Exploit code has been published for a critical-severity flaw in VMware's network monitoring tool, the company said on Thursday.
Researchers point to an “aggressive and skilled actor” with suspected links to China as the group behind the attacks on a recently disclosed Barracuda ESG zero day.
After deploying two patches, Barracuda said that businesses impacted by an actively exploited flaw must immediately replace their ESG appliances.
Threat actors continue to target the critical-severity file transfer bug to launch data exfiltration attacks, and researchers say organizations should potentially expect ransom emails in the coming weeks.
Researchers warn that they are seeing widespread exploitation of the critical-severity Zyxel flaw.