Barracuda ESG zero-day exploited since October 2022 by UNC4841 (China-nexus APT) in mass campaign against government and defense organizations. Barracuda recommended REPLACING physical appliances — patch was insufficient. This is an extremely severe supply-chain-adjacent attack.
Barracuda Email Security Gateway (ESG) appliance had a remote code execution vulnerability due to incomplete input validation of file names in TAR archive attachments.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →