Security News > 2023 > December > Hackers breach US govt agencies using Adobe ColdFusion exploit
The U.S. Cybersecurity and Infrastructure Security Agency is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.
The security issue allows executing arbitrary code on servers running Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier.
The first incident was recorded on June 26 and relied on the critical vulnerability to breach a server running Adobe ColdFusion v2016.
The second incident occurred on June 2 when the hackers exploited CVE-2023-26360 on a server running Adobe ColdFusion v2021.
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks.
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide.
News URL
Related news
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Aiohttp bug to find vulnerable networks (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-23 | CVE-2023-26360 | Improper Access Control vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. | 8.6 |