CISA has confirmed that threat actors exploited a critical flaw (CVE-2023-26360) in Adobe ColdFusion, allowing arbitrary code execution on vulnerable systems. The issue affects ColdFusion 2018 (Update 15 and earlier), 2021 (Update 5 and earlier), and unsupported versions 2016 and 11. At least two public-facing servers at a Federal Civilian Executive Branch (FCEB) agency were compromised between June and July 2023.
Explore the emergence of Medusa Ransomware, its impact across various sectors, and steps organizations can take to mitigate risks as detailed in the recent cybersecurity advisory by the FBI, CISA, and MS-ISAC.