New MOVEit Transfer zero-day vulnerability leaked on Twitter

Bloomberg BNN reports that details of a new zero-day vulnerability impacting Progress Software's MOVEit Transfer file transfer app that had been disclosed by an ethical hacker and exploit writer to Huntress Senior Researcher John Hammond had been inadvertently exposed by the exploit writer on Twitter. Information regarding the zero-day which has been discovered following the emergence of two others, one of which has been actively exploited by the Clop ransomware operation was sought to be removed on Twitter by Hammond but has already circulated on Slack, prompting Hammond to notify Progress, which has released a fix the following day. Meanwhile, the ethical hacker, who goes by the name @MCKSysAr, has apologized for the early release of the vulnerability, which he did not know was a new flaw. D espite the details of the vulnerability being spread prior to a patch, there has been no evidence suggesting active exploitation, according to Progress spokesperson John Eddy. "Across the industry, this type of software vulnerability is discovered tens of thousands of times a year and the usual process is to responsibly notify companies directly in order to limit risk, rather than posting about them publicly as occurred here," said Eddy.