MOVEit is a widely used file-transfer service that has been affected by several vulnerabilities. The most recent vulnerability is a critical SQL injection vulnerability that allows an unauthenticated attacker to gain administrative access and escalate privileges, leading to unauthorized access to customer environments. The vulnerability has been assigned CVE-2023-35708 with a severity rating of 9.1. The vulnerability has been actively exploited, and nearly 200 organizations have been impacted to date. Progress Software, the maker of MOVEit, has issued patches for the vulnerability for on-premises versions of MOVEit and patched cloud test servers. The company has also released security advisories and mitigation steps for affected users. Organizations that use MOVEit Transfer should review the available guidance and patching information from Progress Software and be vigilant for additional attempts at exploitation and data theft.