0442\u043e\u043c \u0435\u0449\u0451 \u0440\u0430\u0437 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2022 \u0433\u043e\u0434\u0430. \u0422\u043e \u0435\u0441\u0442\u044c \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0447\u0430\u043b\u0438 \u00ab\u043f\u0440\u043e\u0449\u0443\u043f\u044b\u0432\u0430\u0442\u044c \u043f\u043e\u0447\u0432\u0443\u00bb \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u0435\u0449\u0451 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430 \u043d\u0430\u0437\u0430\u0434.\n\n\u0414\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u043a\u0442 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0442\u0435\u0440\u043f\u0435\u043b\u0438\u0432\u043e\u0441\u0442\u044c, \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u043d\u043e\u0441\u0442\u044c \u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u2014 \u0430\u0442\u0430\u043a\u0443 \u043e\u043d\u0438 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0434\u043e\u043b\u0433\u043e\u0435 \u0432\u0440\u0435\u043c\u044f, \u0438 \u043a\u043e\u0433\u0434\u0430 \u043d\u0430\u0441\u0442\u0430\u043b \u0447\u0430\u0441, \u043f\u0440\u043e\u0432\u0435\u0440\u043d\u0443\u043b\u0438 \u0432\u0441\u0451 \u0431\u044b\u0441\u0442\u0440\u043e \u0438 \u0431\u0435\u0437 \u043b\u0438\u0448\u043d\u0435\u0433\u043e \u0448\u0443\u043c\u0430. \u0410 \u043a\u043e\u0433\u0434\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ipswitch, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a MOVEit Transfer, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0444\u0430\u043a\u0442 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u0431\u044b\u043b\u043e \u0443\u0436\u0435 \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u043f\u043e\u0437\u0434\u043d\u043e.\n\n\u0422\u0430\u043a \u0436\u0435, \u0432\u043f\u0440\u043e\u0447\u0435\u043c, \u0431\u044b\u043b\u043e \u0438 \u0441 \u0430\u0442\u0430\u043a\u043e\u0439 \u043d\u0430 Fortra GoAnywhere \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u0438 \u0441 \u0430\u0442\u0430\u043a\u043e\u0439 \u043d\u0430 Accellion FTA \u0432 \u043a\u043e\u043d\u0446\u0435 2020 \u0433\u043e\u0434\u0430 \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435. \u041a\u0430\u043a \u0431\u044b \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u043d\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u043d\u0438 \u0431\u0430\u043d\u0430\u043b\u044c\u043d\u043e \u043d\u0435 \u043f\u043e\u0441\u043f\u0435\u0432\u0430\u044e\u0442 \u0437\u0430 \u0441\u043a\u0430\u043d\u0434\u0430\u043b\u044c\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f\u043c\u0438.\n\n\u041a\u0430\u043a \u043f\u043e\u0433\u043e\u0432\u0430\u0440\u0438\u0432\u0430\u044e\u0442 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b, \u0445\u0430\u043a\u0435\u0440\u044b Clop \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u043f\u043e\u0438\u0441\u043a\u0430\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439. \u0412 \u0441\u0435\u0442\u0438 \u0434\u0430\u0436\u0435 \u0445\u043e\u0434\u0438\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e \u0442\u043e\u043c, \u0447\u0442\u043e Clop \u0441\u0430\u043c\u0430 \u0437\u0430\u0447\u0430\u0441\u0442\u0443\u044e \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u0435\u0442 \u0431\u0440\u043e\u043a\u0435\u0440\u043e\u043c \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (IAB) \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u0438\u0445 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0440\u0430\u0437\u0443\u043c\u0435\u0435\u0442\u0441\u044f, \u043d\u0435 \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e. \u0418 \u0442\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043b\u0438\u0448\u044c \u0432 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u0440\u0430\u0437 \u0434\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u043e\u043f\u044b\u0442\u0430 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0443 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0438\u0441 MOVEit Transfer \u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c 27 \u043c\u0430\u044f, \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u043a\u0430 \u00ab\u0414\u0435\u043d\u044c \u043f\u0430\u043c\u044f\u0442\u0438\u00bb \u0432 \u0421\u0428\u0410, \u043a\u043e\u0433\u0434\u0430 \u0438 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445, \u0434\u0430\u043d\u043d\u044b\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0438 \u043f\u043e\u0445\u0438\u0449\u0435\u043d\u044b. \u0421\u043d\u0430\u0447\u0430\u043b\u0430 \u043e \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u043d\u043e\u0441\u0442\u0438 Clop \u043a \u0434\u0430\u043d\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b Microsoft Threat Intelligence, \u0430 \u0447\u0443\u0442\u044c \u043f\u043e\u0437\u0436\u0435 \u0438 \u0441\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u0448\u043b\u0438 \u043d\u0430 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0421\u041c\u0418 \u0438 \u0432\u0437\u044f\u043b\u0438 \u043d\u0430 \u0441\u0435\u0431\u044f \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0437\u0430 \u0441\u043e\u0434\u0435\u044f\u043d\u043d\u043e\u0435 .\n\n\u0422\u043e\u0447\u043d\u043e\u0435 \u0447\u0438\u0441\u043b\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u043e\u0435 \u0430\u0442\u0430\u043a\u043e\u0439, \u0435\u0449\u0451 \u043d\u0438 \u0440\u0430\u0437\u0443 \u043d\u0435 \u0431\u044b\u043b\u043e \u043d\u0430\u0437\u0432\u0430\u043d\u043e \u043d\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044f\u043c\u0438 Clop, \u043d\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044f\u043c\u0438 MOVEit Transfer, \u043e\u0434\u043d\u0430\u043a\u043e, \u043a\u0430\u043a \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442 \u0441\u0430\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u044b, \u0441\u043f\u0438\u0441\u043e\u043a \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0441\u043e\u0442\u043d\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439. \u0410 \u0431\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0432\u0447\u0435\u0440\u0430 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u0434\u0432\u0438\u043d\u0443\u043b\u0438 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u043c \u043e\u0442 \u0430\u0442\u0430\u043a\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u0443\u043b\u044c\u0442\u0438\u043c\u0430\u0442\u0443\u043c, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u044f \u0436\u0435\u0440\u0442\u0432 \u0441\u0430\u043c\u0438\u0445 \u0441\u0432\u044f\u0437\u0430\u0442\u044c\u0441\u044f \u0441 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u043f\u043e \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u0435 \u0432 \u0441\u0440\u043e\u043a \u0434\u043e 14 \u0438\u044e\u043d\u044f.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-06-08T15:25:57.000000Z"}, {"uuid": "4607723a-bc13-4c32-b703-fab90fd2da40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/itsec_news/2795", "content": "\u200b\u26a1\ufe0f\u0414\u0430\u043d\u043d\u044b\u0435 45 000 \u041d\u044c\u044e-\u0419\u043e\u0440\u043a\u0441\u043a\u0438\u0445 \u0448\u043a\u043e\u043b\u044c\u043d\u0438\u043a\u043e\u0432 \u043f\u043e\u0445\u0438\u0449\u0435\u043d\u044b \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 Clop \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 MOVEit Transfer.\n\n\ud83d\udcac \u0414\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u041d\u044c\u044e-\u0419\u043e\u0440\u043a\u0430 \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0443\u043a\u0440\u0430\u043b\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u043b\u0438\u0447\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0434\u043e 45 000 \u0448\u043a\u043e\u043b\u044c\u043d\u044b\u0445 \u0441\u0442\u0443\u0434\u0435\u043d\u0442\u043e\u0432 \u0441 \u0435\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 MOVEit Transfer \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0438\u0441, \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u0432 \u043a\u043e\u043d\u0446\u0435 \u043c\u0430\u044f.\n\nMFT-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e\u043c \u0437\u0434\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u041d\u044c\u044e-\u0419\u043e\u0440\u043a\u0430 \u0434\u043b\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0442\u0440\u0430\u043d\u044b \u0438 \u0437\u0430 \u0435\u0451 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0443\u0441\u043b\u0443\u0433 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e \u0437\u0434\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u041d\u044c\u044e-\u0419\u043e\u0440\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 ( CVE-2023-34362 ); \u043e\u0434\u043d\u0430\u043a\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043a \u0442\u043e\u043c\u0443 \u043c\u043e\u043c\u0435\u043d\u0442\u0443 \u0443\u0436\u0435 \u0443\u0441\u043f\u0435\u043b\u0438 \u043f\u043e\u0445\u0438\u0442\u0438\u0442\u044c \u0432\u0441\u0435 \u043d\u0443\u0436\u043d\u044b\u0435 \u0438\u043c \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0431\u044b\u043b \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d, \u0438 \u041c\u0438\u043d\u0438\u0441\u0442\u0435\u0440\u0441\u0442\u0432\u043e \u043e\u0431\u043e\u0440\u043e\u043d\u044b \u041d\u044c\u044e-\u0419\u043e\u0440\u043a\u0430 \u0440\u0430\u0431\u043e\u0442\u0430\u043b\u043e \u0432 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0435 \u0441 \u043a\u0438\u0431\u0435\u0440\u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u041d\u044c\u044e-\u0419\u043e\u0440\u043a\u0430 \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430.\n\n\u00ab\u041c\u044b \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u043e, \u0447\u0442\u043e \u0431\u044b\u043b\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0434\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442\u0430 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f. \u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f, \u043d\u043e \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u043a\u043e\u043b\u043e 45 000 \u0448\u043a\u043e\u043b\u044c\u043d\u0438\u043a\u043e\u0432, \u0432 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0430\u043c \u0434\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442\u0430 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u043c \u0441 \u043d\u0438\u043c\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c \u0443\u0441\u043b\u0443\u0433\u00bb, \u2014 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u042d\u043c\u043c\u0430 \u0412\u0430\u0434\u0435\u0445\u0440\u0430, \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440 \u0434\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442\u0430 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u041d\u044c\u044e-\u0419\u043e\u0440\u043a\u0430, \u0432 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u043f\u0430\u0440\u0443 \u0434\u043d\u0435\u0439 \u043d\u0430\u0437\u0430\u0434 \u0437\u0430\u044f\u0432\u043b\u0435\u043d\u0438\u0438.\n\n\u00ab\u0422\u0438\u043f\u044b \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u043d\u043e\u043c\u0435\u0440\u0430 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0442\u0440\u0430\u0445\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043d\u043e\u043c\u0435\u0440\u0430\u00bb, \u2014 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 \u0412\u0430\u0434\u0435\u0445\u0440\u0430. \u041f\u0440\u0438\u0447\u0451\u043c, \u043a\u0430\u043a \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u043f\u0430\u043a\u0435\u0442 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043d\u0435 \u043e\u0434\u0438\u043d\u0430\u043a\u043e\u0432 \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u044b \u0443\u0442\u0435\u0447\u043a\u0438. \u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0443\u0442\u0435\u043a\u0448\u0438\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0442\u0438\u043f\u0430 \u0432\u0430\u0440\u044c\u0438\u0440\u0443\u0435\u0442\u0441\u044f.\n\n\u00ab\u0424\u0411\u0420 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0435 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u043e \u0441\u043e\u0442\u043d\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439; \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043c\u044b \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u0447\u0430\u0435\u043c \u043a\u0430\u043a \u0441 \u043f\u043e\u043b\u0438\u0446\u0438\u0435\u0439 \u041d\u044c\u044e-\u0419\u043e\u0440\u043a\u0430, \u0442\u0430\u043a \u0438 \u0441 \u0424\u0411\u0420 \u0432 \u0445\u043e\u0434\u0435 \u0438\u0445 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u00bb, \u2014 \u043f\u043e\u0434\u044b\u0442\u043e\u0436\u0438\u043b \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440.\n\n\u0421\u0442\u043e\u0438\u0442 \u043d\u0430\u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u0432\u0437\u043b\u043e\u043c MFT-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b MOVEit Transfer \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0451\u043b 27 \u043c\u0430\u044f \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f CVE-2023-34362 . \u0417\u0430 \u0432\u0440\u0435\u043c\u044f \u043d\u0430\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 MOVEit \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043f\u043e\u0445\u0438\u0442\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u0442\u0435\u043d \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439. \u0418 \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u0432\u0441\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e\u0431 \u0443\u0442\u0435\u0447\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e.\n\n\u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b, \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0438\u0441 MOVEit Transfer \u0433\u043e\u0442\u043e\u0432\u0438\u043b\u043e\u0441\u044c \u0435\u0449\u0451 \u0432 2021 \u0433\u043e\u0434\u0443, \u043a\u043e\u0433\u0434\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u043e\u0449\u0443\u043f\u044b\u0432\u0430\u043b\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438.\n\n\u041f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0441\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u0430\u0442\u0430\u043a\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u0437\u0430\u044f\u0432\u0438\u043b\u0438, \u0447\u0442\u043e \u043d\u0435 \u0441\u043e\u0431\u0438\u0440\u0430\u044e\u0442\u0441\u044f \u0448\u0430\u043d\u0442\u0430\u0436\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f, \u0430 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u044e\u0442 \u0438\u0445 \u043f\u043e \u0431\u043e\u043b\u044c\u0448\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0447\u0430\u0441\u0442\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438. \u041f\u043e \u0438\u0434\u0435\u0435, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0435\u0449\u0451 \u043d\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u0445\u0438\u0449\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0448\u043a\u043e\u043b\u044c\u043d\u0438\u043a\u043e\u0432 \u0438 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0435 \u043f\u0440\u0435\u0434\u044a\u044f\u0432\u0438\u043b\u0438 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u044b\u043a\u0443\u043f\u0430, \u0432\u043f\u043e\u043b\u043d\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0430\u0442\u0430\u043a\u043e\u0439 \u043b\u044e\u0434\u0435\u0439 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u0443\u0433\u0440\u043e\u0436\u0430\u0435\u0442, \u0438 \u043e\u043d\u0438 \u0432\u043e\u043e\u0431\u0449\u0435 \u043d\u0435 \u043f\u043e\u043f\u0430\u0434\u0443\u0442 \u0432 \u0440\u0443\u043a\u0438 \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0442\u0440\u0435\u0442\u044c\u0438\u0445 \u043b\u0438\u0446.\n\n\u0425\u0430\u043a\u0435\u0440\u044b Clop \u0437\u043d\u0430\u043c\u0435\u043d\u0438\u0442\u044b \u0442\u0435\u043c, \u0447\u0442\u043e \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u043e\u0445\u0438\u0442\u0438\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0441 \u0434\u0432\u0443\u0445 \u0434\u0440\u0443\u0433\u0438\u0445 MFT-\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 \u2014 Accellion FTA \u0432 2021 \u0433\u043e\u0434\u0443, \u0438 Fortra GoAnywhere \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-06-26T18:13:03.000000Z"}, {"uuid": "8eeb861a-23ac-4c25-a821-49e70e99bed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/kasraone_com/294", "content": "Name: webshellphone\n\n\nGithub:\n https://github.com/quocanhp010102/webshellphone\n\n\n\nName: CVE-2023-34362\n\nGithub:\n https://github.com/horizon3ai/CVE-2023-34362", "creation_timestamp": "2023-06-12T12:25:41.000000Z"}, {"uuid": "81cb2042-4235-4e84-a61c-c5ea40267aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/YAH_Channel/679", "content": "\u041f\u043e\u0434\u0431\u043e\u0440\u043a\u0430 \u0438\u043d\u0444\u043e\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442\u0430 \u043e\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b Singleton Security \u0437\u0430 \u0438\u044e\u043d\u044c. \u041f\u0440\u043e\u0441\u0442\u043e \u044f \u0431\u044b\u043b \u0432 \u043e\u0442\u043f\u0443\u0441\u043a\u0435\n\n\u0421\u043e\u0431\u0440\u0430\u043b\u0438 \u0434\u043b\u044f \u0432\u0430\u0441 \u0441\u0430\u043c\u044b\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0438\u0437 \u0440\u0430\u0437\u043d\u044b\u0445 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0439.\n\n\ud83e\udeb2 Bugs &amp; Exploits\n1. MOVEIt Transfer RCE (CVE-2023-34362) (Part 1)\n2. MOVEIt Transfer RCE (CVE-2023-34362) (Part 2)\n3. VMware VRealize Network Insight - Remote Code Execution CVE-2023-20887\n4. GitLab 16.0.0 - Path Traversal\n5. MSSQL tricks\n6. EPP servers hack\n\n\ud83c\udfa7 Podcasts\n7. AI + Pentest = ?\n\n\ud83d\udee0 Tools\n8. jsluice\n9. surf\n10. DetectDee\n\n\ud83d\udcd1 Burp extensions &amp; tricks\n11. BChecks\n12. Automation tricks for Burp Suite Pro\n\n\ud83d\udcb0 Bug Bounty reports\n13. Stored XSS via Kroki diagram ($$$)\n14. Authentication bypass on gist.github.com through SSH Certificates ($$$)\n15. Yandex 12.000.000\u20bd RCE ($$$$)", "creation_timestamp": "2023-07-24T22:01:47.000000Z"}, {"uuid": "ea1ac324-faa4-4ac0-b7ec-af70b3305cf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "Telegram/wJ83KA27ztpgm6UQkZJH3SyvZ1B_G2eAKAV4286gCNH98w4", "content": "", "creation_timestamp": "2025-07-28T09:00:04.000000Z"}, {"uuid": "a80b989a-c9ca-4f18-9c23-99f43a91f0ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/Cyber_Watch_insider/130", "content": "https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/", "creation_timestamp": "2023-10-06T14:17:33.000000Z"}, {"uuid": "49c5f469-a26f-4e27-8d7b-c5c9adfc800f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/alexredsec/357", "content": "\u0423\u0436\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0442\u044c \"\u043f\u043e\u0447\u0442\u0438 \u043f\u043e\u043b\u0443\u0433\u043e\u0434\u043e\u0432\u044b\u0435\" \u0438\u0442\u043e\u0433\u0438 \u0437\u0430 2023 \u0433\u043e\u0434 - \u0432\u0440\u0435\u043c\u044f \u043b\u0435\u0442\u0438\u0442\ud83d\ude05\n\u0412\u043e\u0442 \u0440\u0435\u0431\u044f\u0442\u0430 \u0438\u0437 PRIOn \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0443 \u043f\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0432 \u044d\u0442\u043e \u0433\u043e\u0434\u0443 - \u0438\u0445 \u043d\u0430\u0441\u0447\u0438\u0442\u0430\u043b\u0438 44 \u0448\u0442\u0443\u043a\u0438.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \"\u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435\" \u043f\u043e \u0432\u0435\u0440\u0441\u0438\u0438 PRIOn:\n\u27a1\ufe0fCVE-2023-23397 [Microsoft Outlook] - \u0441\u0430\u043c\u0430\u044f \ud83d\udd25 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442. \u0410\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 APT28.\n\u27a1\ufe0fCVE-2023-27350  [PaperCut NG] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 ransomware-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430\u043c\u0438.\n\u27a1\ufe0fCVE-2023-28771 [Zyxel] \u0438 CVE-2023-1389 [TP-Link] - \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u043e\u043c\u043e\u0433\u0430\u043b\u0438 \u043f\u043e\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0440\u044f\u0434\u044b \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Mirai\ud83d\ude08\n\u27a1\ufe0fCVE-2023-0669 [Fortra GoAnywhere MFT] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 Clop.\n\u27a1\ufe0fCVE-2023-2868 [Barracuda ESG] - \u043f\u043e\u043a\u0430 \u043d\u0438\u043a\u043e\u043c\u0443 \u043d\u0435 \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u043d\u043d\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445.\n\u27a1\ufe0fCVE-2023-24880 [Microsoft Windows SmartScreen] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f ransomware-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 Magniber.\n\u27a1\ufe0fCVE-2023-28252 [Microsoft Windows 10] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f ransomware-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 Nokoyama.\n\u27a1\ufe0fCVE-2023-27532 [Veeam Backup] - \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043e\u0442\u0435\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 APT-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 FIN7.\n\u27a1\ufe0fCVE-2023-34362 [MOVEit Transfer] - \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 APT-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430\u043c\u0438.\n\n\u041d\u0443 \u0438 \u0422\u041e\u041f-3 \u0442\u0438\u043f\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\u27a1\ufe0fPrivilege Escalation\n\u27a1\ufe0fSecurity Feature Bypass\n\u27a1\ufe0fCommand Injection", "creation_timestamp": "2023-06-07T15:59:32.000000Z"}, {"uuid": "d1073b1a-8fe6-4020-9ba4-c52a2e2f035c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/ptswarm/175", "content": "MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise\n\n\ud83d\udc64 by Zach Hanley \n\nOn May 31, 2023, Progress released a security advisory for their MOVEit Transfer application which detailed a SQL injection leading to remote code execution and urged customers to update to the latest version. The vulnerability, CVE-2023-34362, at the time of release was believed to have been exploited in-the-wild as a 0-day dating back at least 30 days.\n\n\ud83d\udcdd Contents:\n\u25cf Taking a Peek \u2013 Patch Diff\u2019ing \n\u25cf A Path to Exploitation\n    \u2022 The Path to Unclean Input\n    \u2022 The Path to SQL Injection\n    \u2022 The Path to Administrator Session\n    \u2022 The Path to Remote Code Execution\n    \u2022 Post-Exploitation Bonus\n\u25cf Indicators of Compromise\n\nhttps://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/", "creation_timestamp": "2023-06-12T15:17:19.000000Z"}, {"uuid": "2ef54deb-0304-4a6f-9961-d1ee0e3433e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/AUSSIE_NEWS/42265", "content": ".\nCYBER-INFO\n\nMOVEit RANSOMWARE\n\nhttps://securityaffairs.com/147404/hacking/moveit-transfer-poc.html\n\nPOC = proof of consent\nExperts released PoC exploit for  Transfer CVE-2023-34362E\n\nOn Wednesday, the Clop ransomware gang published an extortion note on its dark web leak site claiming to have information on 100s of businesses\n\n\u201cWE HAVE INFORMATION ON HUNDREDS OF COMPANIES SO OUR DISCUSSION WILL WORK VERY SIMPLE.\u201d read the message\n\nNow security researchers from Horizon3 have released a\u00a0proof-of-concept (PoC) exploit code\u00a0for the\u00a0CVE-2023-34362\u00a0flaw\n\nExperts created the PoC exploit by performing reverse engineering of the patch released by the company\n\nThe researchers analyzed the differences between the vulnerable &amp; patched versions\n\nThe experts analyzed indicators of compromise associated with Clop ransomware attacks in an attempt to identify the attack abused by the threat actors ..more..\n\nRansom note (translated)\nCLICK HERE\n\n..More Information\nCLICK HERE and HERE\n\n..How To Prepare CLICK\n\nDIGITAL_ID_AU\n.", "creation_timestamp": "2023-06-17T00:04:43.000000Z"}, {"uuid": "39bf1a7c-fde8-42ff-bc6b-8fb3d3e6aa86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/AUSSIE_NEWS/42263", "content": ".\n2.\nCYBER-INFO\n\nSome links to info on cyber-hacks, cyber-safety and info.\nIf you find info, share it in the chat room.\n\nWatch this channel\nhttps://t.me/mrn_death\n.\nSeveral\u201d US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. source CNN\nt.me/TheWashingtonPundit/19272\n.\nU.S. federal government agencies hit in global cyberattack, CISA \"working urgently to understand impacts.\" https://t.me/disclosetv/11380\n.\nCyber Crime \u2014 FBI\nhttps://www.fbi.gov/investigate/cyber\n.\nChinese spies breached hundreds of public, private networks, security firm says | AP News\nhttps://apnews.com/article/barracuda-mandiant-cybersecurity-china-hackers-a52d1595c9108d2c58df11e38756600d\n.\nExperts released PoC exploit for MOVEit Transfer CVE-2023-34362\nhttps://securityaffairs.com/147404/hacking/moveit-transfer-poc.html\n.\nWWIII Explained: Cultural Decay - 5th Generation Warfare &amp; the Supervillain Scholars (DOCUMENTARY)\nhttps://rumble.com/v2k8a48-wwiii-explained-cultural-decay-5th-generation-warfare-and-the-supervillain-.html\n.\nUS energy department, other agencies hit in global hacking spree | Reuters\nhttps://www.reuters.com/world/us/us-government-agencies-hit-global-cyber-attack-cnn-2023-06-15/\n.\nSenior Government Officials Rush to Limit Impact of \"Potentially Largest Cyber Theft and Extortion Event in Recent History\" (VIDEO) | The Gateway Pundit | by Jim Hoft | 120\nhttps://www.thegatewaypundit.com/2023/06/senior-government-officials-rush-limit-impact-potentially-largest/\n\njoin\nDIGITAL_ID_AU\n.", "creation_timestamp": "2023-06-16T21:17:58.000000Z"}, {"uuid": "f0c5076c-b9fe-4358-a8b7-bdcea4a121ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/kasperskyb2b/693", "content": "\ud83d\udcf1 \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udd06 \u0412\u043e\u0440\u044b \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442 \u043e\u0441\u0432\u0430\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0451 \u0431\u043e\u043b\u0435\u0435 \u0441\u043b\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0430\u0442\u0430\u043a\u0438: \u043d\u043e\u0432\u044b\u0439 \u0441\u0442\u0438\u043b\u0435\u0440 DoubleFinger, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0439 Kaspersky GReAT, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u043d\u043e\u0433\u043e\u044d\u0442\u0430\u043f\u043d\u0443\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443, \u0441\u0442\u0435\u0433\u0430\u043d\u043e\u0433\u0440\u0430\u0444\u0438\u044e, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e process doppelg\u00e4nging, \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e COM-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u0432 Windows \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0442\u0440\u044e\u043a\u0438 \u0438\u0437 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0430 \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b\u0445 APT.\n\n\u26a1\ufe0f\u041d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0439 \u0432 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0445 \u0432\u043e\u0435\u043d\u043d\u043e-\u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u0438\u043c\u043f\u043b\u0430\u043d\u0442 PowerDrop \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d \u043d\u0430 \u0431\u0430\u0437\u0435 Powershell \u0438 WMI, \u0430\u043a\u043a\u0443\u0440\u0430\u0442\u043d\u043e \u043e\u0431\u043c\u0435\u043d\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0442\u0440\u0430\u0444\u0438\u043a\u043e\u043c \u0441 \u04212, \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u044f \u0435\u0433\u043e \u0441\u0440\u0435\u0434\u0438 ICMP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0438 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u0442 \u0434\u0438\u0441\u043a\u043e\u0432\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438. \u0418\u043c\u043f\u043b\u0430\u043d\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043b\u044e\u0431\u044b\u0435 \u043f\u0440\u0438\u0441\u043b\u0430\u043d\u043d\u044b\u0435 \u0441 \u04212 \u043a\u043e\u043c\u0430\u043d\u0434\u044b powershell, \u0442\u043e \u0435\u0441\u0442\u044c \u0438\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0432\u0440\u0443\u0447\u043d\u0443\u044e. \u041a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u044b \u0438\u043b\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u043d\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438.\n\n\u0428\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0439 \u0438\u043c\u043f\u043b\u0430\u043d\u0442 Stealth Soldier \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0421\u0435\u0432\u0435\u0440\u043d\u043e\u0439 \u0410\u0444\u0440\u0438\u043a\u0435. \u0412\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0430\u0442\u0430\u043a\u0438 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0444\u0438\u0448\u0438\u043d\u0433  \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0430\u044f \u0444\u043e\u0440\u043c\u0430 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u0441\u0441\u044b\u043b\u043a\u0430 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438\u0437 6 \u043c\u043e\u0434\u0443\u043b\u0435\u0439, \u0432 \u0438\u0442\u043e\u0433\u0435 \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0432\u0440\u0435\u0434, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b\u0439 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0437\u0432\u0443\u043a \u0441 \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d\u0430, \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0441 \u044d\u043a\u0440\u0430\u043d\u0430 \u0438 \u0432\u043e\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u0444\u0430\u0439\u043b\u044b.\n\n\ud83d\udcac \u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u0447\u0435\u0440\u043d\u043e\u0432\u0438\u043a CVSS 4.0. \u041c\u043e\u0436\u043d\u043e \u043f\u043e\u0438\u0433\u0440\u0430\u0442\u044c \u0441 \u043a\u0430\u043b\u044c\u043a\u0443\u043b\u044f\u0442\u043e\u0440\u043e\u043c \u0438 \u043e\u0446\u0435\u043d\u0438\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0435 \u0444\u0430\u043a\u0442\u043e\u0440\u044b. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u043e\u0446\u0435\u043d\u0438\u0442\u044c \u043c\u0435\u0442\u0440\u0438\u043a\u0438 \u0443\u0433\u0440\u043e\u0437\u044b \u0441\u0442\u0430\u043d\u0435\u0442 \u043f\u0440\u043e\u0449\u0435, \u0430 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c CVSS \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 OT/ICS/IoT \u2014 \u043b\u0435\u0433\u0447\u0435.  \u0424\u0438\u043d\u0430\u043b\u044c\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u043e\u0436\u0438\u0434\u0430\u0435\u0442\u0441\u044f \u0432 \u0447\u0435\u0442\u0432\u0451\u0440\u0442\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u0441\u043b\u043e\u0436\u043d\u043e\u0433\u043e \u043e\u0431\u0444\u0443\u0441\u043a\u0430\u0442\u043e\u0440\u0430 bat-\u0444\u0430\u0439\u043b\u043e\u0432 BatCloak. 80% \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432, \u0437\u0430\u0432\u0451\u0440\u043d\u0443\u0442\u044b\u0445 \u0432 BatCloak, \u0438\u043c\u0435\u044e\u0442 \u043f\u043e\u043d\u0430\u0447\u0430\u043b\u0443 0% \u0434\u0435\u0442\u0435\u043a\u0442\u0430 \u043d\u0430 VT. \n\n\ud83c\udf7f \u0421\u0430\u0433\u0430 \u043f\u0440\u043e \u0432\u0437\u043b\u043e\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 MOVEit \u043d\u0435 \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u0440\u0435\u043b\u0435\u0432\u0430\u043d\u0442\u043d\u0430 \u0434\u043b\u044f \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0433\u043e \u0440\u044b\u043d\u043a\u0430, \u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430 \u0434\u043b\u044f \u043e\u0431\u0449\u0435\u0433\u043e \u0418\u0411-\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f.\n\u0421\u043b\u0435\u0434\u043e\u043c \u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u043e\u0439 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0435\u0439 (CVE-2023-34362, CVSS 9.8) \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u043c\u0438 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0430 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b\u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438, \u0447\u0442\u043e \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Clop \u0432\u0438\u0434\u0438\u043c\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u044d\u0442\u043e\u0442 \u0437\u0438\u0440\u043e\u0434\u0435\u0439 \u0441 2021 \u0433\u043e\u0434\u0430, \u0430 \u0442\u0435\u043f\u0435\u0440\u044c \u0435\u0449\u0451 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 \u0434\u043e\u043a\u0440\u0443\u0442\u0438\u043b\u0438 \u0435\u0433\u043e \u0434\u043e RCE.  9 \u0438\u044e\u043d\u044f \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0432\u0442\u043e\u0440\u043e\u0439 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n\n\ud83d\udd06 \u041d\u0435 APT, \u043d\u043e \u0440\u044f\u0434\u043e\u043c. \u0412 \u0424\u0411\u0420 \u043f\u043e\u0441\u0447\u0438\u0442\u0430\u043b\u0438, \u0447\u0442\u043e \u043e\u0431\u0449\u0438\u0439 \u0443\u0449\u0435\u0440\u0431 \u043e\u0442 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0431\u0438\u0437\u043d\u0435\u0441-\u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0438 (BEC) \u043f\u0440\u0435\u0432\u044b\u0441\u0438\u043b 50 \u043c\u0438\u043b\u043b\u0438\u0430\u0440\u0434\u043e\u0432 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432. \u042d\u0442\u043e\u0442 \u0432\u0438\u0434 \u0430\u0442\u0430\u043a \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442 \u0441 2013 \u0433\u043e\u0434\u0430, \u0432 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0443 \u043f\u043e\u043f\u0430\u043b\u043e 277 \u0442\u044b\u0441. \u0436\u0430\u043b\u043e\u0431 \u0438\u0437 178 \u0441\u0442\u0440\u0430\u043d.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 @\u041f2\u0422", "creation_timestamp": "2023-06-13T20:33:58.000000Z"}, {"uuid": "83b8a03a-509e-451a-bc19-63a45a171f30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/ctinow/123575", "content": "https://ift.tt/RoeCu31\nWidespread Exploitation Continues: MOVEit CVE-2023-34362 Leaves Organizations at Risk - Security Boulevard", "creation_timestamp": "2023-07-13T07:56:49.000000Z"}, {"uuid": "1a5469f8-dac1-45e4-af5c-df92f6eb971c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/ctinow/123574", "content": "https://ift.tt/RoeCu31\nWidespread Exploitation Continues: MOVEit CVE-2023-34362 Leaves Organizations at Risk", "creation_timestamp": "2023-07-13T07:42:10.000000Z"}, {"uuid": "176ab56a-1cb5-4b45-b142-3e59d7c7fab2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/ctinow/118580", "content": "https://ift.tt/OA9fBVY\nCVE-2023-34362 \u2013 Zero-Day Vulnerability Discovered in MOVEit Transfer is Exploited in the Wild by Cl0... - Security Boulevard", "creation_timestamp": "2023-06-16T13:37:03.000000Z"}, {"uuid": "9ade9897-b2a6-4138-9257-a2399dd46401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/ctinow/118679", "content": "https://ift.tt/E0aKsIy\nActive exploitation of the MOVEit Transfer vulnerability - CVE-2023-34362 - by Clop ransomware group", "creation_timestamp": "2023-06-16T20:42:42.000000Z"}, {"uuid": "4193702e-bcf7-4dca-93cf-cb9a040c98ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/117778", "content": "https://ift.tt/2NzfLMm\nExperts released PoC exploit for MOVEit Transfer CVE-2023-34362 flaw", "creation_timestamp": "2023-06-13T18:18:12.000000Z"}, {"uuid": "d7f7aebc-a348-4b13-b33d-1a89f54142c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/117726", "content": "https://ift.tt/ISLBRe0\nPoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)", "creation_timestamp": "2023-06-13T14:52:26.000000Z"}, {"uuid": "bed54446-e4b5-462d-ab31-e40823f64b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/ctinow/117646", "content": "https://ift.tt/2NzfLMm\nExperts released PoC exploit for MOVEit Transfer CVE-2023-34362 flaw", "creation_timestamp": "2023-06-13T07:41:57.000000Z"}, {"uuid": "b9877d70-1e4d-4111-8ee1-35cccd2e82a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/ctinow/117259", "content": "https://ift.tt/1bdLJkB\nCoverage Advisory for CVE-2023-34362 MOVEit Vulnerability", "creation_timestamp": "2023-06-10T02:37:04.000000Z"}, {"uuid": "9ed8d6d6-a4c8-4957-a827-08904635fed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/ctinow/117210", "content": "https://ift.tt/HmVkSMv\nCISA Alert AA23-158A \u2013 #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.", "creation_timestamp": "2023-06-09T20:22:30.000000Z"}, {"uuid": "cbbaf15f-cc77-473f-9d5c-1532b9a33dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/ctinow/117031", "content": "https://ift.tt/DiRaqPK\nMOVEit Transfer Vulnerability (CVE-2023-34362) - Kroll", "creation_timestamp": "2023-06-09T04:31:32.000000Z"}, {"uuid": "94f3297b-6b68-42c4-a947-d6805ceedfb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/ctinow/116450", "content": "https://ift.tt/sK4AEcJ\nCVE-2023-34362 \u2013 MOVEit Transfer Zero-Day SQL Injection Vulnerability Actively Exploited in the Wild", "creation_timestamp": "2023-06-06T23:41:46.000000Z"}, {"uuid": "cb68cd4e-86bb-4c52-9f9b-d2b44039e67a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/ctinow/116400", "content": "https://ift.tt/sUoliDS\nCVE-2023-34362 \u2013 MOVEit Transfer \u2013 An attack chain that retrieves sensitive information", "creation_timestamp": "2023-06-06T20:56:51.000000Z"}, {"uuid": "17daedff-4c64-4d2d-9537-db7b10f487c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/ctinow/115980", "content": "https://ift.tt/0DSZV4G\nMOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)", "creation_timestamp": "2023-06-05T15:37:05.000000Z"}, {"uuid": "1adb437a-c6eb-4362-ab86-fe89bae2669e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "Telegram/7UdLyqVyXQEH9nHopFOJJnVMMKFIx-9YBGcASKDOsaKYnQ", "content": "", "creation_timestamp": "2024-11-11T23:02:23.000000Z"}, {"uuid": "dee4e50e-fadf-4df1-b8f2-609170f4ea31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "Telegram/DjqesPuJrHSpqAxoe7ehwKUaO3NwVdVzIEArKJ3j3rEuqzA", "content": "", "creation_timestamp": "2023-07-17T20:03:32.000000Z"}, {"uuid": "2296c037-743f-4086-9f38-46d0f32bfdd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "Telegram/fqtRFrNg4xAPNXm8sxB17QgCdUYHk77AnALyERRqcCDwbj0", "content": "", "creation_timestamp": "2023-06-06T05:31:30.000000Z"}, {"uuid": "a2ecfe3b-aea1-45d6-9669-109996aa5197", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "Telegram/ig8RuTfo4lsFO00jljuyEyNZcW0886fBybBD7A6fJfxSnSvd", "content": "", "creation_timestamp": "2023-07-30T00:12:52.000000Z"}, {"uuid": "f31a4e88-7170-4bb9-98e7-828cf151c764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "Telegram/buB_Cj6Oy02BEAi36066BkiXqY8RE-Eh69wLrfBVzwgPhC-e", "content": "", "creation_timestamp": "2023-07-29T23:41:57.000000Z"}, {"uuid": "3e5a044a-9fe9-4a4b-af5d-8c9125226a42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "Telegram/u_WUhq9PPXby3_cztcNDEEtENr3SFbULylHQYd7fq5mlp1QY", "content": "", "creation_timestamp": "2023-07-29T23:39:18.000000Z"}, {"uuid": "a8153237-c83b-4af4-9ecc-5df61ae25dff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "Telegram/iKCccZpSTg3zdMJ-kPA4vE7t_umOd2lzeTk1a6tdsqr1mg", "content": "", "creation_timestamp": "2023-06-05T17:21:29.000000Z"}, {"uuid": "a00eb5a2-e19d-4f13-a15e-b698fdfabcef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/unrCrewC2/271", "content": "\ud83d\udea8 A new research report has revealed that the notorious Clop ransomware group has likely been silently exploiting the recently disclosed critical MOVEit Transfer application vulnerability (CVE-2023-34362) since 2021.  \n \nDetails: https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html", "creation_timestamp": "2023-06-20T14:51:49.000000Z"}, {"uuid": "b79b126b-5e8a-49e0-8c2d-0383aef29569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/KomunitiSiber/313", "content": "Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App\nhttps://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html\n\nMicrosoft has officially linked the\u00a0ongoing active exploitation\u00a0of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as\u00a0Lace Tempest.\n\"Exploitation is often followed by deployment of a web shell with data exfiltration capabilities,\" the Microsoft Threat Intelligence team\u00a0said\u00a0in a series of tweets today. \"CVE-2023-34362 allows attackers to", "creation_timestamp": "2023-06-05T15:30:44.000000Z"}, {"uuid": "03145978-2be7-47f0-a7cf-53ce6ab98740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/GhostPrincess/12229", "content": "#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability \n\n#cybersecurity #ransomware", "creation_timestamp": "2023-06-12T04:59:03.000000Z"}, {"uuid": "0059120a-dc4a-44e6-a67b-951dafbfe2eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3087", "content": "Hackers Factory \n\nPatch Diffing Progress MOVEIt Transfer RCE (CVE-2023-34362)\n\nhttps://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure/\n\nUnderstanding &amp; Automating Credential Stuffing Testing with Nuclei\n\nhttps://blog.projectdiscovery.io/understanding-automating-credential-stuffing-a-comprehensive-guide/\n\nHow to write a Detailed Vulnerability Report\n\nhttps://medium.com/@im_rootkid/how-to-write-a-detailed-vulnerability-report-ce4e710960b6\n\nVisualizing Android Code Coverage Pt.1\n\nhttps://datalocaltmp.github.io/visualizing-android-code-coverage-pt-1.html\n\nHow to Detect and Mitigate SSRF Vulnerabilities in the Early Coding Cycle: A Comprehensive Guide\n\nhttps://rohitcoder.medium.com/how-to-detect-and-mitigate-ssrf-vulnerabilities-in-the-early-coding-cycle-a-comprehensive-guide-ea62c09fd721\n\nMantra\nA tool used to hunt down API key leaks in JS files and pages \n\nhttps://github.com/MrEmpy/Mantra\n\niOS pentesting 101\n\nHow to setup iOS environment \nhttps://securitycafe.ro/2023/06/12/mobile-pentesting-101-how-to-set-up-your-ios-environment/\n\nhakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.\n\nhttps://github.com/hakluke/hakip2host\n\nUnderstanding and Mitigating XXE Vulnerabilities via File Uploads \n\nhttps://www.realinfosec.net/cybersecurity-academy/understanding-and-mitigating-xxe-vulnerabilities-via-file-uploads/\n\nMOVEIt Transfer RCE Part Two (CVE-2023-34362)\n\nhttps://blog.assetnote.io/2023/06/13/moveit-transfer-part-two/\n\nCan I speak to your manager? hacking root EPP servers to take control of zones\n\nhttps://hackcompute.com/hacking-epp-servers/\n\nPre-Authenticated RCE In VMware VRealize Network Insight\nCVE-2023-20887\n\nhttps://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/\n\nLatest Nuclei Release v2.9.6!\n\nhttps://github.com/projectdiscovery/nuclei/releases/tag/v2.9.6\n\nIntroducing NucleiFuzzer: A Powerful Automation Tool for Web Application Security\n\nhttps://medium.com/@qaafqasim/introducing-nucleifuzzer-a-powerful-automation-tool-for-web-application-security-32f5b4fc8e2d\n\nNuclei unleashed - writing first exploit\n\nhttps://medium.com/@gpiechnik/nuclei-unleashed-writing-first-exploit-6a8dbd6b80b0\n\nThe best defense is a good offensive security program\n\nhttps://blog.projectdiscovery.io/the-best-defense-is-a-good-offensive-security-program/\n\nBug Bytes #203 \u2013 CVSS 4.0, MOVEIt and How CI/CD Pipelines Go Wrong\n\nhttps://blog.intigriti.com/2023/06/14/bug-bytes-203-cvss-4-0-moveit-and-how-ci-cd-pipelines-go-wrong/\n\nLearnings from kCTF VRP's 42 Linux kernel exploits submissions\n\nhttp://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html\n\nHow I choose a security research topic\n\nhttps://portswigger.net/research/how-i-choose-a-security-research-topic\n\nGrammarly CISO Suha Can Discusses the Impact of Preemptive Security with HackerOne\n\nhttps://www.hackerone.com/customer-stories/grammarly-ciso-suha-can-discusses-preemptive-security\n\nBringing Transparency to Confidential Computing with SLSA\n\nhttp://security.googleblog.com/2023/06/bringing-transparency-to-confidential.html\n\nIos App Extraction &amp; Analysis\n\nhttps://datalocaltmp.github.io/ios-app-extraction-analysis.html\n\nRecreating Cordova Mobile Apps to Bypass Security Implementations\n\nhttps://medium.com/@Ano_F_/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58\n\nCloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins\n\nhttps://github.com/Anof-cyber/MobSecco\n\nLatest ReconFTW Release v2.7!\n\nhttps://github.com/six2dez/reconftw/releases/tag/v2.7\n\nhttps://t.me/dilagrafie\n\n#cybersecurity #infosec #cybersec", "creation_timestamp": "2023-06-20T05:09:13.000000Z"}, {"uuid": "631e5f43-57a8-4608-bbf1-2ce3a3a90dae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/2519", "content": "CVE-2023-34362 MOVEit\n1. exploit + crt + pem + pub\n2. exploit RUBY \nUsage:\npython CVE-2023-34362.py https://127.0.0.1\n[*] Getting sysadmin access token\n[*] Got access token\n[*] Getting FolderID\n[*] Got FolderID: 963611079\n[*] Starting file upload\n[*] Got FileID: 965943963\n[*] Injecting the payload\n[*] Payload injected\n[*] Triggering payload via resume call\n[+] Triggered the payload!\n[*] Deleting uploaded file\n\n\ud83c\udfa9 WARLOCK DARK ARMY \ud83c\udfa9", "creation_timestamp": "2023-06-13T08:07:33.000000Z"}, {"uuid": "8db3ae14-7e5c-40e1-9721-45554c24c236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/BABATATASASA/5510", "content": "JsonWebToken (CVE-2022-23529).\nChatGPT (CVE-2023-28858).\nApache Superset (CVE-2023-27524).\nPaperCut NG/MF (CVE-2023-27350).\nFortinet FortiOS (CVE-2022-41328).\nAdobe ColdFusion (CVE-2023-26360).\nMOVEit vulnerability (CVE-2023-34362).", "creation_timestamp": "2023-09-25T15:05:09.000000Z"}, {"uuid": "d43b0774-c167-4dfc-88da-1644bd8ceaf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/YE_0x/740", "content": "\ud83d\udea8 \u0643\u0634\u0641 \u062a\u0642\u0631\u064a\u0631 \u0628\u062d\u062b\u064a \u062c\u062f\u064a\u062f \u0623\u0646 \u0645\u062c\u0645\u0648\u0639\u0629 Clop Ransomware \u0633\u064a\u0626\u0629 \u0627\u0644\u0633\u0645\u0639\u0629 \u0645\u0646 \u0627\u0644\u0645\u062d\u062a\u0645\u0644 \u0623\u0646 \u062a\u0633\u062a\u063a\u0644 \u0628\u0635\u0645\u062a \u062b\u063a\u0631\u0629 \u062a\u0637\u0628\u064a\u0642 MOVEit Transfer \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 (CVE-2023-34362) \u0645\u0646\u0630 \u0639\u0627\u0645 2021.\n\n\ud83d\udea8 ===============\n\ud83d\udd30 #0xYE\n\ud83d\udd30 #Cyber_Security\n\ud83d\udd30 #Yemeni_Hackers \n\ud83d\udd30 @YE_0x\n\ud83d\udea8===============", "creation_timestamp": "2023-06-14T21:19:33.000000Z"}, {"uuid": "ce3e2184-244c-4f7a-bd4d-c38013dcc9c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3084", "content": "Tools \ud83d\udd27 \ud83d\udd28- HackersFactory\n\nCVE-2023-34965\n\nSSPanel UIM is a multi-purpose agency service sales management system specially designed for Shadowsocks / V2Ray / Trojan protocols. SSPanel-Uim version before 2023.3 does not restrict access to the /link/ interface,which can lead to a leak of user subscription information.\n\nhttps://github.com/AgentY0/CVE-2023-34965\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bC2-Hunter\n\nReal-time extraction of C2 traffic.\n\nhttps://github.com/ZeroMemoryEx/C2-Hunter\n\n#infosec #pentesting #redteam\n\n\u200b\u200bpeetch\n\nA collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections.\n\nhttps://github.com/quarkslab/peetch\n\n#cybersecurity #infosec #redteam\n\n\u200b\u200bExcel-Exploit \n\nMacroExploit use in excel sheet\n\nhttps://github.com/Mr-Cyb3rgh0st/Excel-Exploit\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-34960\n\nChamilo PoC\n\nhttps://github.com/Aituglo/CVE-2023-34960\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-34362\n\nPOC for CVE-2023-34362 affecting MOVEit Transfer.\n\nhttps://github.com/horizon3ai/CVE-2023-34362\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-34362\n\nMOVEit Transfer Unauthenticated RCE. For a full technical description of the vulnerability and exploitation, please read our AttackerKB Analysis.\n\nhttps://github.com/sfewer-r7/CVE-2023-34362\n\n#cybersecurity #infosec #cve\n\n\u200b\u200bAwesome Intelligence\n\nA collaboratively curated list of awesome Open-Source Intelligence (OSINT) Resources.\n\nhttps://github.com/ARPSyndicate/awesome-intelligence\n\n#OSINT #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-2008\n\nProof of concept exploit for CVE-2023-2008, a bug in the udmabuf driver of the Linux kernel fixed in 5.19-rc4.\n\nhttps://github.com/bluefrostsecurity/CVE-2023-2008\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bKillers\n\nExploitation of process killer drivers.\n\nhttps://github.com/xalicex/Killers\n\n#infosec #pentesting #redteam\n\n\u200b\u200bInveigh\n\nA cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. This repo contains the primary C# version as well as the legacy PowerShell version.\n\nhttps://github.com/Kevin-Robertson/Inveigh\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bRusty Bootkit\n\nWindows UEFI Bootkit in Rust (Codename: RedLotus)\n\nhttps://github.com/memN0ps/bootkit-rs\n\n#infosec #pentesting #redteam\n\n\u200b\u200bSharpFtpC2 (PoC)\n\nA Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.\n\nhttps://github.com/DarkCoderSc/SharpFtpC2\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-15T12:42:57.000000Z"}, {"uuid": "e323c17d-6206-4e86-86c9-95aa356ccea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/JerusalemElectronicArmy/359", "content": "#\u0623\u062e\u0628\u0627\u0631_\u0627\u0644\u0633\u0627\u064a\u0628\u0631 \n\n\u0646\u0634\u0631\u062a \u0648\u0643\u0627\u0644\u0629 \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0648\u0623\u0645\u0646 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a\u0629 \u0641\u064a \u062a\u0642\u0631\u064a\u0631 \u0628\u062d\u062b\u064a \u0644\u0647\u0627:\n\u0623\u0646\u0647 \u0645\u0646 \u0627\u0644\u0645\u062d\u062a\u0645\u0644 \u0623\u0646 \u0645\u062c\u0645\u0648\u0639\u0629 Clop Ransomware \u062a\u0633\u062a\u063a\u0644 \u0648\u0628\u0635\u0645\u062a \u062b\u063a\u0631\u0629 \u062a\u0637\u0628\u064a\u0642 MOVEit Transfer \u0627\u0644\u062a\u064a \u0627\u0643\u062a\u0634\u0641\u062a \u0645\u0624\u062e\u0631\u0627\u064b (CVE-2023-34362) \u0645\u0646\u0630 \u0639\u0627\u0645 2021.\n#\u062c\u064a\u0634_\u0627\u0644\u0642\u062f\u0633_\u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a", "creation_timestamp": "2023-06-10T09:39:31.000000Z"}, {"uuid": "4b643276-a2b7-4035-a5b4-b13119557aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1573", "content": "CVE-2023-34362 MOVEit\n1. exploit + crt + pem + pub\n2. exploit RUBY \nUsage:\npython CVE-2023-34362.py https://127.0.0.1\n[*] Getting sysadmin access token\n[*] Got access token\n[*] Getting FolderID\n[*] Got FolderID: 963611079\n[*] Starting file upload\n[*] Got FileID: 965943963\n[*] Injecting the payload\n[*] Payload injected\n[*] Triggering payload via resume call\n[+] Triggered the payload!\n[*] Deleting uploaded file", "creation_timestamp": "2023-06-12T16:12:29.000000Z"}, {"uuid": "40a09c17-2f33-4297-b854-364376f1f7cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/breachdetector/336519", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-34362 MOVEit Sql A\u00e7\u0131\u011f\u0131 Nedir ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"12 Sep 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-09-12T13:53:32.000000Z"}, {"uuid": "18ef6f3b-c4a6-4848-be9f-5c00006b655e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/breachdetector/337296", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"What is the CVE-2023-34362 MOVEit SQL Vulnerability?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"13 Sep 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-09-13T11:17:54.000000Z"}, {"uuid": "96ccf1dd-632f-4f98-8620-5c57880720cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "Telegram/qdym-W27UvN2uLNLYdjMtk_VLSAC1YekeNES0e5uGQefcZk", "content": "", "creation_timestamp": "2023-07-27T05:46:06.000000Z"}, {"uuid": "eeba39f3-6930-42a1-ac24-c242a1d13255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/754", "content": "CVE-2023-34362 : Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software\n\nBlog : https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html\n\nTechnical Analysis : https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/\n\nPOC : https://github.com/horizon3ai/CVE-2023-34362", "creation_timestamp": "2023-08-02T11:26:10.000000Z"}, {"uuid": "417f937e-62dc-46b6-87f5-1264992a9a89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/CyberSecurityIL/24237", "content": "\u05d7\u05d1\u05e8\u05ea MOVEit \u05de\u05d3\u05d5\u05d5\u05d7\u05ea \u05e2\u05dc \u05d7\u05d5\u05dc\u05e9\u05ea \u05d0\u05d1\u05d8\u05d7\u05ea \u05de\u05d9\u05d3\u05e2 \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05e0\u05d5\u05e1\u05e4\u05ea (\u05d4\u05e9\u05dc\u05d9\u05e9\u05d9\u05ea \u05d1\u05d7\u05d5\u05d3\u05e9 \u05d4\u05d0\u05d7\u05e8\u05d5\u05df).\n\n\u05dc\u05de\u05d9 \u05e9\u05db\u05d1\u05e8 \u05de\u05ea\u05e7\u05e9\u05d4 \u05dc\u05e2\u05e7\u05d5\u05d1:\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d4\u05e8\u05d0\u05e9\u05d5\u05e0\u05d4 \u05d3\u05d5\u05d5\u05d7\u05d4 \u05d1-31.5.23 - CVE-2023-34362.\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d4\u05e9\u05e0\u05d9\u05d4 \u05db\u05de\u05d4 \u05d9\u05de\u05d9\u05dd \u05dc\u05d0\u05d7\u05e8 \u05de\u05db\u05df - CVE-2023-35036.\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d4\u05e9\u05dc\u05d9\u05e9\u05d9\u05ea \u05d1-15.6.23 - CVE-2023-35708.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d4\u05e9\u05dc\u05d9\u05e9\u05d9\u05ea \u05d4\u05e7\u05e8\u05d9\u05d8\u05d9\u05ea \u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05ea\u05d5\u05e7\u05e3 \u05dc\u05d4\u05e9\u05d9\u05d2 \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05d2\u05d1\u05d5\u05d4\u05d5\u05ea \u05d1\u05de\u05e2\u05e8\u05db\u05ea \u05d5\u05db\u05df \u05d0\u05e4\u05e9\u05e8\u05d5\u05ea \u05dc\u05d2\u05d9\u05e9\u05d4 \u05dc\u05dc\u05d0 \u05d4\u05d6\u05d3\u05d4\u05d5\u05ea.\n\nhttps://t.me/CyberSecurityIL/3272\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea", "creation_timestamp": "2023-06-19T07:24:22.000000Z"}, {"uuid": "1870ae16-5ab7-4421-915b-6e1ce11b5b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "Telegram/RSCktmF4Nxh0hg6x_76OzqUoGI-OF_LYF1t3wy8YJnDHLKc", "content": "", "creation_timestamp": "2023-06-04T09:13:30.000000Z"}, {"uuid": "52eeb7ec-cbff-4341-a2f3-83967b7346b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/true_secator/5250", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Qualys \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u0441 \u0430\u043d\u0430\u043b\u0438\u0437\u043e\u043c \u043b\u0430\u043d\u0434\u0448\u0430\u0444\u0442\u0430 \u0443\u0433\u0440\u043e\u0437 \u0437\u0430 2023 \u0433\u043e\u0434, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0432\u044b\u0432\u043e\u0434\u0430\u043c \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043c\u0435\u043d\u0435\u0435 1% \u0438\u0437 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 26 000 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n\n\u041f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 2023 \u0433\u043e\u0434\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0435\u0432\u044b\u0448\u0430\u0435\u0442 \u043e\u0431\u0449\u0435\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 2022 \u0433\u043e\u0434\u0443, \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u043d\u0430 1500 CVE.\u00a0\n\n\u0411\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u0442\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0440\u0438\u0441\u043a\u0430 \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e. \u0422\u0440\u0435\u0442\u044c \u0432\u0441\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0440\u0438\u0441\u043a\u0430 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \n\n\u0411\u043e\u043b\u0435\u0435 7000 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u043c\u0435\u043b\u0438 PoC, \u043e\u0434\u043d\u0430\u043a\u043e \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u043b\u0443\u0447\u0430\u0435 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u043c\u0435\u043b \u043d\u0438\u0437\u043a\u043e\u0435 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u043e, \u0441\u043d\u0438\u0436\u0430\u044f \u0440\u0438\u0441\u043a \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438.\n\n\u0414\u043b\u044f 206 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0440\u0438\u0441\u043a\u0430 \u0431\u044b\u043b \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043d\u0438\u044f. 115 \u0438\u0437 \u043d\u0438\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u041f\u041e \u0438 \u0433\u0440\u0443\u043f\u043f\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 (20), \u043f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e LockBit, CL0P \u0438 Cerber.\n\n\u0412\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u0439 \u043d\u0430\u0431\u043e\u0440 \u0441\u0438\u0441\u0442\u0435\u043c \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f, \u043f\u043e\u043c\u0438\u043c\u043e \u043f\u0440\u043e\u0447\u0435\u0433\u043e, PaperCut NG, MOVEit Transfer, \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u041e\u0421 Windows, Google Chrome, Atlassian Confluence \u0438 Apache ActiveMQ.\n\n109 \u0438\u043c\u0435\u043b\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438 \u0431\u044b\u043b\u0438 \u0432\u043d\u0435\u0441\u0435\u043d\u044b \u0432 CISA KEV, \u043d\u043e 97 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u043d\u0435 \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a.\n\n\u0412 2023 \u0433\u043e\u0434\u0443 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0440\u0438\u0441\u043a\u0430.\n\n\u0421\u0440\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 2023 \u0433\u043e\u0434\u0443 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u043e\u00a044 \u0434\u043d\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c 75 % \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 19 \u0434\u043d\u0435\u0439 (\u043f\u0440\u0438\u0431\u043b\u0438\u0437\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u0440\u0438 \u043d\u0435\u0434\u0435\u043b\u0438) \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041e\u0434\u043d\u0430\u043a\u043e 25% \u043f\u0440\u043e\u0446\u0435\u043d\u0442\u043e\u0432 CVE \u0441 \u0432\u044b\u0441\u043e\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u0440\u0438\u0441\u043a\u0430 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0432 \u0434\u0435\u043d\u044c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438, \u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u0432 \u0434\u0435\u043d\u044c \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043e\u0448\u0438\u0431\u043a\u0438. \n\n\u041e\u0441\u043d\u043e\u0432\u043d\u044b\u043c\u0438 \u0442\u0430\u043a\u0442\u0438\u043a\u0430\u043c\u0438 MITRE ATT&amp;CK \u0441\u0442\u0430\u043b\u0438: \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 (T1210 \u0438 T0866), \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 (T1190 \u0438 T0819) \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (T1068).\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u044b: CVE-2023-0669, CVE-2023-20887, CVE-2023-22952, CVE-2023-23397, CVE-2023-24880, CVE-2023-27350, CVE-2023-28252, CVE-2023-2868, CVE-2023-29059, CVE-2023-34362.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u043b\u0430\u043d\u0434\u0448\u0430\u0444\u0442\u0430 \u0443\u0433\u0440\u043e\u0437 \u0432 2023 \u0433\u043e\u0434\u0443, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0442\u0430\u043a\u0438\u0435 \u0442\u0440\u0435\u043d\u0434\u044b, \u043a\u0430\u043a \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u044b\u0441\u0442\u0440\u044b\u0439 \u0442\u0435\u043c\u043f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0440\u0443\u0436\u0438\u044f \u0438 \u043d\u0430\u043c\u0435\u0442\u0438\u0432\u0448\u0435\u0435\u0441\u044f \u0440\u0430\u0437\u043d\u043e\u043e\u0431\u0440\u0430\u0437\u0438\u0435 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0443\u0433\u0440\u043e\u0437, \u0447\u0442\u043e \u0432 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u0433\u0440\u043e\u0437\u044b \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0432\u043e \u0432\u0441\u0435\u043c \u043c\u0438\u0440\u0435.", "creation_timestamp": "2023-12-27T12:34:26.000000Z"}, {"uuid": "614ed047-552b-453d-96a5-217c10650055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/4491", "content": "\u041f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f 0-day \u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0432 MOVEit Transfer \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 (MFT) \u0441\u043e\u0442\u043d\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0441\u0442\u0430\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Clop, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Progress Software \u0432\u0441\u0435 \u0436\u0435 \u0440\u0435\u0448\u0438\u043b\u0438 \u043e\u0437\u0430\u0431\u043e\u0442\u0438\u0442\u044c\u0441\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e \u0441\u0432\u043e\u0435\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 \u0438 \u043f\u0440\u0438\u0433\u043b\u0430\u0441\u0438\u043b\u0438 Huntress \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043a\u043e\u0434\u0430.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0430\u0443\u0434\u0438\u0442\u0430 \u0431\u044b\u043b\u0438 \u043d\u0430\u0439\u0434\u0435\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 MOVEit Transfer \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c MOVEit Transfer \u043f\u043e\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0439 9 \u0438\u044e\u043d\u044f \u043f\u0430\u0442\u0447, \u0430 \u0432\u0441\u0435 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u044b MOVEit Cloud \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b.\n\n\u0412 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0437\u0430\u044f\u0432\u043b\u044f\u044e\u0442, \u0447\u0442\u043e \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0432\u043d\u043e\u0432\u044c \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412\u043f\u0440\u043e\u0447\u0435\u043c, \u0438 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2023-34362 \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0443\u0437\u043d\u0430\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430 \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u043d\u0430\u0447\u0430\u043b\u0430 \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u0432\u0448\u0438\u0441\u044c \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c\u0438 ransomware-\u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 PoC \u0434\u043b\u044f \u0442\u043e\u0439 \u0440\u043e\u043a\u043e\u0432\u043e\u0439 RCE-\u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0431\u0430\u043d\u0434\u0430 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Clop \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u0435\u0442 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u043a\u0440\u0430\u0436\u0435\u0439 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, POC \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u0435\u0442 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0435\u0439 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043a\u0435\u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a API \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u044d\u0442\u043e\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u0437\u043e\u0432\u043e\u043c \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 (IOC) \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445.\n\n\u0411\u0435\u0437\u0443\u0441\u043b\u043e\u0432\u043d\u043e, \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c PoC \u043a \u0430\u0442\u0430\u043a\u0430\u043c Clop \u043f\u0440\u0438\u0431\u0430\u0432\u044f\u0442\u0441\u044f \u0438 \u0434\u0440\u0443\u0433\u0438\u0435, \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u044f \u0435\u0449\u0435 \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u0434\u043b\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 MOVEit Transfer \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435.\n\n\u041d\u043e \u0438 \u043f\u0435\u0440\u0432\u043e\u0439 \u0432\u043e\u043b\u043d\u044b \u0445\u0432\u0430\u0442\u0438\u043b\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438. \u041c\u0430\u043d\u0447\u0435\u0441\u0442\u0435\u0440\u0441\u043a\u0438\u0439 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442 \u0432 \u0412\u0435\u043b\u0438\u043a\u043e\u0431\u0440\u0438\u0442\u0430\u043d\u0438\u0438, \u0414\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442 \u0438\u043d\u043d\u043e\u0432\u0430\u0446\u0438\u0439 \u0438 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439 \u0418\u043b\u043b\u0438\u043d\u043e\u0439\u0441\u0430 \u0438 \u0414\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u041c\u0438\u043d\u043d\u0435\u0441\u043e\u0442\u044b \u0432 \u0421\u0428\u0410 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f (\u043f\u043e\u043c\u0438\u043c\u043e \u0442\u0435\u0445, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u044b \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u0440\u0430\u043d\u0435\u0435).\n\n\u0420\u0443\u043a\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0434\u043e\u0431\u0440\u0430\u043b\u0438\u0441\u044c \u0438 \u0434\u043e \u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0432\u044f\u0437\u0438 \u0412\u0435\u043b\u0438\u043a\u043e\u0431\u0440\u0438\u0442\u0430\u043d\u0438\u0438 (Ofcom). \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0432\u044b\u043a\u0440\u0430\u043b\u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u0445, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0438\u0445\u0441\u044f \u0432 \u0437\u043e\u043d\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f \u0440\u0435\u0433\u0443\u043b\u044f\u0442\u043e\u0440\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 400 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432.\n\n\u0411\u0443\u0434\u0435\u043c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0442\u044c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0435\u0439.", "creation_timestamp": "2023-06-13T13:42:52.000000Z"}, {"uuid": "c98ca541-7bcf-4611-9509-5018cc8aeeff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3639", "content": "https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/", "creation_timestamp": "2023-06-08T19:51:07.000000Z"}, {"uuid": "4ed2dd81-6e53-46d1-9b00-5a8a561c4bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/NeKaspersky/3129", "content": "\u041d\u0435 \u043e\u0434\u043d\u0438\u043c\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0435\u0434\u0438\u043d\u044b\n\n\u041d\u0435 \u0442\u0430\u043a \u0434\u0430\u0432\u043d\u043e \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u043b\u0438 \u043e \u0434\u0435\u044f\u043d\u0438\u044f\u0445 \u043e\u0442\u0435\u0447\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u0438\u0437 Clop. C\u0442\u0430\u043b\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u041f\u041e MOVEit Transfer \u043e\u0442 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u043e\u0439 Progress Software.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f CVE-2023-34362 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0442\u0438\u043f\u043e\u0432\u0443\u044e SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0443\u044e \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 2,3 \u0442\u044b\u0441. \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 MOVEit \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0420\u043e\u0441\u0441\u0438\u044e. \u041d\u0430 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0432\u043e \u0432\u0441\u0435\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u043b\u0441\u044f \u0432\u0435\u0431-\u0448\u0435\u043b\u043b, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0438\u0441\u0447\u0435\u0440\u043f\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u043f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434.\n\n0-day \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u043d\u0430\u0432\u0440\u0435\u0434\u0438\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 1,7 \u0442\u044b\u0441. \u0441\u043e\u0444\u0442\u0432\u0435\u0440\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0432 \u0421\u0428\u0410 \u0441 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u044b\u043c \u0448\u0442\u0430\u0442\u043e\u043c \u0432 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 3,5 \u043c\u043b\u043d \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432.\n\nProgress Software \u0435\u0449\u0435 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043b\u0435\u0442\u0430 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u043e\u0439 \u0434\u044b\u0440\u0435, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0438 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0430 \u043e \u043a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u043c\u0435\u0440\u0430\u0445. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u0441\u0451 \u044d\u0442\u043e, \u0441\u043f\u0438\u0441\u043e\u043a \u0436\u0435\u0440\u0442\u0432 \u0443\u0441\u043f\u0435\u043b \u043f\u043e\u043f\u043e\u043b\u043d\u044f\u0442\u0441\u044f \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c\u0438, \u043a\u0430\u043a Sony, PwC, Norton LifeLock \u0438 \u0434\u0440\u0443\u0433\u0438\u0435.\n \n1\u0421: \u00ab\u0411\u0438\u0442\u0440\u0438\u043a\u0441\u00bb \u043a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b \u0434\u0430\u0436\u0435 \u0438 \u043d\u0435 \u0441\u043d\u0438\u043b\u0438\u0441\u044c.\n\n\u041d\u0435\u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u0438\u0439", "creation_timestamp": "2023-06-23T19:55:50.000000Z"}, {"uuid": "27a540c5-01d2-49a2-a6a2-264552dd8263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "Telegram/uynl35xXShLAU7OfpZhQYXA0xT1C1l82xITzTzJ26Og6NMs", "content": "", "creation_timestamp": "2023-06-14T16:42:13.000000Z"}, {"uuid": "321895ba-4178-4cfb-b7eb-8458e900c7ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/cibsecurity/64889", "content": "\u203c CVE-2023-34362 \u203c\n\nIn Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T18:37:26.000000Z"}, {"uuid": "9ee6addd-7715-4f8f-9c70-1ce50b8b4e0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/3536", "content": "https://github.com/horizon3ai/CVE-2023-34362", "creation_timestamp": "2023-08-09T20:19:42.000000Z"}, {"uuid": "ba90ee4e-00a1-4075-842f-34fc83165de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/thehackernews/3458", "content": "\ud83d\udea8 A new research report has revealed that the notorious Clop ransomware group has likely been silently exploiting the recently disclosed critical MOVEit Transfer application vulnerability (CVE-2023-34362) since 2021.  \n \nDetails: https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html", "creation_timestamp": "2023-06-08T16:00:23.000000Z"}, {"uuid": "c849dfdc-9659-49d8-9573-5b0c9ef4db6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/xakep_ru/14149", "content": "0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 MOVEit Transfer \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0445\u0438\u0449\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-34362 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435\u0439 \u0444\u0430\u0439\u043b\u043e\u0432 MOVEit Transfer, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Progress Software, \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u0445\u0438\u0449\u0435\u043d\u0438\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u0443 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439.\n\nhttps://xakep.ru/2023/06/05/moveit-transfer/", "creation_timestamp": "2023-06-05T11:40:39.000000Z"}, {"uuid": "ff554580-9790-4c8f-a757-30083278c4df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/xakep_ru/14159", "content": "Microsoft \u0441\u0432\u044f\u0437\u0430\u043b\u0430 \u0445\u0430\u043a-\u0433\u0440\u0443\u043f\u043f\u0443 Clop \u0441 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 MOVEit Transfer\n\n\u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 Microsoft \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0432\u043e\u043b\u043d\u0430 \u0430\u0442\u0430\u043a \u043d\u0430 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 MOVEit Transfer (CVE-2023-34362) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c\u044e \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 Clop.\n\nhttps://xakep.ru/2023/06/06/moveit-clop/", "creation_timestamp": "2023-06-06T12:35:24.000000Z"}, {"uuid": "4080aa70-7773-4aa4-935b-a7aae03e15d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://t.me/BlueRedTeam/2722", "content": "\ud83d\udea8 A new research report has revealed that the notorious Clop ransomware group has likely been silently exploiting the recently disclosed critical MOVEit Transfer application vulnerability (CVE-2023-34362) since 2021.  \n \nDetails: https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html", "creation_timestamp": "2025-02-21T18:50:11.000000Z"}, {"uuid": "481c1f3f-32ef-4c31-a717-560788622f70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2730", "content": "#Red_Team\n\nCVE-2023-34362: MOVEit Transfer Unauthenticated RCE\n\nhttps://github.com/sfewer-r7/CVE-2023-34362", "creation_timestamp": "2023-06-13T10:13:23.000000Z"}, {"uuid": "3b934985-bc38-4bb0-87ca-533c9cecb631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/thebugbountyhunter/7410", "content": "Patch Diffing Progress MOVEIt Transfer RCE (CVE-2023-34362)\n\nhttps://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure/", "creation_timestamp": "2023-06-09T12:27:02.000000Z"}, {"uuid": "4f833421-4f06-45f6-a992-314a6452f18d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7424", "content": "MOVEIt Transfer RCE Part Two (CVE-2023-34362)\n\nhttps://blog.assetnote.io/2023/06/13/moveit-transfer-part-two/", "creation_timestamp": "2023-06-14T12:27:03.000000Z"}, {"uuid": "e7d05672-94f3-4ce6-b73f-b25ba4ba64cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/9712", "content": "#exploit\n#Analytics\nTop 10 Vulnerabilities of 2023:\n\n1. CVE-2023-34362: MOVEit Vulnerability\n2. CVE-2023-23397: MS Outlook PE\n3. CVE-2023-43641: 1-Click RCE on GNOME\n4. CVE-2023-28252: Windows CLFS PE\n5. CVE-2023-2868: Barracuda ESG CI\n6. CVE-2023-26360: Adobe ColdFusion\n7. CVE-2023-4966: Citrix Bleed\n8. CVE-2023-22952: SugarCRM RCE\n9. CVE-2023-24880: Win Smart Screen Bypass\n10. CVE-2022-42475: FortiOS heap-based BoF in sslvpnd\n]-&gt; https://github.com/scrt/cve-2022-42475", "creation_timestamp": "2024-10-11T02:08:15.000000Z"}, {"uuid": "817287fa-7abe-4f24-bdd6-b86f554bce9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8493", "content": "#exploit\n1. CVE-2023-34362:\nMOVEIt Transfer RCE\nPart1: https://blog.assetnote.io/2023/06/07/moveit-transfer-patch-diff-adventure\nPart 2: https://blog.assetnote.io/2023/06/13/moveit-transfer-part-two\n\n2. CVE-2023-29336:\nWin32k EoP Vulnerability\nhttps://github.com/numencyber/Vulnerability_PoC/tree/main/CVE-2023-29336", "creation_timestamp": "2024-01-28T19:15:07.000000Z"}, {"uuid": "369ddaa2-539e-416f-8886-e78357ed2a1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://t.me/Rootsec_2/2414", "content": "#exploit\n#Analytics\nTop 10 Vulnerabilities of 2023:\n\n1. CVE-2023-34362: MOVEit Vulnerability\nhttps://t.me/CyberSecurityTechnologies/8493\n2. CVE-2023-23397: MS Outlook PE\nhttps://t.me/CyberSecurityTechnologies/8677\n3. CVE-2023-43641: 1-Click RCE on GNOME\nhttps://t.me/CyberSecurityTechnologies/9175\n4. CVE-2023-28252: Windows CLFS PE\nhttps://t.me/CyberSecurityTechnologies/8595\n5. CVE-2023-2868: Barracuda ESG CI\nhttps://t.me/CyberSecurityTechnologies/8627\n6. CVE-2023-26360: Adobe ColdFusion\nhttps://t.me/CyberSecurityTechnologies/9702\n7. CVE-2023-4966: Citrix Bleed\nhttps://t.me/CyberSecurityTechnologies/9257\n8. CVE-2023-22952: SugarCRM RCE\nhttps://t.me/CyberSecurityTechnologies/7907\n9. CVE-2023-24880: Win Smart Screen Bypass\nhttps://www.vicarius.io/vsociety/posts/windows-smartscreen-security-feature-bypass-cve-2023-24880\n10. CVE-2022-42475:\nFortiOS heap-based buffer overflow in sslvpnd\nhttps://bishopfox.com/blog/exploit-cve-2022-42475\n]-&gt; https://github.com/scrt/cve-2022-42475", "creation_timestamp": "2024-08-16T08:59:55.000000Z"}, {"uuid": "c18e6f84-e23d-49c5-b429-961d52d22487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "Telegram/ejAET7Wd0n1V5uqKctP5d-vJmqb8O4j5F4lTKyPXLyKbJrU", "content": "", "creation_timestamp": "2026-05-06T03:00:05.000000Z"}, {"uuid": "0d5ea329-fb7e-4fcd-9654-f62b2e7d40c1", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5ea1bfac-7dd0-41ca-8fe8-d2116c075e10", "content": "", "creation_timestamp": "2026-06-19T12:46:54.138507Z"}, {"uuid": "ac35b9af-6c37-4282-b4b5-bfddb3ef128b", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/745106ef-31af-4e47-8110-f2a4b6aeaf0c", "content": "", "creation_timestamp": "2026-06-23T14:05:41.295476Z"}, {"uuid": "e85b65f9-64f0-4a26-aeb2-e8a33ef24a4a", "vulnerability_lookup_origin": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-34362", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/eb923112-e4b3-4b7d-98aa-3ce836ec6d44", "content": "", "creation_timestamp": "2026-06-30T11:39:54.468110Z"}, {"uuid": "d78857a0-ac06-42d6-9cc4-dd987a21fc5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://gist.github.com/tu-trinh-scale/092cb6bf72577bd3fafe700ea6173593", "content": "diff --git a/README.md b/README.md\nindex 57102d1..1ff5f87 100644\n--- a/README.md\n+++ b/README.md\n@@ -93,6 +93,9 @@ Vuls is a tool created to solve the problems listed above. It has the following\n - CISA(Cybersecurity &amp; Infrastructure Security Agency)\n   - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)\n \n+- VulnCheck\n+  - Known Exploited Vulnerabilities data is represented in scan results alongside CISA KEV data.\n+\n - Cyber Threat Intelligence(MITRE ATT&amp;CK and CAPEC)\n   - [mitre/cti](https://github.com/mitre/cti)\n \n@@ -163,6 +166,7 @@ Vuls has some options to detect the vulnerabilities\n   - Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.\n - Auto-generation of configuration file template\n   - Auto-detection of servers set using CIDR, generate configuration file template\n+- Example KEV reporting configuration is available at [examples/config-kev.toml](examples/config-kev.toml), with sample JSON output at [examples/scan-result-kev.json](examples/scan-result-kev.json).\n - Email and Slack notification is possible (supports Japanese language)\n - Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI ([VulsRepo](https://github.com/ishiDACo/vulsrepo)).\n \ndiff --git a/detector/kevuln.go b/detector/kevuln.go\nindex 41afdfe..8690d13 100644\n--- a/detector/kevuln.go\n+++ b/detector/kevuln.go\n@@ -6,6 +6,7 @@ package detector\n import (\n \t\"encoding/json\"\n \t\"net/http\"\n+\t\"reflect\"\n \t\"time\"\n \n \t\"github.com/cenkalti/backoff\"\n@@ -78,21 +79,18 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \t\t\tif err := json.Unmarshal([]byte(res.json), &amp;kevulns); err != nil {\n \t\t\t\treturn err\n \t\t\t}\n-\n-\t\t\talerts := []models.Alert{}\n-\t\t\tif len(kevulns) &gt; 0 {\n-\t\t\t\talerts = append(alerts, models.Alert{\n-\t\t\t\t\tTitle: \"Known Exploited Vulnerabilities Catalog\",\n-\t\t\t\t\tURL:   \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n-\t\t\t\t\tTeam:  \"cisa\",\n-\t\t\t\t})\n+\t\t\tif len(kevulns) == 0 {\n+\t\t\t\tcontinue\n \t\t\t}\n \n \t\t\tv, ok := r.ScannedCves[res.request.cveID]\n-\t\t\tif ok {\n-\t\t\t\tv.AlertDict.CISA = alerts\n-\t\t\t\tnKEV++\n+\t\t\tif !ok {\n+\t\t\t\tcontinue\n \t\t\t}\n+\t\t\tfor _, kevuln := range kevulns {\n+\t\t\t\tv.KEVs = append(v.KEVs, convertKEVuln(kevuln))\n+\t\t\t}\n+\t\t\tnKEV++\n \t\t\tr.ScannedCves[res.request.cveID] = v\n \t\t}\n \t} else {\n@@ -108,16 +106,9 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \t\t\t\tcontinue\n \t\t\t}\n \n-\t\t\talerts := []models.Alert{}\n-\t\t\tif len(kevulns) &gt; 0 {\n-\t\t\t\talerts = append(alerts, models.Alert{\n-\t\t\t\t\tTitle: \"Known Exploited Vulnerabilities Catalog\",\n-\t\t\t\t\tURL:   \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n-\t\t\t\t\tTeam:  \"cisa\",\n-\t\t\t\t})\n+\t\t\tfor _, kevuln := range kevulns {\n+\t\t\t\tvuln.KEVs = append(vuln.KEVs, convertKEVuln(kevuln))\n \t\t\t}\n-\n-\t\t\tvuln.AlertDict.CISA = alerts\n \t\t\tnKEV++\n \t\t\tr.ScannedCves[cveID] = vuln\n \t\t}\n@@ -127,6 +118,81 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \treturn nil\n }\n \n+func convertKEVuln(kevuln kevulnmodels.KEVuln) models.KEV {\n+\treturn models.KEV{\n+\t\tType:                       models.CISAKEVType,\n+\t\tVendorProject:              stringField(kevuln, \"VendorProject\"),\n+\t\tProduct:                    stringField(kevuln, \"Product\"),\n+\t\tVulnerabilityName:          stringField(kevuln, \"VulnerabilityName\"),\n+\t\tShortDescription:           stringField(kevuln, \"ShortDescription\"),\n+\t\tRequiredAction:             stringField(kevuln, \"RequiredAction\"),\n+\t\tKnownRansomwareCampaignUse: stringField(kevuln, \"KnownRansomwareCampaignUse\"),\n+\t\tDateAdded:                  timeField(kevuln, \"DateAdded\"),\n+\t\tDueDate:                    timePtrField(kevuln, \"DueDate\"),\n+\t\tCISA: &amp;models.CISAKEV{\n+\t\t\tNote: stringField(kevuln, \"Notes\", \"Note\"),\n+\t\t},\n+\t}\n+}\n+\n+func stringField(v interface{}, names ...string) string {\n+\tvalue := reflect.Indirect(reflect.ValueOf(v))\n+\tfor _, name := range names {\n+\t\tfield := value.FieldByName(name)\n+\t\tif field.IsValid() &amp;&amp; field.Kind() == reflect.String {\n+\t\t\treturn field.String()\n+\t\t}\n+\t}\n+\treturn \"\"\n+}\n+\n+func timeField(v interface{}, names ...string) time.Time {\n+\tvalue := reflect.Indirect(reflect.ValueOf(v))\n+\tfor _, name := range names {\n+\t\tfield := value.FieldByName(name)\n+\t\tif !field.IsValid() {\n+\t\t\tcontinue\n+\t\t}\n+\t\tswitch field.Type() {\n+\t\tcase reflect.TypeOf(time.Time{}):\n+\t\t\treturn field.Interface().(time.Time)\n+\t\tcase reflect.TypeOf(\"\"):\n+\t\t\tif t, err := time.Parse(\"2006-01-02\", field.String()); err == nil {\n+\t\t\t\treturn t\n+\t\t\t}\n+\t\t}\n+\t}\n+\treturn time.Time{}\n+}\n+\n+func timePtrField(v interface{}, names ...string) *time.Time {\n+\tvalue := reflect.Indirect(reflect.ValueOf(v))\n+\tfor _, name := range names {\n+\t\tfield := value.FieldByName(name)\n+\t\tif !field.IsValid() {\n+\t\t\tcontinue\n+\t\t}\n+\t\tswitch field.Type() {\n+\t\tcase reflect.TypeOf(time.Time{}):\n+\t\t\tt := field.Interface().(time.Time)\n+\t\t\tif t.IsZero() {\n+\t\t\t\treturn nil\n+\t\t\t}\n+\t\t\treturn &amp;t\n+\t\tcase reflect.TypeOf((*time.Time)(nil)):\n+\t\t\tif field.IsNil() {\n+\t\t\t\treturn nil\n+\t\t\t}\n+\t\t\treturn field.Interface().(*time.Time)\n+\t\tcase reflect.TypeOf(\"\"):\n+\t\t\tif t, err := time.Parse(\"2006-01-02\", field.String()); err == nil {\n+\t\t\t\treturn &amp;t\n+\t\t\t}\n+\t\t}\n+\t}\n+\treturn nil\n+}\n+\n type kevulnResponse struct {\n \trequest kevulnRequest\n \tjson    string\ndiff --git a/examples/scan-result-kev.json b/examples/scan-result-kev.json\nnew file mode 100644\nindex 0000000..4fa451a\n--- /dev/null\n+++ b/examples/scan-result-kev.json\n@@ -0,0 +1,101 @@\n+{\n+  \"jsonVersion\": 4,\n+  \"lang\": \"en\",\n+  \"serverUUID\": \"example-server-uuid\",\n+  \"serverName\": \"example\",\n+  \"family\": \"ubuntu\",\n+  \"release\": \"22.04\",\n+  \"container\": {},\n+  \"platform\": {},\n+  \"scannedAt\": \"2026-07-03T00:00:00Z\",\n+  \"scanMode\": \"fast-root\",\n+  \"scannedVersion\": \"vuls-example\",\n+  \"scannedRevision\": \"example\",\n+  \"scannedBy\": \"vuls\",\n+  \"scannedVia\": \"remote\",\n+  \"reportedAt\": \"2026-07-03T00:00:00Z\",\n+  \"reportedVersion\": \"vuls-example\",\n+  \"reportedRevision\": \"example\",\n+  \"reportedBy\": \"vuls\",\n+  \"errors\": [],\n+  \"warnings\": [],\n+  \"scannedCves\": {\n+    \"CVE-2023-34362\": {\n+      \"cveID\": \"CVE-2023-34362\",\n+      \"confidences\": [\n+        {\n+          \"score\": 100,\n+          \"detectionMethod\": \"NvdExactVersionMatch\"\n+        }\n+      ],\n+      \"affectedPackages\": [\n+        {\n+          \"name\": \"moveit-transfer\",\n+          \"notFixedYet\": false,\n+          \"fixedIn\": \"2023.0.2\"\n+        }\n+      ],\n+      \"kevs\": [\n+        {\n+          \"type\": \"cisa\",\n+          \"vendorProject\": \"Progress\",\n+          \"product\": \"MOVEit Transfer\",\n+          \"vulnerabilityName\": \"Progress MOVEit Transfer SQL Injection Vulnerability\",\n+          \"shortDescription\": \"Progress MOVEit Transfer contains a SQL injection vulnerability that allows an unauthenticated attacker to access the database.\",\n+          \"requiredAction\": \"Apply updates per vendor instructions.\",\n+          \"knownRansomwareCampaignUse\": \"Known\",\n+          \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+          \"dueDate\": \"2023-06-23T00:00:00Z\",\n+          \"cisa\": {\n+            \"note\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\"\n+          }\n+        },\n+        {\n+          \"type\": \"vulncheck\",\n+          \"vendorProject\": \"Progress\",\n+          \"product\": \"MOVEit Transfer\",\n+          \"vulnerabilityName\": \"Progress MOVEit Transfer SQL Injection Vulnerability\",\n+          \"shortDescription\": \"VulnCheck reports public exploitation activity for Progress MOVEit Transfer.\",\n+          \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+          \"vulncheck\": {\n+            \"xdb\": [\n+              {\n+                \"xdbID\": \"XDB-123456\",\n+                \"xdbURL\": \"https://vulncheck.com/xdb/XDB-123456\",\n+                \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+                \"exploitType\": \"initial-access\",\n+                \"cloneSSHURL\": \"git@github.com:example/exploit.git\"\n+              }\n+            ],\n+            \"reportedExploitation\": [\n+              {\n+                \"url\": \"https://example.com/reports/moveit-exploitation\",\n+                \"dateAdded\": \"2023-06-02T00:00:00Z\"\n+              }\n+            ]\n+          }\n+        }\n+      ],\n+      \"cveContents\": {\n+        \"nvd\": [\n+          {\n+            \"type\": \"nvd\",\n+            \"cveID\": \"CVE-2023-34362\",\n+            \"title\": \"CVE-2023-34362\",\n+            \"summary\": \"SQL injection vulnerability in Progress MOVEit Transfer.\"\n+          }\n+        ]\n+      },\n+      \"alertDict\": {\n+        \"jpcert\": null,\n+        \"uscert\": null\n+      }\n+    }\n+  },\n+  \"runningKernel\": {},\n+  \"packages\": {},\n+  \"config\": {\n+    \"scan\": {},\n+    \"report\": {}\n+  }\n+}\ndiff --git a/models/scanresults.go b/models/scanresults.go\nindex 508b992..4adf43a 100644\n--- a/models/scanresults.go\n+++ b/models/scanresults.go\n@@ -197,11 +197,12 @@ func (r ScanResult) FormatTextReportHeader() string {\n \t\tpkgs = fmt.Sprintf(\"%s, %d libs\", pkgs, r.LibraryScanners.Total())\n \t}\n \n-\treturn fmt.Sprintf(\"%s\\n%s\\n%s\\n%s, %s, %s, %s\\n%s\\n\",\n+\treturn fmt.Sprintf(\"%s\\n%s\\n%s\\n%s, %s, %s, %s, %s\\n%s\\n\",\n \t\tr.ServerInfo(),\n \t\tbuf.String(),\n \t\tr.ScannedCves.FormatCveSummary(),\n \t\tr.ScannedCves.FormatFixedStatus(r.Packages),\n+\t\tr.FormatKEVCveSummary(),\n \t\tr.FormatExploitCveSummary(),\n \t\tr.FormatMetasploitCveSummary(),\n \t\tr.FormatAlertSummary(),\n@@ -229,6 +230,17 @@ func (r ScanResult) FormatUpdatablePkgsSummary() string {\n \t\tnUpdatable)\n }\n \n+// FormatKEVCveSummary returns a summary of KEV cves.\n+func (r ScanResult) FormatKEVCveSummary() string {\n+\tnKEVCve := 0\n+\tfor _, vuln := range r.ScannedCves {\n+\t\tif 0 &lt; len(vuln.KEVs) {\n+\t\t\tnKEVCve++\n+\t\t}\n+\t}\n+\treturn fmt.Sprintf(\"%d kevs\", nKEVCve)\n+}\n+\n // FormatExploitCveSummary returns a summary of exploit cve\n func (r ScanResult) FormatExploitCveSummary() string {\n \tnExploitCve := 0\n@@ -253,13 +265,9 @@ func (r ScanResult) FormatMetasploitCveSummary() string {\n \n // FormatAlertSummary returns a summary of CERT alerts\n func (r ScanResult) FormatAlertSummary() string {\n-\tcisaCnt := 0\n \tuscertCnt := 0\n \tjpcertCnt := 0\n \tfor _, vuln := range r.ScannedCves {\n-\t\tif len(vuln.AlertDict.CISA) &gt; 0 {\n-\t\t\tcisaCnt += len(vuln.AlertDict.CISA)\n-\t\t}\n \t\tif len(vuln.AlertDict.USCERT) &gt; 0 {\n \t\t\tuscertCnt += len(vuln.AlertDict.USCERT)\n \t\t}\n@@ -267,7 +275,7 @@ func (r ScanResult) FormatAlertSummary() string {\n \t\t\tjpcertCnt += len(vuln.AlertDict.JPCERT)\n \t\t}\n \t}\n-\treturn fmt.Sprintf(\"cisa: %d, uscert: %d, jpcert: %d alerts\", cisaCnt, uscertCnt, jpcertCnt)\n+\treturn fmt.Sprintf(\"uscert: %d, jpcert: %d alerts\", uscertCnt, jpcertCnt)\n }\n \n func (r ScanResult) isDisplayUpdatableNum(mode config.ScanMode) bool {\n@@ -427,6 +435,12 @@ func (r *ScanResult) SortForJSONOutput() {\n \t\t})\n \n \t\tv.CveContents.Sort()\n+\t\tsort.Slice(v.KEVs, func(i, j int) bool {\n+\t\t\tif v.KEVs[i].Type != v.KEVs[j].Type {\n+\t\t\t\treturn v.KEVs[i].Type &lt; v.KEVs[j].Type\n+\t\t\t}\n+\t\t\treturn v.KEVs[i].VulnerabilityName &lt; v.KEVs[j].VulnerabilityName\n+\t\t})\n \n \t\tsort.Slice(v.AlertDict.USCERT, func(i, j int) bool {\n \t\t\treturn v.AlertDict.USCERT[i].Title &lt; v.AlertDict.USCERT[j].Title\ndiff --git a/models/scanresults_kev_test.go b/models/scanresults_kev_test.go\nnew file mode 100644\nindex 0000000..e0b22d3\n--- /dev/null\n+++ b/models/scanresults_kev_test.go\n@@ -0,0 +1,49 @@\n+package models\n+\n+import (\n+\t\"reflect\"\n+\t\"testing\"\n+)\n+\n+func TestScanResult_FormatKEVCveSummary(t *testing.T) {\n+\tr := ScanResult{\n+\t\tScannedCves: VulnInfos{\n+\t\t\t\"CVE-2023-0001\": VulnInfo{\n+\t\t\t\tKEVs: []KEV{{Type: CISAKEVType}},\n+\t\t\t},\n+\t\t\t\"CVE-2023-0002\": VulnInfo{\n+\t\t\t\tKEVs: []KEV{{Type: CISAKEVType}, {Type: VulnCheckKEVType}},\n+\t\t\t},\n+\t\t\t\"CVE-2023-0003\": VulnInfo{},\n+\t\t},\n+\t}\n+\n+\tif got, want := r.FormatKEVCveSummary(), \"2 kevs\"; got != want {\n+\t\tt.Errorf(\"FormatKEVCveSummary() = %q, want %q\", got, want)\n+\t}\n+}\n+\n+func TestScanResult_SortForJSONOutput_KEVs(t *testing.T) {\n+\tr := ScanResult{\n+\t\tScannedCves: VulnInfos{\n+\t\t\t\"CVE-2023-0001\": VulnInfo{\n+\t\t\t\tKEVs: []KEV{\n+\t\t\t\t\t{Type: VulnCheckKEVType, VulnerabilityName: \"b\"},\n+\t\t\t\t\t{Type: CISAKEVType, VulnerabilityName: \"b\"},\n+\t\t\t\t\t{Type: CISAKEVType, VulnerabilityName: \"a\"},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t}\n+\n+\tr.SortForJSONOutput()\n+\n+\twant := []KEV{\n+\t\t{Type: CISAKEVType, VulnerabilityName: \"a\"},\n+\t\t{Type: CISAKEVType, VulnerabilityName: \"b\"},\n+\t\t{Type: VulnCheckKEVType, VulnerabilityName: \"b\"},\n+\t}\n+\tif got := r.ScannedCves[\"CVE-2023-0001\"].KEVs; !reflect.DeepEqual(got, want) {\n+\t\tt.Errorf(\"KEVs = %+v, want %+v\", got, want)\n+\t}\n+}\ndiff --git a/models/vulninfos.go b/models/vulninfos.go\nindex 3e85e81..c0c7bd4 100644\n--- a/models/vulninfos.go\n+++ b/models/vulninfos.go\n@@ -263,6 +263,7 @@ type VulnInfo struct {\n \tAffectedPackages     PackageFixStatuses   `json:\"affectedPackages,omitempty\"`\n \tDistroAdvisories     DistroAdvisories     `json:\"distroAdvisories,omitempty\"` // for Amazon, RHEL, Fedora, FreeBSD, Microsoft\n \tCveContents          CveContents          `json:\"cveContents,omitempty\"`\n+\tKEVs                 []KEV                `json:\"kevs,omitempty\"`\n \tExploits             []Exploit            `json:\"exploits,omitempty\"`\n \tMetasploits          []Metasploit         `json:\"metasploits,omitempty\"`\n \tMitigations          []Mitigation         `json:\"mitigations,omitempty\"`\n@@ -277,6 +278,58 @@ type VulnInfo struct {\n \tDiffStatus           DiffStatus           `json:\"diffStatus,omitempty\"`\n }\n \n+// KEVType is a Known Exploited Vulnerability source.\n+type KEVType string\n+\n+const (\n+\t// CISAKEVType is the CISA KEV catalog source.\n+\tCISAKEVType KEVType = \"cisa\"\n+\n+\t// VulnCheckKEVType is the VulnCheck KEV source.\n+\tVulnCheckKEVType KEVType = \"vulncheck\"\n+)\n+\n+// KEV has Known Exploited Vulnerability information.\n+type KEV struct {\n+\tType                         KEVType        `json:\"type,omitempty\"`\n+\tVendorProject                string         `json:\"vendorProject,omitempty\"`\n+\tProduct                      string         `json:\"product,omitempty\"`\n+\tVulnerabilityName            string         `json:\"vulnerabilityName,omitempty\"`\n+\tShortDescription             string         `json:\"shortDescription,omitempty\"`\n+\tRequiredAction               string         `json:\"requiredAction,omitempty\"`\n+\tKnownRansomwareCampaignUse   string         `json:\"knownRansomwareCampaignUse,omitempty\"`\n+\tDateAdded                    time.Time      `json:\"dateAdded,omitempty\"`\n+\tDueDate                      *time.Time     `json:\"dueDate,omitempty\"`\n+\tCISA                         *CISAKEV       `json:\"cisa,omitempty\"`\n+\tVulnCheck                    *VulnCheckKEV  `json:\"vulncheck,omitempty\"`\n+}\n+\n+// CISAKEV has CISA-specific KEV fields.\n+type CISAKEV struct {\n+\tNote string `json:\"note,omitempty\"`\n+}\n+\n+// VulnCheckKEV has VulnCheck-specific KEV fields.\n+type VulnCheckKEV struct {\n+\tXDB                  []VulnCheckXDB                  `json:\"xdb,omitempty\"`\n+\tReportedExploitation []VulnCheckReportedExploitation `json:\"reportedExploitation,omitempty\"`\n+}\n+\n+// VulnCheckXDB has VulnCheck exploit database metadata.\n+type VulnCheckXDB struct {\n+\tXDBID       string    `json:\"xdbID,omitempty\"`\n+\tXDBURL      string    `json:\"xdbURL,omitempty\"`\n+\tDateAdded   time.Time `json:\"dateAdded,omitempty\"`\n+\tExploitType string    `json:\"exploitType,omitempty\"`\n+\tCloneSSHURL string    `json:\"cloneSSHURL,omitempty\"`\n+}\n+\n+// VulnCheckReportedExploitation has VulnCheck reported exploitation metadata.\n+type VulnCheckReportedExploitation struct {\n+\tURL       string    `json:\"url,omitempty\"`\n+\tDateAdded time.Time `json:\"dateAdded,omitempty\"`\n+}\n+\n // Alert has CERT alert information\n type Alert struct {\n \tURL   string `json:\"url,omitempty\"`\n@@ -910,24 +963,22 @@ type Mitigation struct {\n \tURL            string         `json:\"url,omitempty\"`\n }\n \n-// AlertDict has target cve JPCERT, USCERT and CISA alert data\n+// AlertDict has target cve JPCERT and USCERT alert data.\n type AlertDict struct {\n-\tCISA   []Alert `json:\"cisa\"`\n+\t// Deprecated: KEV data is stored in VulnInfo.KEVs.\n+\tCISA   []Alert `json:\"-\"`\n \tJPCERT []Alert `json:\"jpcert\"`\n \tUSCERT []Alert `json:\"uscert\"`\n }\n \n // IsEmpty checks if the content of AlertDict is empty\n func (a AlertDict) IsEmpty() bool {\n-\treturn len(a.CISA) == 0 &amp;&amp; len(a.JPCERT) == 0 &amp;&amp; len(a.USCERT) == 0\n+\treturn len(a.JPCERT) == 0 &amp;&amp; len(a.USCERT) == 0\n }\n \n // FormatSource returns which source has this alert\n func (a AlertDict) FormatSource() string {\n \tvar s []string\n-\tif len(a.CISA) != 0 {\n-\t\ts = append(s, \"CISA\")\n-\t}\n \tif len(a.USCERT) != 0 || len(a.JPCERT) != 0 {\n \t\ts = append(s, \"CERT\")\n \t}\ndiff --git a/reporter/util.go b/reporter/util.go\nindex d9cfdaa..703e9c8 100644\n--- a/reporter/util.go\n+++ b/reporter/util.go\n@@ -202,6 +202,7 @@ func formatOneLineSummary(rs ...models.ScanResult) string {\n \t\t\t\tr.ScannedCves.FormatCveSummary(),\n \t\t\t\tr.ScannedCves.FormatFixedStatus(r.Packages),\n \t\t\t\tr.FormatUpdatablePkgsSummary(),\n+\t\t\t\tr.FormatKEVCveSummary(),\n \t\t\t\tr.FormatExploitCveSummary(),\n \t\t\t\tr.FormatMetasploitCveSummary(),\n \t\t\t\tr.FormatAlertSummary(),\n@@ -565,10 +566,6 @@ No CVE-IDs are found in updatable packages.\n \t\t})\n \t\tdata = append(data, ds...)\n \n-\t\tfor _, alert := range vuln.AlertDict.CISA {\n-\t\t\tdata = append(data, []string{\"CISA Alert\", alert.URL})\n-\t\t}\n-\n \t\tfor _, alert := range vuln.AlertDict.JPCERT {\n \t\t\tdata = append(data, []string{\"JPCERT Alert\", alert.URL})\n \t\t}\ndiff --git a/tui/tui.go b/tui/tui.go\nindex 4407f56..80afe95 100644\n--- a/tui/tui.go\n+++ b/tui/tui.go\n@@ -812,16 +812,6 @@ func setChangelogLayout(g *gocui.Gui) error {\n \t\t\t}\n \t\t}\n \n-\t\tif len(vinfo.AlertDict.CISA) &gt; 0 {\n-\t\t\tlines = append(lines, \"\\n\",\n-\t\t\t\t\"CISA Alert\",\n-\t\t\t\t\"===========\",\n-\t\t\t)\n-\t\t\tfor _, alert := range vinfo.AlertDict.CISA {\n-\t\t\t\tlines = append(lines, fmt.Sprintf(\"* [%s](%s)\", alert.Title, alert.URL))\n-\t\t\t}\n-\t\t}\n-\n \t\tif len(vinfo.AlertDict.USCERT) &gt; 0 {\n \t\t\tlines = append(lines, \"\\n\",\n \t\t\t\t\"USCERT Alert\",\n", "creation_timestamp": "2026-07-03T10:08:49.800454Z"}, {"uuid": "c8f5558c-4996-42a6-a4a4-f98dc62b6912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-34362", "type": "seen", "source": "https://gist.github.com/tu-trinh-scale/f84d5c409f0a00a969618f67f57c2f91", "content": "diff --git a/README.md b/README.md\nindex 57102d1..6e977b0 100644\n--- a/README.md\n+++ b/README.md\n@@ -93,6 +93,11 @@ Vuls is a tool created to solve the problems listed above. It has the following\n - CISA(Cybersecurity &amp; Infrastructure Security Agency)\n   - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)\n \n+- KEV(Known Exploited Vulnerabilities)\n+  - CISA and VulnCheck KEV entries are reported on each vulnerability as `kevs`\n+  - Example config: [examples/config-kev.toml](examples/config-kev.toml)\n+  - Example scan result: [examples/scan-result-kev.json](examples/scan-result-kev.json)\n+\n - Cyber Threat Intelligence(MITRE ATT&amp;CK and CAPEC)\n   - [mitre/cti](https://github.com/mitre/cti)\n \ndiff --git a/detector/kevuln.go b/detector/kevuln.go\nindex 41afdfe..35c9047 100644\n--- a/detector/kevuln.go\n+++ b/detector/kevuln.go\n@@ -6,6 +6,8 @@ package detector\n import (\n \t\"encoding/json\"\n \t\"net/http\"\n+\t\"reflect\"\n+\t\"strings\"\n \t\"time\"\n \n \t\"github.com/cenkalti/backoff\"\n@@ -79,18 +81,9 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \t\t\t\treturn err\n \t\t\t}\n \n-\t\t\talerts := []models.Alert{}\n-\t\t\tif len(kevulns) &gt; 0 {\n-\t\t\t\talerts = append(alerts, models.Alert{\n-\t\t\t\t\tTitle: \"Known Exploited Vulnerabilities Catalog\",\n-\t\t\t\t\tURL:   \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n-\t\t\t\t\tTeam:  \"cisa\",\n-\t\t\t\t})\n-\t\t\t}\n-\n \t\t\tv, ok := r.ScannedCves[res.request.cveID]\n-\t\t\tif ok {\n-\t\t\t\tv.AlertDict.CISA = alerts\n+\t\t\tif ok &amp;&amp; len(kevulns) &gt; 0 {\n+\t\t\t\tv.KEVs = toKEVs(kevulns)\n \t\t\t\tnKEV++\n \t\t\t}\n \t\t\tr.ScannedCves[res.request.cveID] = v\n@@ -108,16 +101,7 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \t\t\t\tcontinue\n \t\t\t}\n \n-\t\t\talerts := []models.Alert{}\n-\t\t\tif len(kevulns) &gt; 0 {\n-\t\t\t\talerts = append(alerts, models.Alert{\n-\t\t\t\t\tTitle: \"Known Exploited Vulnerabilities Catalog\",\n-\t\t\t\t\tURL:   \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n-\t\t\t\t\tTeam:  \"cisa\",\n-\t\t\t\t})\n-\t\t\t}\n-\n-\t\t\tvuln.AlertDict.CISA = alerts\n+\t\t\tvuln.KEVs = toKEVs(kevulns)\n \t\t\tnKEV++\n \t\t\tr.ScannedCves[cveID] = vuln\n \t\t}\n@@ -127,6 +111,170 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \treturn nil\n }\n \n+func toKEVs(kevulns []kevulnmodels.KEVuln) []models.KEV {\n+\tkevs := make([]models.KEV, 0, len(kevulns))\n+\tfor _, kevuln := range kevulns {\n+\t\tkevs = append(kevs, toKEV(kevuln))\n+\t}\n+\treturn kevs\n+}\n+\n+func toKEV(kevuln kevulnmodels.KEVuln) models.KEV {\n+\tv := reflect.ValueOf(kevuln)\n+\tkev := models.KEV{\n+\t\tType:                       kevType(v),\n+\t\tVendorProject:              stringField(v, \"VendorProject\", \"Vendor\"),\n+\t\tProduct:                    stringField(v, \"Product\"),\n+\t\tVulnerabilityName:          stringField(v, \"VulnerabilityName\", \"Name\"),\n+\t\tShortDescription:           stringField(v, \"ShortDescription\", \"Description\"),\n+\t\tRequiredAction:             stringField(v, \"RequiredAction\"),\n+\t\tKnownRansomwareCampaignUse: stringField(v, \"KnownRansomwareCampaignUse\"),\n+\t\tDateAdded:                  timeField(v, \"DateAdded\"),\n+\t}\n+\n+\tif dueDate, ok := timePtrField(v, \"DueDate\"); ok {\n+\t\tkev.DueDate = dueDate\n+\t}\n+\tif note := stringField(v, \"Note\", \"Notes\"); note != \"\" {\n+\t\tkev.CISA = &amp;models.CISAKEV{Note: note}\n+\t}\n+\tif vulnCheck := vulnCheckKEV(v); vulnCheck != nil {\n+\t\tkev.Type = models.VulnCheckKEVType\n+\t\tkev.VulnCheck = vulnCheck\n+\t}\n+\tif kev.Type == \"\" {\n+\t\tkev.Type = models.CISAKEVType\n+\t}\n+\treturn kev\n+}\n+\n+func kevType(v reflect.Value) models.KEVType {\n+\tt := strings.ToLower(stringField(v, \"Type\", \"Source\"))\n+\tswitch {\n+\tcase strings.Contains(t, string(models.VulnCheckKEVType)):\n+\t\treturn models.VulnCheckKEVType\n+\tdefault:\n+\t\treturn models.CISAKEVType\n+\t}\n+}\n+\n+func vulnCheckKEV(v reflect.Value) *models.VulnCheckKEV {\n+\tvulnCheck := models.VulnCheckKEV{\n+\t\tXDB:                  vulnCheckXDBs(sliceField(v, \"XDB\", \"XDBs\")),\n+\t\tReportedExploitation: vulnCheckReportedExploitations(sliceField(v, \"ReportedExploitation\", \"ReportedExploitations\")),\n+\t}\n+\tif len(vulnCheck.XDB) == 0 &amp;&amp; len(vulnCheck.ReportedExploitation) == 0 {\n+\t\treturn nil\n+\t}\n+\treturn &amp;vulnCheck\n+}\n+\n+func vulnCheckXDBs(v reflect.Value) []models.VulnCheckXDB {\n+\tif !v.IsValid() || v.Kind() != reflect.Slice {\n+\t\treturn nil\n+\t}\n+\txdbs := make([]models.VulnCheckXDB, 0, v.Len())\n+\tfor i := 0; i &lt; v.Len(); i++ {\n+\t\te := v.Index(i)\n+\t\txdb := models.VulnCheckXDB{\n+\t\t\tXDBID:       stringField(e, \"XDBID\", \"ID\"),\n+\t\t\tXDBURL:      stringField(e, \"XDBURL\", \"URL\"),\n+\t\t\tDateAdded:   timeField(e, \"DateAdded\"),\n+\t\t\tExploitType: stringField(e, \"ExploitType\"),\n+\t\t\tCloneSSHURL: stringField(e, \"CloneSSHURL\"),\n+\t\t}\n+\t\tif xdb.XDBID != \"\" || xdb.XDBURL != \"\" || !xdb.DateAdded.IsZero() || xdb.ExploitType != \"\" || xdb.CloneSSHURL != \"\" {\n+\t\t\txdbs = append(xdbs, xdb)\n+\t\t}\n+\t}\n+\treturn xdbs\n+}\n+\n+func vulnCheckReportedExploitations(v reflect.Value) []models.VulnCheckReportedExploitation {\n+\tif !v.IsValid() || v.Kind() != reflect.Slice {\n+\t\treturn nil\n+\t}\n+\treported := make([]models.VulnCheckReportedExploitation, 0, v.Len())\n+\tfor i := 0; i &lt; v.Len(); i++ {\n+\t\te := v.Index(i)\n+\t\treport := models.VulnCheckReportedExploitation{\n+\t\t\tURL:       stringField(e, \"URL\"),\n+\t\t\tDateAdded: timeField(e, \"DateAdded\"),\n+\t\t}\n+\t\tif report.URL != \"\" || !report.DateAdded.IsZero() {\n+\t\t\treported = append(reported, report)\n+\t\t}\n+\t}\n+\treturn reported\n+}\n+\n+func stringField(v reflect.Value, names ...string) string {\n+\tfor _, name := range names {\n+\t\tf := fieldByName(v, name)\n+\t\tif f.IsValid() &amp;&amp; f.Kind() == reflect.String {\n+\t\t\treturn f.String()\n+\t\t}\n+\t}\n+\treturn \"\"\n+}\n+\n+func timeField(v reflect.Value, names ...string) time.Time {\n+\tfor _, name := range names {\n+\t\tf := fieldByName(v, name)\n+\t\tif f.IsValid() {\n+\t\t\tif t, ok := f.Interface().(time.Time); ok {\n+\t\t\t\treturn t\n+\t\t\t}\n+\t\t}\n+\t}\n+\treturn time.Time{}\n+}\n+\n+func timePtrField(v reflect.Value, names ...string) (*time.Time, bool) {\n+\tfor _, name := range names {\n+\t\tf := fieldByName(v, name)\n+\t\tif !f.IsValid() {\n+\t\t\tcontinue\n+\t\t}\n+\t\tif t, ok := f.Interface().(time.Time); ok &amp;&amp; !t.IsZero() {\n+\t\t\treturn &amp;t, true\n+\t\t}\n+\t\tif f.Kind() != reflect.Pointer || f.IsNil() {\n+\t\t\tcontinue\n+\t\t}\n+\t\tif t, ok := f.Interface().(*time.Time); ok &amp;&amp; t != nil &amp;&amp; !t.IsZero() {\n+\t\t\treturn t, true\n+\t\t}\n+\t}\n+\treturn nil, false\n+}\n+\n+func sliceField(v reflect.Value, names ...string) reflect.Value {\n+\tfor _, name := range names {\n+\t\tf := fieldByName(v, name)\n+\t\tif f.IsValid() &amp;&amp; f.Kind() == reflect.Slice {\n+\t\t\treturn f\n+\t\t}\n+\t}\n+\treturn reflect.Value{}\n+}\n+\n+func fieldByName(v reflect.Value, name string) reflect.Value {\n+\tif !v.IsValid() {\n+\t\treturn reflect.Value{}\n+\t}\n+\tif v.Kind() == reflect.Pointer {\n+\t\tif v.IsNil() {\n+\t\t\treturn reflect.Value{}\n+\t\t}\n+\t\tv = v.Elem()\n+\t}\n+\tif !v.IsValid() || v.Kind() != reflect.Struct {\n+\t\treturn reflect.Value{}\n+\t}\n+\treturn v.FieldByName(name)\n+}\n+\n type kevulnResponse struct {\n \trequest kevulnRequest\n \tjson    string\ndiff --git a/examples/scan-result-kev.json b/examples/scan-result-kev.json\nnew file mode 100644\nindex 0000000..b98d637\n--- /dev/null\n+++ b/examples/scan-result-kev.json\n@@ -0,0 +1,93 @@\n+{\n+  \"jsonVersion\": 4,\n+  \"lang\": \"en\",\n+  \"serverName\": \"web-01\",\n+  \"family\": \"ubuntu\",\n+  \"release\": \"22.04\",\n+  \"scannedAt\": \"2026-07-03T00:00:00Z\",\n+  \"scanMode\": \"fast-root\",\n+  \"scannedVersion\": \"example\",\n+  \"reportedAt\": \"2026-07-03T00:00:00Z\",\n+  \"reportedVersion\": \"example\",\n+  \"errors\": [],\n+  \"warnings\": [],\n+  \"scannedCves\": {\n+    \"CVE-2023-34362\": {\n+      \"cveID\": \"CVE-2023-34362\",\n+      \"affectedPackages\": [\n+        {\n+          \"name\": \"moveit-transfer\",\n+          \"notFixedYet\": true\n+        }\n+      ],\n+      \"kevs\": [\n+        {\n+          \"type\": \"cisa\",\n+          \"vendorProject\": \"Progress\",\n+          \"product\": \"MOVEit Transfer\",\n+          \"vulnerabilityName\": \"Progress MOVEit Transfer SQL Injection Vulnerability\",\n+          \"shortDescription\": \"Progress MOVEit Transfer contains a SQL injection vulnerability that allows an unauthenticated attacker to gain unauthorized access to the database.\",\n+          \"requiredAction\": \"Apply updates per vendor instructions or discontinue use if updates are unavailable.\",\n+          \"knownRansomwareCampaignUse\": \"Known\",\n+          \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+          \"dueDate\": \"2023-06-23T00:00:00Z\",\n+          \"cisa\": {\n+            \"note\": \"CISA Known Exploited Vulnerabilities Catalog entry.\"\n+          }\n+        },\n+        {\n+          \"type\": \"vulncheck\",\n+          \"vendorProject\": \"Progress\",\n+          \"product\": \"MOVEit Transfer\",\n+          \"vulnerabilityName\": \"Progress MOVEit Transfer SQL Injection Vulnerability\",\n+          \"shortDescription\": \"Observed exploitation of the MOVEit Transfer SQL injection vulnerability.\",\n+          \"requiredAction\": \"Patch MOVEit Transfer and investigate for compromise.\",\n+          \"knownRansomwareCampaignUse\": \"Known\",\n+          \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+          \"vulncheck\": {\n+            \"xdb\": [\n+              {\n+                \"xdbID\": \"XDB-123456\",\n+                \"xdbURL\": \"https://vulncheck.com/xdb/XDB-123456\",\n+                \"dateAdded\": \"2023-06-05T00:00:00Z\",\n+                \"exploitType\": \"remote\",\n+                \"cloneSSHURL\": \"git@github.com:example/moveit-cve-2023-34362.git\"\n+              }\n+            ],\n+            \"reportedExploitation\": [\n+              {\n+                \"url\": \"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a\",\n+                \"dateAdded\": \"2023-06-07T00:00:00Z\"\n+              }\n+            ]\n+          }\n+        }\n+      ],\n+      \"cveContents\": {\n+        \"nvd\": [\n+          {\n+            \"type\": \"nvd\",\n+            \"cveID\": \"CVE-2023-34362\",\n+            \"title\": \"CVE-2023-34362\",\n+            \"summary\": \"SQL injection vulnerability in MOVEit Transfer.\",\n+            \"cvss3Score\": 9.8,\n+            \"cvss3Severity\": \"CRITICAL\"\n+          }\n+        ]\n+      }\n+    }\n+  },\n+  \"packages\": {\n+    \"moveit-transfer\": {\n+      \"name\": \"moveit-transfer\",\n+      \"version\": \"2023.0.0\",\n+      \"release\": \"1\",\n+      \"newVersion\": \"2023.0.2\",\n+      \"newRelease\": \"1\"\n+    }\n+  },\n+  \"config\": {\n+    \"scan\": {},\n+    \"report\": {}\n+  }\n+}\ndiff --git a/models/scanresults.go b/models/scanresults.go\nindex 508b992..56704e4 100644\n--- a/models/scanresults.go\n+++ b/models/scanresults.go\n@@ -197,11 +197,12 @@ func (r ScanResult) FormatTextReportHeader() string {\n \t\tpkgs = fmt.Sprintf(\"%s, %d libs\", pkgs, r.LibraryScanners.Total())\n \t}\n \n-\treturn fmt.Sprintf(\"%s\\n%s\\n%s\\n%s, %s, %s, %s\\n%s\\n\",\n+\treturn fmt.Sprintf(\"%s\\n%s\\n%s\\n%s, %s, %s, %s, %s\\n%s\\n\",\n \t\tr.ServerInfo(),\n \t\tbuf.String(),\n \t\tr.ScannedCves.FormatCveSummary(),\n \t\tr.ScannedCves.FormatFixedStatus(r.Packages),\n+\t\tr.FormatKEVCveSummary(),\n \t\tr.FormatExploitCveSummary(),\n \t\tr.FormatMetasploitCveSummary(),\n \t\tr.FormatAlertSummary(),\n@@ -229,6 +230,17 @@ func (r ScanResult) FormatUpdatablePkgsSummary() string {\n \t\tnUpdatable)\n }\n \n+// FormatKEVCveSummary returns a summary of known exploited CVEs.\n+func (r ScanResult) FormatKEVCveSummary() string {\n+\tnKEVCve := 0\n+\tfor _, vuln := range r.ScannedCves {\n+\t\tif 0 &lt; len(vuln.KEVs) {\n+\t\t\tnKEVCve++\n+\t\t}\n+\t}\n+\treturn fmt.Sprintf(\"%d kevs\", nKEVCve)\n+}\n+\n // FormatExploitCveSummary returns a summary of exploit cve\n func (r ScanResult) FormatExploitCveSummary() string {\n \tnExploitCve := 0\n@@ -253,13 +265,9 @@ func (r ScanResult) FormatMetasploitCveSummary() string {\n \n // FormatAlertSummary returns a summary of CERT alerts\n func (r ScanResult) FormatAlertSummary() string {\n-\tcisaCnt := 0\n \tuscertCnt := 0\n \tjpcertCnt := 0\n \tfor _, vuln := range r.ScannedCves {\n-\t\tif len(vuln.AlertDict.CISA) &gt; 0 {\n-\t\t\tcisaCnt += len(vuln.AlertDict.CISA)\n-\t\t}\n \t\tif len(vuln.AlertDict.USCERT) &gt; 0 {\n \t\t\tuscertCnt += len(vuln.AlertDict.USCERT)\n \t\t}\n@@ -267,7 +275,7 @@ func (r ScanResult) FormatAlertSummary() string {\n \t\t\tjpcertCnt += len(vuln.AlertDict.JPCERT)\n \t\t}\n \t}\n-\treturn fmt.Sprintf(\"cisa: %d, uscert: %d, jpcert: %d alerts\", cisaCnt, uscertCnt, jpcertCnt)\n+\treturn fmt.Sprintf(\"uscert: %d, jpcert: %d alerts\", uscertCnt, jpcertCnt)\n }\n \n func (r ScanResult) isDisplayUpdatableNum(mode config.ScanMode) bool {\n@@ -422,6 +430,12 @@ func (r *ScanResult) SortForJSONOutput() {\n \t\tsort.Slice(v.Metasploits, func(i, j int) bool {\n \t\t\treturn v.Metasploits[i].Name &lt; v.Metasploits[j].Name\n \t\t})\n+\t\tsort.Slice(v.KEVs, func(i, j int) bool {\n+\t\t\tif v.KEVs[i].Type != v.KEVs[j].Type {\n+\t\t\t\treturn v.KEVs[i].Type &lt; v.KEVs[j].Type\n+\t\t\t}\n+\t\t\treturn v.KEVs[i].VulnerabilityName &lt; v.KEVs[j].VulnerabilityName\n+\t\t})\n \t\tsort.Slice(v.Mitigations, func(i, j int) bool {\n \t\t\treturn v.Mitigations[i].URL &lt; v.Mitigations[j].URL\n \t\t})\ndiff --git a/models/scanresults_kev_test.go b/models/scanresults_kev_test.go\nnew file mode 100644\nindex 0000000..00b05c3\n--- /dev/null\n+++ b/models/scanresults_kev_test.go\n@@ -0,0 +1,48 @@\n+package models\n+\n+import \"testing\"\n+\n+func TestScanResult_FormatKEVCveSummary(t *testing.T) {\n+\tr := ScanResult{\n+\t\tScannedCves: VulnInfos{\n+\t\t\t\"CVE-2024-0001\": VulnInfo{KEVs: []KEV{{Type: CISAKEVType}}},\n+\t\t\t\"CVE-2024-0002\": VulnInfo{KEVs: []KEV{{Type: CISAKEVType}, {Type: VulnCheckKEVType}}},\n+\t\t\t\"CVE-2024-0003\": VulnInfo{},\n+\t\t},\n+\t}\n+\n+\tif got, want := r.FormatKEVCveSummary(), \"2 kevs\"; got != want {\n+\t\tt.Fatalf(\"got %q, want %q\", got, want)\n+\t}\n+}\n+\n+func TestScanResult_SortForJSONOutputKEVs(t *testing.T) {\n+\tr := ScanResult{\n+\t\tScannedCves: VulnInfos{\n+\t\t\t\"CVE-2024-0001\": VulnInfo{\n+\t\t\t\tKEVs: []KEV{\n+\t\t\t\t\t{Type: VulnCheckKEVType, VulnerabilityName: \"b\"},\n+\t\t\t\t\t{Type: CISAKEVType, VulnerabilityName: \"b\"},\n+\t\t\t\t\t{Type: CISAKEVType, VulnerabilityName: \"a\"},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t}\n+\n+\tr.SortForJSONOutput()\n+\n+\tgot := r.ScannedCves[\"CVE-2024-0001\"].KEVs\n+\twant := []KEV{\n+\t\t{Type: CISAKEVType, VulnerabilityName: \"a\"},\n+\t\t{Type: CISAKEVType, VulnerabilityName: \"b\"},\n+\t\t{Type: VulnCheckKEVType, VulnerabilityName: \"b\"},\n+\t}\n+\tif len(got) != len(want) {\n+\t\tt.Fatalf(\"got %d KEVs, want %d\", len(got), len(want))\n+\t}\n+\tfor i := range want {\n+\t\tif got[i] != want[i] {\n+\t\t\tt.Fatalf(\"got KEV[%d] %+v, want %+v\", i, got[i], want[i])\n+\t\t}\n+\t}\n+}\ndiff --git a/models/vulninfos.go b/models/vulninfos.go\nindex 3e85e81..94111b0 100644\n--- a/models/vulninfos.go\n+++ b/models/vulninfos.go\n@@ -265,6 +265,7 @@ type VulnInfo struct {\n \tCveContents          CveContents          `json:\"cveContents,omitempty\"`\n \tExploits             []Exploit            `json:\"exploits,omitempty\"`\n \tMetasploits          []Metasploit         `json:\"metasploits,omitempty\"`\n+\tKEVs                 []KEV                `json:\"kevs,omitempty\"`\n \tMitigations          []Mitigation         `json:\"mitigations,omitempty\"`\n \tCtis                 []string             `json:\"ctis,omitempty\"`\n \tAlertDict            AlertDict            `json:\"alertDict,omitempty\"`\n@@ -284,6 +285,58 @@ type Alert struct {\n \tTeam  string `json:\"team,omitempty\"`\n }\n \n+// KEVType represents a Known Exploited Vulnerability source.\n+type KEVType string\n+\n+const (\n+\t// CISAKEVType is the CISA Known Exploited Vulnerabilities catalog.\n+\tCISAKEVType KEVType = \"cisa\"\n+\n+\t// VulnCheckKEVType is the VulnCheck Known Exploited Vulnerabilities catalog.\n+\tVulnCheckKEVType KEVType = \"vulncheck\"\n+)\n+\n+// KEV has Known Exploited Vulnerability information.\n+type KEV struct {\n+\tType                          KEVType        `json:\"type\"`\n+\tVendorProject                 string         `json:\"vendorProject,omitempty\"`\n+\tProduct                       string         `json:\"product,omitempty\"`\n+\tVulnerabilityName             string         `json:\"vulnerabilityName,omitempty\"`\n+\tShortDescription              string         `json:\"shortDescription,omitempty\"`\n+\tRequiredAction                string         `json:\"requiredAction,omitempty\"`\n+\tKnownRansomwareCampaignUse    string         `json:\"knownRansomwareCampaignUse,omitempty\"`\n+\tDateAdded                     time.Time      `json:\"dateAdded\"`\n+\tDueDate                       *time.Time     `json:\"dueDate,omitempty\"`\n+\tCISA                          *CISAKEV       `json:\"cisa,omitempty\"`\n+\tVulnCheck                     *VulnCheckKEV  `json:\"vulncheck,omitempty\"`\n+}\n+\n+// CISAKEV has CISA-specific KEV information.\n+type CISAKEV struct {\n+\tNote string `json:\"note,omitempty\"`\n+}\n+\n+// VulnCheckKEV has VulnCheck-specific KEV information.\n+type VulnCheckKEV struct {\n+\tXDB                  []VulnCheckXDB                  `json:\"xdb,omitempty\"`\n+\tReportedExploitation []VulnCheckReportedExploitation `json:\"reportedExploitation,omitempty\"`\n+}\n+\n+// VulnCheckXDB has VulnCheck XDB exploit information.\n+type VulnCheckXDB struct {\n+\tXDBID       string    `json:\"xdbID,omitempty\"`\n+\tXDBURL      string    `json:\"xdbURL,omitempty\"`\n+\tDateAdded   time.Time `json:\"dateAdded\"`\n+\tExploitType string    `json:\"exploitType,omitempty\"`\n+\tCloneSSHURL string    `json:\"cloneSSHURL,omitempty\"`\n+}\n+\n+// VulnCheckReportedExploitation has VulnCheck reported exploitation information.\n+type VulnCheckReportedExploitation struct {\n+\tURL       string    `json:\"url,omitempty\"`\n+\tDateAdded time.Time `json:\"dateAdded\"`\n+}\n+\n // GitHubSecurityAlerts is a list of GitHubSecurityAlert\n type GitHubSecurityAlerts []GitHubSecurityAlert\n \n@@ -910,24 +963,21 @@ type Mitigation struct {\n \tURL            string         `json:\"url,omitempty\"`\n }\n \n-// AlertDict has target cve JPCERT, USCERT and CISA alert data\n+// AlertDict has target cve JPCERT and USCERT alert data\n type AlertDict struct {\n-\tCISA   []Alert `json:\"cisa\"`\n+\tCISA   []Alert `json:\"cisa\"` // Deprecated: KEV data is stored in VulnInfo.KEVs.\n \tJPCERT []Alert `json:\"jpcert\"`\n \tUSCERT []Alert `json:\"uscert\"`\n }\n \n // IsEmpty checks if the content of AlertDict is empty\n func (a AlertDict) IsEmpty() bool {\n-\treturn len(a.CISA) == 0 &amp;&amp; len(a.JPCERT) == 0 &amp;&amp; len(a.USCERT) == 0\n+\treturn len(a.JPCERT) == 0 &amp;&amp; len(a.USCERT) == 0\n }\n \n // FormatSource returns which source has this alert\n func (a AlertDict) FormatSource() string {\n \tvar s []string\n-\tif len(a.CISA) != 0 {\n-\t\ts = append(s, \"CISA\")\n-\t}\n \tif len(a.USCERT) != 0 || len(a.JPCERT) != 0 {\n \t\ts = append(s, \"CERT\")\n \t}\ndiff --git a/reporter/util.go b/reporter/util.go\nindex d9cfdaa..23bf117 100644\n--- a/reporter/util.go\n+++ b/reporter/util.go\n@@ -202,6 +202,7 @@ func formatOneLineSummary(rs ...models.ScanResult) string {\n \t\t\t\tr.ScannedCves.FormatCveSummary(),\n \t\t\t\tr.ScannedCves.FormatFixedStatus(r.Packages),\n \t\t\t\tr.FormatUpdatablePkgsSummary(),\n+\t\t\t\tr.FormatKEVCveSummary(),\n \t\t\t\tr.FormatExploitCveSummary(),\n \t\t\t\tr.FormatMetasploitCveSummary(),\n \t\t\t\tr.FormatAlertSummary(),\n@@ -565,8 +566,8 @@ No CVE-IDs are found in updatable packages.\n \t\t})\n \t\tdata = append(data, ds...)\n \n-\t\tfor _, alert := range vuln.AlertDict.CISA {\n-\t\t\tdata = append(data, []string{\"CISA Alert\", alert.URL})\n+\t\tfor _, kev := range vuln.KEVs {\n+\t\t\tdata = append(data, []string{\"KEV\", string(kev.Type)})\n \t\t}\n \n \t\tfor _, alert := range vuln.AlertDict.JPCERT {\ndiff --git a/tui/tui.go b/tui/tui.go\nindex 4407f56..1cf62c3 100644\n--- a/tui/tui.go\n+++ b/tui/tui.go\n@@ -812,13 +812,13 @@ func setChangelogLayout(g *gocui.Gui) error {\n \t\t\t}\n \t\t}\n \n-\t\tif len(vinfo.AlertDict.CISA) &gt; 0 {\n+\t\tif len(vinfo.KEVs) &gt; 0 {\n \t\t\tlines = append(lines, \"\\n\",\n-\t\t\t\t\"CISA Alert\",\n-\t\t\t\t\"===========\",\n+\t\t\t\t\"Known Exploited Vulnerabilities\",\n+\t\t\t\t\"===============================\",\n \t\t\t)\n-\t\t\tfor _, alert := range vinfo.AlertDict.CISA {\n-\t\t\t\tlines = append(lines, fmt.Sprintf(\"* [%s](%s)\", alert.Title, alert.URL))\n+\t\t\tfor _, kev := range vinfo.KEVs {\n+\t\t\t\tlines = append(lines, fmt.Sprintf(\"* %s: %s\", kev.Type, kev.VulnerabilityName))\n \t\t\t}\n \t\t}\n \n", "creation_timestamp": "2026-07-03T11:56:23.264237Z"}, {"uuid": "621d50fd-b71d-44cd-8e26-399162aa74e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-34362", "type": "seen", "source": "https://gist.github.com/tu-trinh-scale/1c9083aaa45f7b445f2dfb3465efb086", "content": "diff --git a/README.md b/README.md\nindex 57102d1..c37f0be 100644\n--- a/README.md\n+++ b/README.md\n@@ -93,6 +93,9 @@ Vuls is a tool created to solve the problems listed above. It has the following\n - CISA(Cybersecurity &amp; Infrastructure Security Agency)\n   - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)\n \n+- VulnCheck\n+  - [Known Exploited Vulnerabilities](https://vulncheck.com/kev)\n+\n - Cyber Threat Intelligence(MITRE ATT&amp;CK and CAPEC)\n   - [mitre/cti](https://github.com/mitre/cti)\n \n@@ -179,6 +182,10 @@ Vuls has some options to detect the vulnerabilities\n For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)  \n [\u65e5\u672c\u8a9e\u7ffb\u8a33\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8](https://vuls.io/ja/)\n \n+## Example Config\n+\n+A synthetic ready-to-edit configuration is available at [config.toml.example](config.toml.example). It includes the `[kevuln]` database section needed to enrich scan results with CISA and VulnCheck KEV data. Replace placeholder paths and hosts with values from your environment; do not publish production `config.toml` values or secrets.\n+\n ----\n \n ## Authors\ndiff --git a/config.toml.example b/config.toml.example\nnew file mode 100644\nindex 0000000..647752d\n--- /dev/null\n+++ b/config.toml.example\n@@ -0,0 +1,43 @@\n+# Synthetic Vuls configuration example.\n+# Do not copy production config.toml values into this file.\n+\n+[cveDict]\n+type = \"sqlite3\"\n+sqlite3Path = \"/var/lib/vuls/cve.sqlite3\"\n+\n+[ovalDict]\n+type = \"sqlite3\"\n+sqlite3Path = \"/var/lib/vuls/oval.sqlite3\"\n+\n+[gost]\n+type = \"sqlite3\"\n+sqlite3Path = \"/var/lib/vuls/gost.sqlite3\"\n+\n+[exploit]\n+type = \"sqlite3\"\n+sqlite3Path = \"/var/lib/vuls/go-exploitdb.sqlite3\"\n+\n+[metasploit]\n+type = \"sqlite3\"\n+sqlite3Path = \"/var/lib/vuls/go-msfdb.sqlite3\"\n+\n+[kevuln]\n+type = \"sqlite3\"\n+sqlite3Path = \"/var/lib/vuls/go-kev.sqlite3\"\n+\n+[cti]\n+type = \"sqlite3\"\n+sqlite3Path = \"/var/lib/vuls/go-cti.sqlite3\"\n+\n+[default]\n+port = \"22\"\n+user = \"vuls\"\n+keyPath = \"/home/vuls/.ssh/id_rsa\"\n+scanMode = [\"fast-root\"]\n+scanModules = [\"ospkg\"]\n+\n+[servers]\n+\n+[servers.example-linux]\n+host = \"192.0.2.10\"\n+memo = \"Synthetic example host\"\ndiff --git a/detector/kevuln.go b/detector/kevuln.go\nindex 41afdfe..d48bdcb 100644\n--- a/detector/kevuln.go\n+++ b/detector/kevuln.go\n@@ -74,24 +74,19 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \t\t\treturn err\n \t\t}\n \t\tfor _, res := range responses {\n-\t\t\tkevulns := []kevulnmodels.KEVuln{}\n+\t\t\tkevulns := []json.RawMessage{}\n \t\t\tif err := json.Unmarshal([]byte(res.json), &amp;kevulns); err != nil {\n \t\t\t\treturn err\n \t\t\t}\n \n-\t\t\talerts := []models.Alert{}\n-\t\t\tif len(kevulns) &gt; 0 {\n-\t\t\t\talerts = append(alerts, models.Alert{\n-\t\t\t\t\tTitle: \"Known Exploited Vulnerabilities Catalog\",\n-\t\t\t\t\tURL:   \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n-\t\t\t\t\tTeam:  \"cisa\",\n-\t\t\t\t})\n-\t\t\t}\n-\n \t\t\tv, ok := r.ScannedCves[res.request.cveID]\n \t\t\tif ok {\n-\t\t\t\tv.AlertDict.CISA = alerts\n-\t\t\t\tnKEV++\n+\t\t\t\tfor _, kevuln := range kevulns {\n+\t\t\t\t\tv.KEVs = append(v.KEVs, convertKEVJSON(kevuln)...)\n+\t\t\t\t}\n+\t\t\t\tif len(kevulns) &gt; 0 {\n+\t\t\t\t\tnKEV++\n+\t\t\t\t}\n \t\t\t}\n \t\t\tr.ScannedCves[res.request.cveID] = v\n \t\t}\n@@ -108,16 +103,7 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \t\t\t\tcontinue\n \t\t\t}\n \n-\t\t\talerts := []models.Alert{}\n-\t\t\tif len(kevulns) &gt; 0 {\n-\t\t\t\talerts = append(alerts, models.Alert{\n-\t\t\t\t\tTitle: \"Known Exploited Vulnerabilities Catalog\",\n-\t\t\t\t\tURL:   \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n-\t\t\t\t\tTeam:  \"cisa\",\n-\t\t\t\t})\n-\t\t\t}\n-\n-\t\t\tvuln.AlertDict.CISA = alerts\n+\t\t\tvuln.KEVs = convertKEVulns(kevulns)\n \t\t\tnKEV++\n \t\t\tr.ScannedCves[cveID] = vuln\n \t\t}\n@@ -127,6 +113,106 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \treturn nil\n }\n \n+func convertKEVulns(kevulns []kevulnmodels.KEVuln) (kevs []models.KEV) {\n+\tfor _, kevuln := range kevulns {\n+\t\tb, err := json.Marshal(kevuln)\n+\t\tif err != nil {\n+\t\t\tcontinue\n+\t\t}\n+\t\tkevs = append(kevs, convertKEVJSON(b)...)\n+\t}\n+\treturn kevs\n+}\n+\n+func convertKEVJSON(raw []byte) (kevs []models.KEV) {\n+\tvar entries []json.RawMessage\n+\tif err := json.Unmarshal(raw, &amp;entries); err == nil {\n+\t\tfor _, entry := range entries {\n+\t\t\tkevs = append(kevs, convertKEVJSON(entry)...)\n+\t\t}\n+\t\treturn kevs\n+\t}\n+\n+\tvar obj map[string]json.RawMessage\n+\tif err := json.Unmarshal(raw, &amp;obj); err != nil {\n+\t\treturn nil\n+\t}\n+\n+\tfor _, key := range []string{\"cisa\", \"CISA\"} {\n+\t\tif nested, ok := obj[key]; ok {\n+\t\t\tkevs = append(kevs, convertNestedKEVJSON(nested, models.CISAKEVType)...)\n+\t\t}\n+\t}\n+\tfor _, key := range []string{\"vulncheck\", \"vulnCheck\", \"VulnCheck\"} {\n+\t\tif nested, ok := obj[key]; ok {\n+\t\t\tkevs = append(kevs, convertNestedKEVJSON(nested, models.VulnCheckKEVType)...)\n+\t\t}\n+\t}\n+\tif len(kevs) &gt; 0 {\n+\t\treturn kevs\n+\t}\n+\n+\tvar kev models.KEV\n+\tif err := json.Unmarshal(raw, &amp;kev); err != nil || !hasKEVContent(kev) {\n+\t\treturn nil\n+\t}\n+\tif kev.Type == \"\" {\n+\t\tswitch {\n+\t\tcase kev.CISA != nil:\n+\t\t\tkev.Type = models.CISAKEVType\n+\t\tcase kev.VulnCheck != nil:\n+\t\t\tkev.Type = models.VulnCheckKEVType\n+\t\t}\n+\t}\n+\treturn []models.KEV{kev}\n+}\n+\n+func convertNestedKEVJSON(raw []byte, kevType models.KEVType) (kevs []models.KEV) {\n+\tvar entries []json.RawMessage\n+\tif err := json.Unmarshal(raw, &amp;entries); err == nil {\n+\t\tfor _, entry := range entries {\n+\t\t\tkevs = append(kevs, convertNestedKEVJSON(entry, kevType)...)\n+\t\t}\n+\t\treturn kevs\n+\t}\n+\n+\tvar kev models.KEV\n+\tif err := json.Unmarshal(raw, &amp;kev); err != nil {\n+\t\treturn nil\n+\t}\n+\tkev.Type = kevType\n+\tif kevType == models.CISAKEVType {\n+\t\tvar cisa models.CISAKEV\n+\t\tif err := json.Unmarshal(raw, &amp;cisa); err == nil &amp;&amp; cisa.Note != \"\" {\n+\t\t\tkev.CISA = &amp;cisa\n+\t\t}\n+\t}\n+\tif kevType == models.VulnCheckKEVType {\n+\t\tvar vulncheck models.VulnCheckKEV\n+\t\tif err := json.Unmarshal(raw, &amp;vulncheck); err == nil &amp;&amp; (len(vulncheck.XDB) &gt; 0 || len(vulncheck.ReportedExploitation) &gt; 0) {\n+\t\t\tkev.VulnCheck = &amp;vulncheck\n+\t\t}\n+\t}\n+\tif !hasKEVContent(kev) {\n+\t\treturn nil\n+\t}\n+\treturn []models.KEV{kev}\n+}\n+\n+func hasKEVContent(kev models.KEV) bool {\n+\treturn kev.Type != \"\" ||\n+\t\tkev.VendorProject != \"\" ||\n+\t\tkev.Product != \"\" ||\n+\t\tkev.VulnerabilityName != \"\" ||\n+\t\tkev.ShortDescription != \"\" ||\n+\t\tkev.RequiredAction != \"\" ||\n+\t\tkev.KnownRansomwareCampaignUse != \"\" ||\n+\t\t!kev.DateAdded.IsZero() ||\n+\t\tkev.DueDate != nil ||\n+\t\tkev.CISA != nil ||\n+\t\tkev.VulnCheck != nil\n+}\n+\n type kevulnResponse struct {\n \trequest kevulnRequest\n \tjson    string\ndiff --git a/models/scanresults.go b/models/scanresults.go\nindex 508b992..dd33cbf 100644\n--- a/models/scanresults.go\n+++ b/models/scanresults.go\n@@ -197,13 +197,14 @@ func (r ScanResult) FormatTextReportHeader() string {\n \t\tpkgs = fmt.Sprintf(\"%s, %d libs\", pkgs, r.LibraryScanners.Total())\n \t}\n \n-\treturn fmt.Sprintf(\"%s\\n%s\\n%s\\n%s, %s, %s, %s\\n%s\\n\",\n+\treturn fmt.Sprintf(\"%s\\n%s\\n%s\\n%s, %s, %s, %s, %s\\n%s\\n\",\n \t\tr.ServerInfo(),\n \t\tbuf.String(),\n \t\tr.ScannedCves.FormatCveSummary(),\n \t\tr.ScannedCves.FormatFixedStatus(r.Packages),\n \t\tr.FormatExploitCveSummary(),\n \t\tr.FormatMetasploitCveSummary(),\n+\t\tr.FormatKEVCveSummary(),\n \t\tr.FormatAlertSummary(),\n \t\tpkgs)\n }\n@@ -251,15 +252,22 @@ func (r ScanResult) FormatMetasploitCveSummary() string {\n \treturn fmt.Sprintf(\"%d exploits\", nMetasploitCve)\n }\n \n+// FormatKEVCveSummary returns a summary of KEV cves.\n+func (r ScanResult) FormatKEVCveSummary() string {\n+\tnKEVCve := 0\n+\tfor _, vuln := range r.ScannedCves {\n+\t\tif 0 &lt; len(vuln.KEVs) {\n+\t\t\tnKEVCve++\n+\t\t}\n+\t}\n+\treturn fmt.Sprintf(\"%d kevs\", nKEVCve)\n+}\n+\n // FormatAlertSummary returns a summary of CERT alerts\n func (r ScanResult) FormatAlertSummary() string {\n-\tcisaCnt := 0\n \tuscertCnt := 0\n \tjpcertCnt := 0\n \tfor _, vuln := range r.ScannedCves {\n-\t\tif len(vuln.AlertDict.CISA) &gt; 0 {\n-\t\t\tcisaCnt += len(vuln.AlertDict.CISA)\n-\t\t}\n \t\tif len(vuln.AlertDict.USCERT) &gt; 0 {\n \t\t\tuscertCnt += len(vuln.AlertDict.USCERT)\n \t\t}\n@@ -267,7 +275,7 @@ func (r ScanResult) FormatAlertSummary() string {\n \t\t\tjpcertCnt += len(vuln.AlertDict.JPCERT)\n \t\t}\n \t}\n-\treturn fmt.Sprintf(\"cisa: %d, uscert: %d, jpcert: %d alerts\", cisaCnt, uscertCnt, jpcertCnt)\n+\treturn fmt.Sprintf(\"uscert: %d, jpcert: %d alerts\", uscertCnt, jpcertCnt)\n }\n \n func (r ScanResult) isDisplayUpdatableNum(mode config.ScanMode) bool {\n@@ -425,6 +433,12 @@ func (r *ScanResult) SortForJSONOutput() {\n \t\tsort.Slice(v.Mitigations, func(i, j int) bool {\n \t\t\treturn v.Mitigations[i].URL &lt; v.Mitigations[j].URL\n \t\t})\n+\t\tsort.Slice(v.KEVs, func(i, j int) bool {\n+\t\t\tif v.KEVs[i].Type != v.KEVs[j].Type {\n+\t\t\t\treturn v.KEVs[i].Type &lt; v.KEVs[j].Type\n+\t\t\t}\n+\t\t\treturn v.KEVs[i].VulnerabilityName &lt; v.KEVs[j].VulnerabilityName\n+\t\t})\n \n \t\tv.CveContents.Sort()\n \ndiff --git a/models/scanresults_kev_sort_test.go b/models/scanresults_kev_sort_test.go\nnew file mode 100644\nindex 0000000..e8b86f9\n--- /dev/null\n+++ b/models/scanresults_kev_sort_test.go\n@@ -0,0 +1,48 @@\n+package models\n+\n+import \"testing\"\n+\n+func TestScanResult_SortForJSONOutput_KEVs(t *testing.T) {\n+\tr := &amp;ScanResult{\n+\t\tScannedCves: VulnInfos{\n+\t\t\t\"CVE-2024-0001\": {\n+\t\t\t\tKEVs: []KEV{\n+\t\t\t\t\t{Type: VulnCheckKEVType, VulnerabilityName: \"z vulncheck\"},\n+\t\t\t\t\t{Type: CISAKEVType, VulnerabilityName: \"b cisa\"},\n+\t\t\t\t\t{Type: CISAKEVType, VulnerabilityName: \"a cisa\"},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t}\n+\n+\tr.SortForJSONOutput()\n+\n+\tkevs := r.ScannedCves[\"CVE-2024-0001\"].KEVs\n+\twants := []KEV{\n+\t\t{Type: CISAKEVType, VulnerabilityName: \"a cisa\"},\n+\t\t{Type: CISAKEVType, VulnerabilityName: \"b cisa\"},\n+\t\t{Type: VulnCheckKEVType, VulnerabilityName: \"z vulncheck\"},\n+\t}\n+\tif len(kevs) != len(wants) {\n+\t\tt.Fatalf(\"len(KEVs) = %d, want %d\", len(kevs), len(wants))\n+\t}\n+\tfor i, want := range wants {\n+\t\tif kevs[i] != want {\n+\t\t\tt.Fatalf(\"KEVs[%d] = %+v, want %+v\", i, kevs[i], want)\n+\t\t}\n+\t}\n+}\n+\n+func TestScanResult_FormatKEVCveSummary(t *testing.T) {\n+\tr := ScanResult{\n+\t\tScannedCves: VulnInfos{\n+\t\t\t\"CVE-2024-0001\": {KEVs: []KEV{{Type: CISAKEVType}}},\n+\t\t\t\"CVE-2024-0002\": {KEVs: []KEV{{Type: CISAKEVType}, {Type: VulnCheckKEVType}}},\n+\t\t\t\"CVE-2024-0003\": {},\n+\t\t},\n+\t}\n+\n+\tif got, want := r.FormatKEVCveSummary(), \"2 kevs\"; got != want {\n+\t\tt.Fatalf(\"FormatKEVCveSummary() = %q, want %q\", got, want)\n+\t}\n+}\ndiff --git a/models/vulninfos.go b/models/vulninfos.go\nindex 3e85e81..38c4b5f 100644\n--- a/models/vulninfos.go\n+++ b/models/vulninfos.go\n@@ -263,6 +263,7 @@ type VulnInfo struct {\n \tAffectedPackages     PackageFixStatuses   `json:\"affectedPackages,omitempty\"`\n \tDistroAdvisories     DistroAdvisories     `json:\"distroAdvisories,omitempty\"` // for Amazon, RHEL, Fedora, FreeBSD, Microsoft\n \tCveContents          CveContents          `json:\"cveContents,omitempty\"`\n+\tKEVs                 []KEV                `json:\"kevs,omitempty\"`\n \tExploits             []Exploit            `json:\"exploits,omitempty\"`\n \tMetasploits          []Metasploit         `json:\"metasploits,omitempty\"`\n \tMitigations          []Mitigation         `json:\"mitigations,omitempty\"`\n@@ -284,6 +285,58 @@ type Alert struct {\n \tTeam  string `json:\"team,omitempty\"`\n }\n \n+// KEVType represents the source of a Known Exploited Vulnerability entry.\n+type KEVType string\n+\n+const (\n+\t// CISAKEVType is a CISA Known Exploited Vulnerabilities Catalog entry.\n+\tCISAKEVType KEVType = \"cisa\"\n+\n+\t// VulnCheckKEVType is a VulnCheck Known Exploited Vulnerabilities entry.\n+\tVulnCheckKEVType KEVType = \"vulncheck\"\n+)\n+\n+// KEV has Known Exploited Vulnerability information.\n+type KEV struct {\n+\tType                          KEVType       `json:\"type,omitempty\"`\n+\tVendorProject                 string        `json:\"vendorProject,omitempty\"`\n+\tProduct                       string        `json:\"product,omitempty\"`\n+\tVulnerabilityName             string        `json:\"vulnerabilityName,omitempty\"`\n+\tShortDescription              string        `json:\"shortDescription,omitempty\"`\n+\tRequiredAction                string        `json:\"requiredAction,omitempty\"`\n+\tKnownRansomwareCampaignUse    string        `json:\"knownRansomwareCampaignUse,omitempty\"`\n+\tDateAdded                     time.Time     `json:\"dateAdded,omitempty\"`\n+\tDueDate                       *time.Time    `json:\"dueDate,omitempty\"`\n+\tCISA                          *CISAKEV      `json:\"cisa,omitempty\"`\n+\tVulnCheck                     *VulnCheckKEV `json:\"vulncheck,omitempty\"`\n+}\n+\n+// CISAKEV has CISA-specific KEV information.\n+type CISAKEV struct {\n+\tNote string `json:\"note,omitempty\"`\n+}\n+\n+// VulnCheckKEV has VulnCheck-specific KEV information.\n+type VulnCheckKEV struct {\n+\tXDB                  []VulnCheckXDB                  `json:\"xdb,omitempty\"`\n+\tReportedExploitation []VulnCheckReportedExploitation `json:\"reportedExploitation,omitempty\"`\n+}\n+\n+// VulnCheckXDB has VulnCheck exploit database information.\n+type VulnCheckXDB struct {\n+\tXDBID       string    `json:\"xdbID,omitempty\"`\n+\tXDBURL      string    `json:\"xdbURL,omitempty\"`\n+\tDateAdded   time.Time `json:\"dateAdded,omitempty\"`\n+\tExploitType string    `json:\"exploitType,omitempty\"`\n+\tCloneSSHURL string    `json:\"cloneSSHURL,omitempty\"`\n+}\n+\n+// VulnCheckReportedExploitation has VulnCheck reported exploitation information.\n+type VulnCheckReportedExploitation struct {\n+\tURL       string    `json:\"url,omitempty\"`\n+\tDateAdded time.Time `json:\"dateAdded,omitempty\"`\n+}\n+\n // GitHubSecurityAlerts is a list of GitHubSecurityAlert\n type GitHubSecurityAlerts []GitHubSecurityAlert\n \n@@ -910,24 +963,21 @@ type Mitigation struct {\n \tURL            string         `json:\"url,omitempty\"`\n }\n \n-// AlertDict has target cve JPCERT, USCERT and CISA alert data\n+// AlertDict has target cve JPCERT and USCERT alert data\n type AlertDict struct {\n-\tCISA   []Alert `json:\"cisa\"`\n+\tCISA   []Alert `json:\"-\"`\n \tJPCERT []Alert `json:\"jpcert\"`\n \tUSCERT []Alert `json:\"uscert\"`\n }\n \n // IsEmpty checks if the content of AlertDict is empty\n func (a AlertDict) IsEmpty() bool {\n-\treturn len(a.CISA) == 0 &amp;&amp; len(a.JPCERT) == 0 &amp;&amp; len(a.USCERT) == 0\n+\treturn len(a.JPCERT) == 0 &amp;&amp; len(a.USCERT) == 0\n }\n \n // FormatSource returns which source has this alert\n func (a AlertDict) FormatSource() string {\n \tvar s []string\n-\tif len(a.CISA) != 0 {\n-\t\ts = append(s, \"CISA\")\n-\t}\n \tif len(a.USCERT) != 0 || len(a.JPCERT) != 0 {\n \t\ts = append(s, \"CERT\")\n \t}\ndiff --git a/reporter/util.go b/reporter/util.go\nindex d9cfdaa..e33c420 100644\n--- a/reporter/util.go\n+++ b/reporter/util.go\n@@ -204,6 +204,7 @@ func formatOneLineSummary(rs ...models.ScanResult) string {\n \t\t\t\tr.FormatUpdatablePkgsSummary(),\n \t\t\t\tr.FormatExploitCveSummary(),\n \t\t\t\tr.FormatMetasploitCveSummary(),\n+\t\t\t\tr.FormatKEVCveSummary(),\n \t\t\t\tr.FormatAlertSummary(),\n \t\t\t}\n \t\t} else {\n@@ -518,6 +519,10 @@ No CVE-IDs are found in updatable packages.\n \t\t\tm[exploit.URL] = struct{}{}\n \t\t}\n \n+\t\tfor _, kev := range vuln.KEVs {\n+\t\t\tdata = append(data, []string{\"KEV\", fmt.Sprintf(\"%s: %s\", kev.Type, kev.VulnerabilityName)})\n+\t\t}\n+\n \t\tfor year, urls := range top10URLs {\n \t\t\tds := [][]string{}\n \t\t\tfor _, url := range urls {\n@@ -565,10 +570,6 @@ No CVE-IDs are found in updatable packages.\n \t\t})\n \t\tdata = append(data, ds...)\n \n-\t\tfor _, alert := range vuln.AlertDict.CISA {\n-\t\t\tdata = append(data, []string{\"CISA Alert\", alert.URL})\n-\t\t}\n-\n \t\tfor _, alert := range vuln.AlertDict.JPCERT {\n \t\t\tdata = append(data, []string{\"JPCERT Alert\", alert.URL})\n \t\t}\ndiff --git a/sample-kev-scan-result.json b/sample-kev-scan-result.json\nnew file mode 100644\nindex 0000000..0190cbe\n--- /dev/null\n+++ b/sample-kev-scan-result.json\n@@ -0,0 +1,66 @@\n+{\n+  \"jsonVersion\": 4,\n+  \"lang\": \"en\",\n+  \"serverName\": \"example-linux\",\n+  \"family\": \"ubuntu\",\n+  \"release\": \"22.04\",\n+  \"scannedAt\": \"2026-07-03T00:00:00Z\",\n+  \"reportedAt\": \"2026-07-03T00:00:00Z\",\n+  \"scannedCves\": {\n+    \"CVE-2023-34362\": {\n+      \"cveID\": \"CVE-2023-34362\",\n+      \"kevs\": [\n+        {\n+          \"type\": \"cisa\",\n+          \"vendorProject\": \"Progress\",\n+          \"product\": \"MOVEit Transfer\",\n+          \"vulnerabilityName\": \"Progress MOVEit Transfer SQL Injection Vulnerability\",\n+          \"shortDescription\": \"Progress MOVEit Transfer contains a SQL injection vulnerability that can allow an unauthenticated attacker to gain unauthorized access.\",\n+          \"requiredAction\": \"Apply updates per vendor instructions.\",\n+          \"knownRansomwareCampaignUse\": \"Known\",\n+          \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+          \"dueDate\": \"2023-06-23T00:00:00Z\",\n+          \"cisa\": {\n+            \"note\": \"Synthetic sample based on public KEV catalog fields.\"\n+          }\n+        },\n+        {\n+          \"type\": \"vulncheck\",\n+          \"vendorProject\": \"Progress\",\n+          \"product\": \"MOVEit Transfer\",\n+          \"vulnerabilityName\": \"Progress MOVEit Transfer SQL Injection Vulnerability\",\n+          \"shortDescription\": \"VulnCheck KEV sample entry showing exploit intelligence attached to the vulnerability.\",\n+          \"requiredAction\": \"Apply updates per vendor instructions.\",\n+          \"knownRansomwareCampaignUse\": \"Known\",\n+          \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+          \"vulncheck\": {\n+            \"xdb\": [\n+              {\n+                \"xdbID\": \"00000000-0000-0000-0000-000000000000\",\n+                \"xdbURL\": \"https://vulncheck.com/xdb/example\",\n+                \"dateAdded\": \"2023-06-05T00:00:00Z\",\n+                \"exploitType\": \"initial-access\",\n+                \"cloneSSHURL\": \"git@example.invalid:vulncheck/example.git\"\n+              }\n+            ],\n+            \"reportedExploitation\": [\n+              {\n+                \"url\": \"https://example.invalid/reports/cve-2023-34362\",\n+                \"dateAdded\": \"2023-06-06T00:00:00Z\"\n+              }\n+            ]\n+          }\n+        }\n+      ],\n+      \"affectedPackages\": [\n+        {\n+          \"name\": \"moveit-transfer\",\n+          \"fixedIn\": \"2023.0.1\"\n+        }\n+      ]\n+    }\n+  },\n+  \"packages\": {},\n+  \"errors\": [],\n+  \"warnings\": []\n+}\ndiff --git a/tui/tui.go b/tui/tui.go\nindex 4407f56..9a5fe0c 100644\n--- a/tui/tui.go\n+++ b/tui/tui.go\n@@ -812,13 +812,13 @@ func setChangelogLayout(g *gocui.Gui) error {\n \t\t\t}\n \t\t}\n \n-\t\tif len(vinfo.AlertDict.CISA) &gt; 0 {\n+\t\tif len(vinfo.KEVs) &gt; 0 {\n \t\t\tlines = append(lines, \"\\n\",\n-\t\t\t\t\"CISA Alert\",\n-\t\t\t\t\"===========\",\n+\t\t\t\t\"KEV\",\n+\t\t\t\t\"===\",\n \t\t\t)\n-\t\t\tfor _, alert := range vinfo.AlertDict.CISA {\n-\t\t\t\tlines = append(lines, fmt.Sprintf(\"* [%s](%s)\", alert.Title, alert.URL))\n+\t\t\tfor _, kev := range vinfo.KEVs {\n+\t\t\t\tlines = append(lines, fmt.Sprintf(\"* %s: %s\", kev.Type, kev.VulnerabilityName))\n \t\t\t}\n \t\t}\n \n", "creation_timestamp": "2026-07-03T17:33:43.557654Z"}, {"uuid": "397436f9-dada-4514-9bd6-25d91ef821a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34362", "type": "seen", "source": "https://gist.github.com/tu-trinh-scale/aaf6d7ed499ecdf851cb79cac522efe2", "content": "diff --git a/README.md b/README.md\nindex 57102d1..57b5443 100644\n--- a/README.md\n+++ b/README.md\n@@ -93,6 +93,9 @@ Vuls is a tool created to solve the problems listed above. It has the following\n - CISA(Cybersecurity &amp; Infrastructure Security Agency)\n   - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)\n \n+- VulnCheck\n+  - Known Exploited Vulnerabilities data\n+\n - Cyber Threat Intelligence(MITRE ATT&amp;CK and CAPEC)\n   - [mitre/cti](https://github.com/mitre/cti)\n \n@@ -179,6 +182,10 @@ Vuls has some options to detect the vulnerabilities\n For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)  \n [\u65e5\u672c\u8a9e\u7ffb\u8a33\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8](https://vuls.io/ja/)\n \n+## Example configuration\n+\n+Use [`config.toml.example`](config.toml.example) as a redacted starting point for a local `config.toml`. The example includes the `kevuln` SQLite database configuration required to populate first-class `kevs` entries in scan results.\n+\n ----\n \n ## Authors\ndiff --git a/config.toml.example b/config.toml.example\nnew file mode 100644\nindex 0000000..e958147\n--- /dev/null\n+++ b/config.toml.example\n@@ -0,0 +1,48 @@\n+# Synthetic Vuls configuration example. Replace every placeholder before use.\n+# Do not paste production hostnames, credentials, tokens, or webhook URLs into this file.\n+\n+resultsDir = \"/var/lib/vuls/results\"\n+lang = \"en\"\n+\n+[default]\n+port = \"22\"\n+user = \"vuls\"\n+keyPath = \"/home/vuls/.ssh/id_rsa\"\n+scanMode = [\"fast-root\"]\n+\n+[servers]\n+\n+[servers.example-linux]\n+host = \"192.0.2.10\"\n+port = \"22\"\n+user = \"vuls\"\n+keyPath = \"/home/vuls/.ssh/id_rsa\"\n+scanMode = [\"fast-root\"]\n+\n+[cveDict]\n+type = \"sqlite3\"\n+SQLite3Path = \"/var/lib/vuls/cve.sqlite3\"\n+\n+[ovalDict]\n+type = \"sqlite3\"\n+SQLite3Path = \"/var/lib/vuls/oval.sqlite3\"\n+\n+[gost]\n+type = \"sqlite3\"\n+SQLite3Path = \"/var/lib/vuls/gost.sqlite3\"\n+\n+[exploit]\n+type = \"sqlite3\"\n+SQLite3Path = \"/var/lib/vuls/go-exploitdb.sqlite3\"\n+\n+[metasploit]\n+type = \"sqlite3\"\n+SQLite3Path = \"/var/lib/vuls/go-msfdb.sqlite3\"\n+\n+[kevuln]\n+type = \"sqlite3\"\n+SQLite3Path = \"/var/lib/vuls/go-kev.sqlite3\"\n+\n+[cti]\n+type = \"sqlite3\"\n+SQLite3Path = \"/var/lib/vuls/go-cti.sqlite3\"\ndiff --git a/detector/kevuln.go b/detector/kevuln.go\nindex 41afdfe..6908af6 100644\n--- a/detector/kevuln.go\n+++ b/detector/kevuln.go\n@@ -6,6 +6,8 @@ package detector\n import (\n \t\"encoding/json\"\n \t\"net/http\"\n+\t\"reflect\"\n+\t\"strings\"\n \t\"time\"\n \n \t\"github.com/cenkalti/backoff\"\n@@ -79,19 +81,12 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \t\t\t\treturn err\n \t\t\t}\n \n-\t\t\talerts := []models.Alert{}\n-\t\t\tif len(kevulns) &gt; 0 {\n-\t\t\t\talerts = append(alerts, models.Alert{\n-\t\t\t\t\tTitle: \"Known Exploited Vulnerabilities Catalog\",\n-\t\t\t\t\tURL:   \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n-\t\t\t\t\tTeam:  \"cisa\",\n-\t\t\t\t})\n-\t\t\t}\n-\n \t\t\tv, ok := r.ScannedCves[res.request.cveID]\n \t\t\tif ok {\n-\t\t\t\tv.AlertDict.CISA = alerts\n-\t\t\t\tnKEV++\n+\t\t\t\tv.KEVs = append(v.KEVs, convertKEVulnsToModels(kevulns)...)\n+\t\t\t\tif len(kevulns) &gt; 0 {\n+\t\t\t\t\tnKEV++\n+\t\t\t\t}\n \t\t\t}\n \t\t\tr.ScannedCves[res.request.cveID] = v\n \t\t}\n@@ -108,16 +103,7 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \t\t\t\tcontinue\n \t\t\t}\n \n-\t\t\talerts := []models.Alert{}\n-\t\t\tif len(kevulns) &gt; 0 {\n-\t\t\t\talerts = append(alerts, models.Alert{\n-\t\t\t\t\tTitle: \"Known Exploited Vulnerabilities Catalog\",\n-\t\t\t\t\tURL:   \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n-\t\t\t\t\tTeam:  \"cisa\",\n-\t\t\t\t})\n-\t\t\t}\n-\n-\t\t\tvuln.AlertDict.CISA = alerts\n+\t\t\tvuln.KEVs = append(vuln.KEVs, convertKEVulnsToModels(kevulns)...)\n \t\t\tnKEV++\n \t\t\tr.ScannedCves[cveID] = vuln\n \t\t}\n@@ -127,6 +113,141 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging\n \treturn nil\n }\n \n+func convertKEVulnsToModels(kevulns []kevulnmodels.KEVuln) (kevs []models.KEV) {\n+\tfor _, kevuln := range kevulns {\n+\t\tvar raw struct {\n+\t\t\tType                         string `json:\"type\"`\n+\t\t\tSource                       string `json:\"source\"`\n+\t\t\tVendorProject                string `json:\"vendorProject\"`\n+\t\t\tProduct                      string `json:\"product\"`\n+\t\t\tVulnerabilityName            string `json:\"vulnerabilityName\"`\n+\t\t\tShortDescription             string `json:\"shortDescription\"`\n+\t\t\tRequiredAction               string `json:\"requiredAction\"`\n+\t\t\tKnownRansomwareCampaignUse   string `json:\"knownRansomwareCampaignUse\"`\n+\t\t\tDateAdded                    string `json:\"dateAdded\"`\n+\t\t\tDueDate                      string `json:\"dueDate\"`\n+\t\t\tNote                         string `json:\"note\"`\n+\t\t\tNotes                        string `json:\"notes\"`\n+\t\t}\n+\t\tif bs, err := json.Marshal(kevuln); err == nil {\n+\t\t\t_ = json.Unmarshal(bs, &amp;raw)\n+\t\t}\n+\n+\t\tkevType := models.CISAKEVType\n+\t\tif strings.EqualFold(firstNonEmpty(raw.Type, stringField(kevuln, \"Type\")), string(models.VulnCheckKEVType)) ||\n+\t\t\tstrings.EqualFold(firstNonEmpty(raw.Source, stringField(kevuln, \"Source\")), string(models.VulnCheckKEVType)) {\n+\t\t\tkevType = models.VulnCheckKEVType\n+\t\t}\n+\n+\t\tkev := models.KEV{\n+\t\t\tType:                       kevType,\n+\t\t\tVendorProject:              firstNonEmpty(raw.VendorProject, stringField(kevuln, \"VendorProject\")),\n+\t\t\tProduct:                    firstNonEmpty(raw.Product, stringField(kevuln, \"Product\")),\n+\t\t\tVulnerabilityName:          firstNonEmpty(raw.VulnerabilityName, stringField(kevuln, \"VulnerabilityName\")),\n+\t\t\tShortDescription:           firstNonEmpty(raw.ShortDescription, stringField(kevuln, \"ShortDescription\")),\n+\t\t\tRequiredAction:             firstNonEmpty(raw.RequiredAction, stringField(kevuln, \"RequiredAction\")),\n+\t\t\tKnownRansomwareCampaignUse: firstNonEmpty(raw.KnownRansomwareCampaignUse, stringField(kevuln, \"KnownRansomwareCampaignUse\")),\n+\t\t\tDateAdded:                  firstNonZeroTime(parseKEVDate(raw.DateAdded), timeField(kevuln, \"DateAdded\")),\n+\t\t}\n+\t\tif dueDate := firstNonZeroTime(parseKEVDate(raw.DueDate), timeField(kevuln, \"DueDate\")); !dueDate.IsZero() {\n+\t\t\tkev.DueDate = &amp;dueDate\n+\t\t}\n+\n+\t\tswitch kevType {\n+\t\tcase models.VulnCheckKEVType:\n+\t\t\tkev.VulnCheck = &amp;models.VulnCheckKEV{}\n+\t\tdefault:\n+\t\t\tkev.CISA = &amp;models.CISAKEV{Note: firstNonEmpty(raw.Note, raw.Notes, stringField(kevuln, \"Note\"), stringField(kevuln, \"Notes\"))}\n+\t\t}\n+\n+\t\tkevs = append(kevs, kev)\n+\t}\n+\treturn kevs\n+}\n+\n+func stringField(v interface{}, names ...string) string {\n+\trv := reflect.Indirect(reflect.ValueOf(v))\n+\tif !rv.IsValid() || rv.Kind() != reflect.Struct {\n+\t\treturn \"\"\n+\t}\n+\tfor _, name := range names {\n+\t\tf := rv.FieldByName(name)\n+\t\tif !f.IsValid() {\n+\t\t\tcontinue\n+\t\t}\n+\t\tswitch f.Kind() {\n+\t\tcase reflect.String:\n+\t\t\treturn f.String()\n+\t\tcase reflect.Slice:\n+\t\t\tif f.Type().Elem().Kind() != reflect.String {\n+\t\t\t\tcontinue\n+\t\t\t}\n+\t\t\tss := make([]string, 0, f.Len())\n+\t\t\tfor i := 0; i &lt; f.Len(); i++ {\n+\t\t\t\tss = append(ss, f.Index(i).String())\n+\t\t\t}\n+\t\t\treturn strings.Join(ss, \"\\n\")\n+\t\t}\n+\t}\n+\treturn \"\"\n+}\n+\n+func timeField(v interface{}, names ...string) time.Time {\n+\trv := reflect.Indirect(reflect.ValueOf(v))\n+\tif !rv.IsValid() || rv.Kind() != reflect.Struct {\n+\t\treturn time.Time{}\n+\t}\n+\tfor _, name := range names {\n+\t\tf := rv.FieldByName(name)\n+\t\tif !f.IsValid() {\n+\t\t\tcontinue\n+\t\t}\n+\t\tif f.Kind() == reflect.Ptr {\n+\t\t\tif f.IsNil() {\n+\t\t\t\tcontinue\n+\t\t\t}\n+\t\t\tf = f.Elem()\n+\t\t}\n+\t\tif f.Type() == reflect.TypeOf(time.Time{}) {\n+\t\t\treturn f.Interface().(time.Time)\n+\t\t}\n+\t\tif f.Kind() == reflect.String {\n+\t\t\treturn parseKEVDate(f.String())\n+\t\t}\n+\t}\n+\treturn time.Time{}\n+}\n+\n+func firstNonZeroTime(ts ...time.Time) time.Time {\n+\tfor _, t := range ts {\n+\t\tif !t.IsZero() {\n+\t\t\treturn t\n+\t\t}\n+\t}\n+\treturn time.Time{}\n+}\n+\n+func parseKEVDate(s string) time.Time {\n+\tif s == \"\" {\n+\t\treturn time.Time{}\n+\t}\n+\tfor _, layout := range []string{time.RFC3339, \"2006-01-02\"} {\n+\t\tif t, err := time.Parse(layout, s); err == nil {\n+\t\t\treturn t\n+\t\t}\n+\t}\n+\treturn time.Time{}\n+}\n+\n+func firstNonEmpty(ss ...string) string {\n+\tfor _, s := range ss {\n+\t\tif s != \"\" {\n+\t\t\treturn s\n+\t\t}\n+\t}\n+\treturn \"\"\n+}\n+\n type kevulnResponse struct {\n \trequest kevulnRequest\n \tjson    string\ndiff --git a/models/scanresults.go b/models/scanresults.go\nindex 508b992..8536f0d 100644\n--- a/models/scanresults.go\n+++ b/models/scanresults.go\n@@ -197,13 +197,14 @@ func (r ScanResult) FormatTextReportHeader() string {\n \t\tpkgs = fmt.Sprintf(\"%s, %d libs\", pkgs, r.LibraryScanners.Total())\n \t}\n \n-\treturn fmt.Sprintf(\"%s\\n%s\\n%s\\n%s, %s, %s, %s\\n%s\\n\",\n+\treturn fmt.Sprintf(\"%s\\n%s\\n%s\\n%s, %s, %s, %s, %s\\n%s\\n\",\n \t\tr.ServerInfo(),\n \t\tbuf.String(),\n \t\tr.ScannedCves.FormatCveSummary(),\n \t\tr.ScannedCves.FormatFixedStatus(r.Packages),\n \t\tr.FormatExploitCveSummary(),\n \t\tr.FormatMetasploitCveSummary(),\n+\t\tr.FormatKEVCveSummary(),\n \t\tr.FormatAlertSummary(),\n \t\tpkgs)\n }\n@@ -251,15 +252,22 @@ func (r ScanResult) FormatMetasploitCveSummary() string {\n \treturn fmt.Sprintf(\"%d exploits\", nMetasploitCve)\n }\n \n+// FormatKEVCveSummary returns a summary of KEV cves.\n+func (r ScanResult) FormatKEVCveSummary() string {\n+\tnKEVCve := 0\n+\tfor _, vuln := range r.ScannedCves {\n+\t\tif 0 &lt; len(vuln.KEVs) {\n+\t\t\tnKEVCve++\n+\t\t}\n+\t}\n+\treturn fmt.Sprintf(\"%d kevs\", nKEVCve)\n+}\n+\n // FormatAlertSummary returns a summary of CERT alerts\n func (r ScanResult) FormatAlertSummary() string {\n-\tcisaCnt := 0\n \tuscertCnt := 0\n \tjpcertCnt := 0\n \tfor _, vuln := range r.ScannedCves {\n-\t\tif len(vuln.AlertDict.CISA) &gt; 0 {\n-\t\t\tcisaCnt += len(vuln.AlertDict.CISA)\n-\t\t}\n \t\tif len(vuln.AlertDict.USCERT) &gt; 0 {\n \t\t\tuscertCnt += len(vuln.AlertDict.USCERT)\n \t\t}\n@@ -267,7 +275,7 @@ func (r ScanResult) FormatAlertSummary() string {\n \t\t\tjpcertCnt += len(vuln.AlertDict.JPCERT)\n \t\t}\n \t}\n-\treturn fmt.Sprintf(\"cisa: %d, uscert: %d, jpcert: %d alerts\", cisaCnt, uscertCnt, jpcertCnt)\n+\treturn fmt.Sprintf(\"uscert: %d, jpcert: %d alerts\", uscertCnt, jpcertCnt)\n }\n \n func (r ScanResult) isDisplayUpdatableNum(mode config.ScanMode) bool {\n@@ -422,6 +430,12 @@ func (r *ScanResult) SortForJSONOutput() {\n \t\tsort.Slice(v.Metasploits, func(i, j int) bool {\n \t\t\treturn v.Metasploits[i].Name &lt; v.Metasploits[j].Name\n \t\t})\n+\t\tsort.Slice(v.KEVs, func(i, j int) bool {\n+\t\t\tif v.KEVs[i].Type != v.KEVs[j].Type {\n+\t\t\t\treturn v.KEVs[i].Type &lt; v.KEVs[j].Type\n+\t\t\t}\n+\t\t\treturn v.KEVs[i].VulnerabilityName &lt; v.KEVs[j].VulnerabilityName\n+\t\t})\n \t\tsort.Slice(v.Mitigations, func(i, j int) bool {\n \t\t\treturn v.Mitigations[i].URL &lt; v.Mitigations[j].URL\n \t\t})\ndiff --git a/models/vulninfos.go b/models/vulninfos.go\nindex 3e85e81..2235ad1 100644\n--- a/models/vulninfos.go\n+++ b/models/vulninfos.go\n@@ -265,6 +265,7 @@ type VulnInfo struct {\n \tCveContents          CveContents          `json:\"cveContents,omitempty\"`\n \tExploits             []Exploit            `json:\"exploits,omitempty\"`\n \tMetasploits          []Metasploit         `json:\"metasploits,omitempty\"`\n+\tKEVs                 []KEV                `json:\"kevs,omitempty\"`\n \tMitigations          []Mitigation         `json:\"mitigations,omitempty\"`\n \tCtis                 []string             `json:\"ctis,omitempty\"`\n \tAlertDict            AlertDict            `json:\"alertDict,omitempty\"`\n@@ -284,6 +285,58 @@ type Alert struct {\n \tTeam  string `json:\"team,omitempty\"`\n }\n \n+// KEVType represents a known exploited vulnerability data source.\n+type KEVType string\n+\n+const (\n+\t// CISAKEVType represents CISA Known Exploited Vulnerabilities Catalog entries.\n+\tCISAKEVType KEVType = \"cisa\"\n+\n+\t// VulnCheckKEVType represents VulnCheck Known Exploited Vulnerabilities entries.\n+\tVulnCheckKEVType KEVType = \"vulncheck\"\n+)\n+\n+// KEV has CISA/VulnCheck Known Exploited Vulnerability information.\n+type KEV struct {\n+\tType                       KEVType       `json:\"type,omitempty\"`\n+\tVendorProject              string        `json:\"vendorProject,omitempty\"`\n+\tProduct                    string        `json:\"product,omitempty\"`\n+\tVulnerabilityName          string        `json:\"vulnerabilityName,omitempty\"`\n+\tShortDescription           string        `json:\"shortDescription,omitempty\"`\n+\tRequiredAction             string        `json:\"requiredAction,omitempty\"`\n+\tKnownRansomwareCampaignUse string        `json:\"knownRansomwareCampaignUse,omitempty\"`\n+\tDateAdded                  time.Time     `json:\"dateAdded,omitempty\"`\n+\tDueDate                    *time.Time    `json:\"dueDate,omitempty\"`\n+\tCISA                       *CISAKEV      `json:\"cisa,omitempty\"`\n+\tVulnCheck                  *VulnCheckKEV `json:\"vulncheck,omitempty\"`\n+}\n+\n+// CISAKEV has CISA-specific KEV fields.\n+type CISAKEV struct {\n+\tNote string `json:\"note,omitempty\"`\n+}\n+\n+// VulnCheckKEV has VulnCheck-specific KEV fields.\n+type VulnCheckKEV struct {\n+\tXDB                  []VulnCheckXDB                  `json:\"xdb,omitempty\"`\n+\tReportedExploitation []VulnCheckReportedExploitation `json:\"reportedExploitation,omitempty\"`\n+}\n+\n+// VulnCheckXDB has VulnCheck exploit database information.\n+type VulnCheckXDB struct {\n+\tXDBID       string    `json:\"xdbID,omitempty\"`\n+\tXDBURL      string    `json:\"xdbURL,omitempty\"`\n+\tDateAdded   time.Time `json:\"dateAdded,omitempty\"`\n+\tExploitType string    `json:\"exploitType,omitempty\"`\n+\tCloneSSHURL string    `json:\"cloneSSHURL,omitempty\"`\n+}\n+\n+// VulnCheckReportedExploitation has VulnCheck reported exploitation information.\n+type VulnCheckReportedExploitation struct {\n+\tURL       string    `json:\"url,omitempty\"`\n+\tDateAdded time.Time `json:\"dateAdded,omitempty\"`\n+}\n+\n // GitHubSecurityAlerts is a list of GitHubSecurityAlert\n type GitHubSecurityAlerts []GitHubSecurityAlert\n \n@@ -910,24 +963,21 @@ type Mitigation struct {\n \tURL            string         `json:\"url,omitempty\"`\n }\n \n-// AlertDict has target cve JPCERT, USCERT and CISA alert data\n+// AlertDict has target cve JPCERT and USCERT alert data\n type AlertDict struct {\n-\tCISA   []Alert `json:\"cisa\"`\n+\tCISA   []Alert `json:\"-\"`\n \tJPCERT []Alert `json:\"jpcert\"`\n \tUSCERT []Alert `json:\"uscert\"`\n }\n \n // IsEmpty checks if the content of AlertDict is empty\n func (a AlertDict) IsEmpty() bool {\n-\treturn len(a.CISA) == 0 &amp;&amp; len(a.JPCERT) == 0 &amp;&amp; len(a.USCERT) == 0\n+\treturn len(a.JPCERT) == 0 &amp;&amp; len(a.USCERT) == 0\n }\n \n // FormatSource returns which source has this alert\n func (a AlertDict) FormatSource() string {\n \tvar s []string\n-\tif len(a.CISA) != 0 {\n-\t\ts = append(s, \"CISA\")\n-\t}\n \tif len(a.USCERT) != 0 || len(a.JPCERT) != 0 {\n \t\ts = append(s, \"CERT\")\n \t}\ndiff --git a/reporter/util.go b/reporter/util.go\nindex d9cfdaa..a2dfbd0 100644\n--- a/reporter/util.go\n+++ b/reporter/util.go\n@@ -204,6 +204,7 @@ func formatOneLineSummary(rs ...models.ScanResult) string {\n \t\t\t\tr.FormatUpdatablePkgsSummary(),\n \t\t\t\tr.FormatExploitCveSummary(),\n \t\t\t\tr.FormatMetasploitCveSummary(),\n+\t\t\t\tr.FormatKEVCveSummary(),\n \t\t\t\tr.FormatAlertSummary(),\n \t\t\t}\n \t\t} else {\n@@ -565,10 +566,6 @@ No CVE-IDs are found in updatable packages.\n \t\t})\n \t\tdata = append(data, ds...)\n \n-\t\tfor _, alert := range vuln.AlertDict.CISA {\n-\t\t\tdata = append(data, []string{\"CISA Alert\", alert.URL})\n-\t\t}\n-\n \t\tfor _, alert := range vuln.AlertDict.JPCERT {\n \t\t\tdata = append(data, []string{\"JPCERT Alert\", alert.URL})\n \t\t}\ndiff --git a/sample-kev-scan-result.json b/sample-kev-scan-result.json\nnew file mode 100644\nindex 0000000..c90a8ac\n--- /dev/null\n+++ b/sample-kev-scan-result.json\n@@ -0,0 +1,64 @@\n+{\n+  \"jsonVersion\": 4,\n+  \"lang\": \"en\",\n+  \"serverName\": \"example-linux\",\n+  \"family\": \"ubuntu\",\n+  \"release\": \"22.04\",\n+  \"scannedAt\": \"2026-07-03T00:00:00Z\",\n+  \"scanMode\": \"fast-root\",\n+  \"reportedAt\": \"2026-07-03T00:00:00Z\",\n+  \"errors\": [],\n+  \"warnings\": [],\n+  \"scannedCves\": {\n+    \"CVE-2023-34362\": {\n+      \"cveID\": \"CVE-2023-34362\",\n+      \"kevs\": [\n+        {\n+          \"type\": \"cisa\",\n+          \"vendorProject\": \"Progress\",\n+          \"product\": \"MOVEit Transfer\",\n+          \"vulnerabilityName\": \"Progress MOVEit Transfer SQL Injection Vulnerability\",\n+          \"shortDescription\": \"Progress MOVEit Transfer contains a SQL injection vulnerability that allows an unauthenticated attacker to gain unauthorized access.\",\n+          \"requiredAction\": \"Apply updates per vendor instructions.\",\n+          \"knownRansomwareCampaignUse\": \"Known\",\n+          \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+          \"dueDate\": \"2023-06-23T00:00:00Z\",\n+          \"cisa\": {\n+            \"note\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\"\n+          }\n+        },\n+        {\n+          \"type\": \"vulncheck\",\n+          \"vendorProject\": \"Progress\",\n+          \"product\": \"MOVEit Transfer\",\n+          \"vulnerabilityName\": \"Progress MOVEit Transfer SQL Injection Vulnerability\",\n+          \"shortDescription\": \"VulnCheck reports exploitation activity for Progress MOVEit Transfer.\",\n+          \"knownRansomwareCampaignUse\": \"Known\",\n+          \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+          \"vulncheck\": {\n+            \"xdb\": [\n+              {\n+                \"xdbID\": \"placeholder-xdb-id\",\n+                \"xdbURL\": \"https://example.com/vulncheck/xdb/placeholder-xdb-id\",\n+                \"dateAdded\": \"2023-06-02T00:00:00Z\",\n+                \"exploitType\": \"remote\",\n+                \"cloneSSHURL\": \"git@example.com:placeholder/exploit.git\"\n+              }\n+            ],\n+            \"reportedExploitation\": [\n+              {\n+                \"url\": \"https://example.com/report/progress-moveit-transfer-exploitation\",\n+                \"dateAdded\": \"2023-06-02T00:00:00Z\"\n+              }\n+            ]\n+          }\n+        }\n+      ]\n+    }\n+  },\n+  \"packages\": {},\n+  \"config\": {\n+    \"scan\": {},\n+    \"report\": {}\n+  }\n+}\ndiff --git a/tui/tui.go b/tui/tui.go\nindex 4407f56..80afe95 100644\n--- a/tui/tui.go\n+++ b/tui/tui.go\n@@ -812,16 +812,6 @@ func setChangelogLayout(g *gocui.Gui) error {\n \t\t\t}\n \t\t}\n \n-\t\tif len(vinfo.AlertDict.CISA) &gt; 0 {\n-\t\t\tlines = append(lines, \"\\n\",\n-\t\t\t\t\"CISA Alert\",\n-\t\t\t\t\"===========\",\n-\t\t\t)\n-\t\t\tfor _, alert := range vinfo.AlertDict.CISA {\n-\t\t\t\tlines = append(lines, fmt.Sprintf(\"* [%s](%s)\", alert.Title, alert.URL))\n-\t\t\t}\n-\t\t}\n-\n \t\tif len(vinfo.AlertDict.USCERT) &gt; 0 {\n \t\t\tlines = append(lines, \"\\n\",\n \t\t\t\t\"USCERT Alert\",\n", "creation_timestamp": "2026-07-03T19:59:58.065181Z"}]}