case

Mendix applications: unintended data exposure due to authorization misconfiguration

We have identified a recurring security issue across multiple Mendix applications where data sources (entities/tables) are accessible to anonymous users or to newly registered users with …

case

OPERATION ENDGAME PART 3

We are notifying victims of the Rhadamanthys infostealer. Since the datasets contain information on a very large number of individuals, we will not be sending individual notifications. …

case

OPERATION ENDGAME 2.0

DIVD is notifying victims of the Latrodectus infostealer, the evolution of IcedID. We are notifying victims that were identified as a part of Operation Endgame 2.0. If you receive a …

case

DIVD responsibly discloses six new zero-day vulnerabilities to vendor

Aug 12, 2024 - DIVD researchers have discovered and, in collaboration with the vendor, disclosed six new zero-day vulnerabilities in Enphase IQ Gateway devices.

case

CASE: Attackers exploit zero day vulnerabilities in Ivanti software, and hack the Norwegian governement

An unknown attacker exploited several zero-day vulnerabilities in two Ivanti services: Ivanti EPMM and Avanti Sentry. The DIVD helped notify users of Ivanti software.

case

OPERATION ENDGAME DIVD-2024-00019

As part of Operation Endgame the Dutch Police and Europol have infiltrated a number of botnets. During this infiltration they obtained data about the victims of these botnets. DIVD is …

case

CASE: IVANTI (New)

The DIVD helped notifying users of Ivanti software.

case

CASE: IVANTI

The DIVD helped notifying users of Ivanti software.

case

CASE: KASEYA

On March 23, 2021, DIVD volunteer Wietse Boonstra found six zero-day vulnerabilities in IT management software from Kaseya, a Miami-based company. This turned out to be one of the biggest …