Threat actors exploited a critical-severity VMware flaw for almost two years before patches were released in October.
Exploitation has been observed in the wild for a critical flaw in the file transfer server from the MOVEit Transfer maker.
The average time that it takes threat actors to exploit vulnerabilities - either prior to or after their public disclosure - is going down.
Exploit code has been published for a critical-severity flaw in VMware's network monitoring tool, the company said on Thursday.
Researchers point to an “aggressive and skilled actor” with suspected links to China as the group behind the attacks on a recently disclosed Barracuda ESG zero day.