ConnectWise News Articles
Recent news articles refferecing the vendors vulnerabilities.
Questions Swirl Around ConnectWise Flaw Used in Attacks
ConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company's disclosures don't explain what the vulnerability is and when it was first exploited.
Help Net SecurityCVE-2025-3935Attackers breached ConnectWise, compromised customer ScreenConnect instances - Help Net Security
A suspected nation state threat actor has compromised ScreenConnect cloud instances of a "very small number" of ConnectWise customers
The RegisterCVE-2025-3935ConnectWise compromised by 'sophisticated' nation state
ConnectWise has brought in the big guns to investigate a "sophisticated nation state actor" that broke into its IT environment and then breached some of its customers. In a May 28 advisory, the IT management...
ConnectWise customers get mysterious warning about 'sophisticated' nation-state hack
ConnectWise has brought in the big guns to investigate a "sophisticated nation state actor" that broke into its IT environment and then breached some of its customers. In a May 28 advisory, the IT management...
GBHackers NewsCVE-2025-3935ConnectWise Hit by Advanced Cyberattack: Internal Data at Risk
ConnectWise responded by engaging forensic experts from Mandiant, alerting affected customers, and coordinating with law enforcement.
The Hacker NewsCVE-2025-3935ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
ConnectWise breached by suspected nation-state actor in May 2025; Google Mandiant leads probe; flaw CVE-2025-3935 patched earlier.
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog
Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Intern...
Security IntelligenceRemote access risks on the rise with CVE-2024-1708 and CVE-2024-1709
ConnectWise recently reported two vulnerabilities in its ScreenConnect product, allowing threat actors to bypass authentication and execute remote code.
CISA urges software devs to weed out path traversal vulnerabilities
CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping.
Chinese government hacker exploiting ScreenConnect, F5 bugs to attack defense and government entities
A hacker allegedly connected to the People's Republic of China (PRC) has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia.
www.secureworks.comWidespread Exploitation of ConnectWise ScreenConnect Server Vulnerabilities
On February 19, 2024, ConnectWise released a security bulletin detailing the following two vulnerabilities in the self-hosted ScreenConnect server. Both vulnerabilities were reported to ConnectWise on...
Remediation and Hardening Guide for ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) | Mandiant
On Feb. 19, 2024, ConnectWise announced two vulnerabilities for their ScreenConnect product affecting (on-premises) versions 23.9.7 and earlier:CVE-2024-1708 – Authentication Bypass Vulnerability...
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.
TechRepublicNew Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers
One vulnerability impacting ConnectWise ScreenConnect that allows remote attackers to bypass authentication to create admin accounts is being used in the wild.
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.
OODA Loop - IntelligenceCVE-2024-1709ScreenConnect Flaws Exploited to Deliver All Kinds of Malware (CVE-2024-1709, CVE-2024-1708)
ConnectWise ScreenConnect is a remote desktop solution consisting of server and client elements (applications). This makes it a popular solution for offering technical assistance or for remotely managing data centers. However, this is also what makes it a popular solution for attackers, who exploit ...
ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware
Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers.
'SlashAndGrab' ScreenConnect Vulnerability Widely Exploited for Malware Delivery
ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware.
ConnectWise ScreenConnect attacks deliver malware
Sophos X-Ops is tracking a developing wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations. This page provides advice and guidance for customers, researchers,...
CyberSecurityNewsScreenConnect Security Flaw Exploited In The Wild By Attackers
The ScreenConnect software is a popular choice for remote access among organizations worldwide. However, recent vulnerabilities have raised
ConnectWise ScreenConnect flaws under attack, patch now | TechTarget
ConnectWise said Feb. 20 that two critical vulnerabilities in its ScreenConnect remote access software were under exploitation by threat actors.
ScreenConnect servers hacked in LockBit ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.
New ScreenConnect RCE flaw exploited in ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.
Help Net SecurityAttackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) - Help Net Security
2 ScreenConnect vulnerabilities ConnectWise has urged customers to patch now have CVE numbers: CVE-2024-1709 and CVE-2024-1708.
Unit 42Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
CVE-2024-1708 and CVE-2024-1709 affect ConnectWise remote desktop application ScreenConnect. This Threat Brief covers attack scope and includes our telemetry.
ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns
Thousands of ScreenConnect servers are at risk of takeover from a CVSS 10-scored vulnerability.