Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.

The maximum severity CVE-2024-1709 auth bypass flaw has been under active exploitation since Tuesday, one day after ConnectWise released security updates and several cybersecurity companies published proof-of-concept exploits.