The Clop ransomware group has claimed responsibility for exploiting zero-day vulnerabilities in Cleo’s managed file transfer platforms (Cleo Harmony, VLTrader, and LexiCom). The attackers used these vulnerabilities to breach corporate networks, steal data, and gain unauthorized access. The vulnerabilities include an autorun directory feature and an arbitrary file-write flaw which allows the execution of malicious files and establishing persistent access using webshells. The attack has impacted businesses across various sectors, including consumer products, food, and shipping, with most incidents occurring in the United States.