The FBI has issued a warning stating that even after being patched against a critical flaw, Barracuda Networks Email Security Gateway (ESG) appliances are still vulnerable to potential compromise by suspected Chinese hacking groups.
It said that the fixes were not effective and that it still sees intrusions and considers all affected Barracuda ESG devices to be compromised and vulnerable to this attack.
By infosecbulletin
/ Tuesday , April 29 2025
A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
Google's Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
By infosecbulletin
/ Monday , April 28 2025
On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
By infosecbulletin
/ Monday , April 28 2025
India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
By infosecbulletin
/ Monday , April 28 2025
Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
By infosecbulletin
/ Monday , April 28 2025
Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
By infosecbulletin
/ Sunday , April 27 2025
A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
By infosecbulletin
/ Saturday , April 26 2025
NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...
Read More
ALSO READ:
WinRAR zero-day exploited since April to hack trading accounts
CVE-2023-2868 is a zero-day bug that was tracked with a CVSS score of 9.8. It was discovered to have been weaponized in October 2022, more than seven months before it was fixed. Mandiant, owned by Google, is diligently monitoring the China-nexus activity cluster known as UNC4841.
With the presence of a remote command injection vulnerability in versions 5.1.3.001 through 9.2.0.006, unauthorized individuals can gain administrator privileges and execute system commands on the ESG product.
The observed attacks have shown that a successful breach serves as a gateway to unleash numerous malware strains, including SALTWATER, SEASIDE, SEASPY, SANDBAR, SEASPRAY, SKIPJACK, WHIRLPOOL, and SUBMARINE (also known as DEPTHCHARGE). These strains enable the execution of any commands and effectively evade defense mechanisms.

The FBI stated that cyber actors used a vulnerability to add harmful payloads to the ESG appliance. These payloads had various capabilities like persistent access, email scanning, credential harvesting, and data exfiltration.
The threat intelligence company has identified UNC4841 as an aggressive and highly skilled group, showcasing a remarkable ability to adapt their custom tools and employ advanced tactics to maintain control over high-value targets with remarkable persistence.
The federal agency strongly advises customers to immediately isolate and replace all affected ESG devices. It is also crucial to conduct thorough network scans to identify any suspicious outgoing traffic.