Progress Software News Articles
Recent news articles refferecing the vendors vulnerabilities.

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm
CISA adds five exploited vulnerabilities to its KEV catalog, including flaws in Cisco, Microsoft, and Progress software.
2 weeks ago
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) - Help Net Security
Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution flaw in Progress WhatsUp Gold.
Exploit released for critical WhatsUp Gold RCE flaw, patch now
A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible.

CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks
CISA issued an urgent security advisory warning organizations about an active exploitation of a vulnerability in Progress Kemp LoadMaster.
CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation
CISA is warning organizations that CVE-2024-1212, a Kemp LoadMaster OS command injection vulnerability, is being exploited in attacks.
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster.

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation
Critical flaws in Progress Kemp LoadMaster and VMware vCenter Server are under active exploitation, warns CISA.
Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks
Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.
Hackers targeting WhatsUp Gold with public exploit since August
Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software.

Critical CVE-2024-4885 Flaw In WhatsUp Gold Exposes Systems
Progress Software’s WhatsUp Gold has a severe CVE-2024-4885 flaw allowing remote code execution.
6月WhatsUp Gold修補漏洞,8月初駭客攻擊行動開始現蹤
本月初Shadowserver基金會發現,Progress在6月修補的RCE漏洞CVE-2024-4885,已被實際用於攻擊行動,呼籲IT人員要儘速修補

WhatsUp Gold Sotto Attacco: Aggiornamento Immediato Essenziale
Nuova vulnerabilità critica CVE-2024-4885 in WhatsUp Gold che consente l'esecuzione di codice remoto senza autenticazione. Aggiorna subito alla versione 2023.1.3 per proteggere la tua rete dagli attacchi informatici.

Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now - BVTech San Antonio | Next-Gen Managed IT Services
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug … Read More


Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now
Urgent update required for WhatsUp Gold due to active exploits of critical security flaw CVE-2024-4885. Patch now to secure your network.
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks.
Critical bug in Progress Telerik Report Server leads to RCE
Progress Software's latest security advisory warns customers about the second critical vulnerability targeting its Telerik Report Server in as many months. CVE-2024-6327 is an insecure deserialization...
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) - Help Net Security
Progress Software has fixed a critical RCE vulnerability (CVE-2024-6327) in its Telerik Report Server solution.

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
Progress Software urges users to update Telerik Report Server due to a critical security flaw (CVE-2024-6327) with a CVSS score of 9.9.
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server.
Progress warns of critical RCE bug in Telerik Report Server
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices.

WhatsUp Gold открывает новую дверь для компрометации корпоративных секретов
CVE-2024-4885 превратила инструмент мониторинга в мощное оружие киберпреступников.

Summoning Team
Lets analyze a privilege escalation which I found targeting progress whatsup gold, this is the story of CVE-2024-5009

Summoning Team
I discovered an unauthenticated path traversal against the latest version of progress whatsup gold and turned it into a pre-auth RCE, following is how I did it, this is the story of CVE-2024-4885
Shiny Hunters claims to have breached Ticketmaster and Santander through Snowflake accounts.
London hospitals disrupted by ransomware attack. More cyberespionage in the South China Sea region. Fog ransomware targets the US education sector.
CCB Issues Warning On Progress Telerik Vulnerabilities
The Centre for Cybersecurity Belgium issued a security advisory on critical vulnerabilities affecting Progress Telerik products.
Critical Progress Telerik vulnerability under attack | TechTarget
The Shadowserver Foundation observed exploitation attempts that leverage a critical vulnerability in Progress Telerik Report Server.

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts
Critical security flaw discovered in Progress Telerik Report Server (CVE-2024-4358, CVSS 9.8/10). Remote attackers could bypass authentication.
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) - Help Net Security
A PoC exploit chaining together CVE-2024-4358 and CVE-2024-1800 can achieve unauthenticated RCE on Progress Telerik Report Servers.
Progress Patches Critical Vulnerability in Telerik Report Server
A critical vulnerability in the Progress Telerik Report Server could allow unauthenticated attackers to access restricted functionality.
Exploit for critical Progress Telerik auth bypass released, patch now
Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.
Summoning Team
Progress Report Server Unauthenticated Remote Code Execution Chain

Urgent Security Alert: Critical Vulnerability in Telerik Report Server - CVE-2024-4358
A recent discovery reveals a critical vulnerability in Progress Telerik Report Server, allowing unauthenticated access and control. Learn about CVE-2024-4358 and how to secure your systems.

Progress Telerik Report Server Flaw Let Attackers Bypass Authentication
A new vulnerability has been discovered in the Progress Telerik Report server which was related to Authentication Bypass.

Another Path to Exploiting CVE-2024-1212 in Progress Kemp LoadMaster
Rhino Labs discovered a pre-authentication command injection vulnerability in the Progress Kemp LoadMaster. LoadMaster is a load balancer product that comes in many different flavors and even has a…

CVE-2024-1800 (CVSS 9.9): Critical RCE Flaw Found in Popular Reporting Platform
A major security flaw (CVE-2024-1800) has been discovered in the Progress Telerik Report Server, a widely used business reporting solution

Progress Kemp LoadMaster - Command Injection (CVE-2024-1212)
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n.

CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster - Rhino Security Labs
CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.

Security Advisory: Critical Vulnerability Alert for Progress Kemp Products | CVE-2024-1212
Alert on a critical vulnerability, CVE-2024-1212, in Progress Kemp products. Learn about the risks and recommended actions to mitigate this security issue.

CVE-2023-42659: Critical WS_FTP Server Vulnerability
Progress Software has urged its customers to immediately patch a critical vulnerability in its WS_FTP Server software. This vulnerability, identified as CVE-2023-42659 and carrying a CVSS score of 9.1, allows authenticated Ad Hoc Transfer users to upload files to arbitrary locations on the underlyin...
WS_FTP flaw CVE-2023-40044 actively exploited in the wild
Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products.