Zoho Password Manager Flaw Torched by Godzilla Webshell

November 8, 2021

Researchers have spotted a second, worldwide campaign exploiting the ManagedEngine SelfServiceAD Plus zero-day: one that’s breached defense, energy and healthcare organizations.

A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and exfiltrating data. Read more in this article for Threat Post.

Featured Resources

View More Resources

blog

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link

Idan Sherman, Security Researcher Executive summary The "Shai-Hulud" supply chain campaign has returned, striking harder and smarter than before. This

blog

Top 5 Must-Have Features in an Exposure Management Platform

Security teams are under growing pressure to reduce risk faster and prove resilience continuously. Attack surfaces expand with every new

Solution Brief

Continuous Wiz Validation and Optimization

Make CTEM actionable with continuous threat validation that proves and improves your real-world resilience.

Zoho Password Manager Flaw Torched by Godzilla Webshell

Featured Resources

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link

Top 5 Must-Have Features in an Exposure Management Platform

<img width="169" height="102" src="https://cymulate.com/uploaded-files/2023/08/Wiz-Defend_Certified-Integration-1.svg" alt="" class="kb-img wp-image-31752"/> Continuous Wiz Validation and Optimization

Continuous Wiz Validation and Optimization