GreyNoise identified a notable surge in scanning activity targeting MOVEit Transfer systems beginning on May 27. On June 12, they then observed exploitation attempts against CVE-2023-34362 and CVE-2023-36934. While these critical vulnerabilities are several years old, systems may go unpatched if risk-based patch management policies are not established and followed. The NJCCIC advises updating impacted systems to current patch levels as soon as possible after appropriate testing.