ZDNet

Adobe releases out-of-band update to patch ColdFusion zero-day

Adobe has released today an emergency out-of-band update for its ColdFusion development platform that patches a zero-day vulnerability that was being exploited in the wild. In its security bulletin ...
Bleeping Computer

CISA warns of Adobe ColdFusion bug exploited as a zero-day

CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild. This critical arbitrary code execution flaw ...
Ars Technica

Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns

Organizations big and small are once again scrambling to patch critical vulnerabilities that are already under active exploitation and cause the kind of breaches coveted by ransomware actors and ...
Ars Technica

ColdFusion hack used to steal hosting provider’s customer data

A vulnerability in the ColdFusion Web server platform, reported by Adobe less than a week ago, has apparently been in the wild for almost a month and has allowed the hacking of at least one company ...
PC World

Adobe patches actively exploited ColdFusion vulnerabilities

Adobe released security patches for its ColdFusion application server on Tuesday, addressing four critical vulnerabilities that have been actively exploited by attackers since the beginning of January ...
PC World

Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware

Attackers exploited a vulnerability in Adobe ColdFusion to install data-stealing malware that works as a module for Microsoft’s Internet Information Services (IIS) Web server software. Researchers ...
ZDNet

APRA ditches ColdFusion for SharePoint

APRA noted that in January 2010 it had completed the migration of its intranet to SharePoint 2007 — "decommissioning" ColdFusion and CommonSpot in the process — but now was seeking help with migrating ...