Bleeping Computer

CISA warns of Adobe ColdFusion bug exploited as a zero-day

CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild. This critical arbitrary code execution flaw ...
Bleeping Computer

Critical ColdFusion flaws exploited in attacks to drop webshells

Update 7/17/23: The article was updated due to a mistaken warning added by Adobe to its email notification. However, a newer version of the bug was seen by Rapid7 to be actively exploited. Hackers are ...
Infosecurity-magazine.com

Adobe ColdFusion Critical Vulnerabilities Exploited Despite Patches

Fortinet has observed significant threat exploitation targeting Adobe ColdFusion, a web development computing platform. Since those updates, however, Fortinet’s FortiGuard Labs IPS telemetry data has ...
Computer Weekly

Critical Adobe ColdFusion flaws chained in ongoing cyber attacks

Two vulnerabilities in the Adobe ColdFusion platform are being actively exploited by threat actors in a series of cyber attacks, apparently after a proof of concept (PoC) for one of them was ...
heise online

Patch now! Attacks on Adobe ColdFusion and Fortinet firewalls observed

Due to ongoing attacks, administrators should update their Adobe ColdFusion instances and Fortinet firewalls to the latest version. The exploited vulnerabilities have been known for several years in ...
TechRadar

Adobe releases software updates to patch security issues

Adobe patches a flaw found in two versions of ColdFusion It warned users to patch ASAP, since a PoC is available The bug can be used to create or overwrite critical Adobe has fixed a high-severity ...
The Hindu

Hackers use patched security bug in Adobe ColdFusion to compromise U.S. agencies

The security bug in Adobe ColdFusion was exploited as zero day before the software maker fixed it in mid-March. However, the use of outdated versions of the software prompted the U.S. Cybersecurity ...