Surge in MOVEit Vulnerability Scanning Raises Alarms: What You Need to Know

July 1, 2025
The Phish Hook

A surge in scans targeting MOVEit Transfer vulnerabilities, including CVE-2023-34362 and CVE-2023-36934, signals renewed cyberattack risks. Learn how to protect your systems.

🚨 MOVEit Vulnerabilities Resurface with New Wave of Threat Activity

The MOVEit Transfer platform is once again in the cybersecurity spotlight. In June 2025, security researchers observed a sharp increase in scanning and exploitation attempts against known vulnerabilities, particularly CVE-2023-34362 and CVE-2023-36934. These critical flaws were at the center of the devastating Cl0p ransomware attacks in 2023—and now, attackers are back.

📈 What’s Happening?

GreyNoise reported over 300 daily scanning attempts targeting MOVEit servers across the internet.
Exploit attempts are starting to resurface, hinting at possible coordinated campaigns.
Many scanning IPs originate from cloud platforms like Amazon, Google, and Tencent Cloud.

🔓 Vulnerabilities Being Exploited

CVE-2023-34362: A critical SQL injection that allows unauthenticated access and remote code execution.
CVE-2023-36934: Another high-severity flaw involving improper authentication handling in MOVEit Transfer.

These vulnerabilities enabled attackers in 2023 to steal data from hundreds of organizations, including financial firms, healthcare providers, and government agencies.

🛡️ What Should You Do?

If you’re using MOVEit Transfer:

Patch immediately – Ensure all systems are updated to the latest version.
Monitor for unusual activity, especially around endpoints like guestaccess.aspx.
Block known malicious IPs based on threat intel feeds.
Strengthen your perimeter with WAFs, IDS/IPS, and EDR tools.
Audit your exposure – Limit public-facing access and disable unnecessary services.

🔍 Why It Matters

MOVEit is widely used for secure file transfers, making it a valuable target for ransomware groups and nation-state actors. The renewed scanning activity is a red flag for potential zero-day chaining or mass exploitation campaigns.

Conclusion: Stay Ahead of the Threat

With MOVEit vulnerabilities back in the spotlight, now is the time for organizations to review their cyber hygiene, patch aggressively, and prepare for the possibility of supply chain or ransomware attacks. Don’t wait for history to repeat itself—proactive defense is your best protection.

Keywords: MOVEit vulnerability 2025, CVE-2023-34362, MOVEit Transfer exploit, Cl0p ransomware, MOVEit patch update, file transfer security breach, latest MOVEit cyberattack

Inside DPRK’s Diamond Sleet: North Korea’s Stealthy Cyber Espionage Operation

North Korea’s Diamond Sleet: The Silent Threat to Global Cybersecurity North Korea’s cyber operations are becoming increasingly bold and sophisticated—and

ClickFix: The Cybersecurity Risk Hiding in Plain Sight

In today’s digital landscape, where phishing attacks and social engineering are on the rise, a growing cybersecurity concern has emerged—ClickFix

Surge in MOVEit Vulnerability Scanning Raises Alarms: What You Need to Know

Related Posts

Inside DPRK’s Diamond Sleet: North Korea’s Stealthy Cyber Espionage Operation

ClickFix: The Cybersecurity Risk Hiding in Plain Sight

Get Hooked On Cyber News

Home