Researchers have spotted a second, worldwide campaign exploiting the ManagedEngine SelfServiceAD Plus zero-day: one that’s breached defense, energy and healthcare organizations.

A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and exfiltrating data.

Read more in this article for Threat Post.

Read More