
Cleo MFT Exploitation: Cl0p Data Theft (CVE-2024-50623)
A Cleo Harmony managed file transfer server is compromised through an unauthenticated file-write vulnerability in its autorun directory (CVE-2024-55956). When the service restarts, the planted XML triggers a Java loader that stages a backdoor, provisions a rogue account, and streams stored transfer files to external infrastructure. Reconstruct the chain from the Cleo web logs, Windows event logs, and perimeter firewall.
Launches in 5 days
Tuesday, July 7, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
7 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 7, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever