Hackers have been actively targeting vulnerabilities in Adobe ColdFusion to remotely execute code and compromise servers, and leading experts urge users to immediately update to patched versions.
Security firm Rapid7 warns it has identified an attack campaign that dates from at least early January that has compromised the ColdFusion installations of multiple organizations. It hasn’t been able to conclusively tie those attacks to any specific vulnerabilities, meaning it’s not clear if zero-day flaws play a role.