After disclosing a security incident on Thursday, remote access software company TeamViewer on Friday said that the attack was “tied to credentials of a standard employee account” within its Corporate IT environment.
The popular polyfill.io JavaScript library has been used to inject malicious code into thousands of sites in the last few days.
Fortra disclosed a critical-severity SQL injection flaw in FileCatalyst Workflow, and researchers have also published a proof-of-concept exploit code for the bug.
The flaws include a critical-severity MOVEit Transfer authentication bypass bug (CVE-2024-5806).
According to the latest Cisco Talos Incident Response Quarterly Trends report, instances related to MFA were involved in some capacity in half of all security incidents that the Talos team responded to in the first quarter of 2024.