Barracuda, a prominent provider of email and network security solutions, has proactively reached out to a number of companies that were targeted through a zero-day vulnerability discovered in its Email Security Gateway (ESG) appliances. The vulnerability, identified as CVE-2023-2868, has been classified as a remote command injection flaw.
Over the weekend, Barracuda promptly applied two fixes to address the vulnerability. However, on Tuesday, the company discovered that some of its clients were still compromised by undisclosed threat actors, despite the implemented patches.
