CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft

A zero-day vulnerability (CVE-2024-55956) affecting Cleo Harmony, VLTrader, and LexiCom allows unauthenticated arbitrary command execution via the Autorun directory; CL0P has claimed and begun exploiting this flaw for data theft, the report provides numerous IOCs (Cobalt Strike server IPs, a Java loader SHA-256, autorun filenames, and XML artifacts) and recommends immediate upgrade to Cleo version 5.8.0.24, disabling Autorun if upgrade is not possible, removing affected systems from the public internet, and conducting forensic investigations.