CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw

December 6, 2023 at 05:32PM An unidentified actor exploited a patched Adobe ColdFusion vulnerability, CVE-2023-26360, on two US government agency servers, targeting legacy versions for reconnaissance without data theft or lateral movement. Adobe and CISA had previously ranked the flaw critical. Security tools detected the incidents, highlighting risks inherent in legacy systems. Meeting Takeaways: 1. … Read more