Adobe ColdFusion servers under attack from APT group by Catalin Cimpanu.
A cyber-espionage group appears to have reverse engineered an Adobe security patch and is currently going after unpatched ColdFusion servers.
If you review the Adobe Security Bulletin, I don’t think “reverse engineer” is the term I would use in this case:
Nor would I use “Advanced Persistent Threat (APT)” for this vulnerability.
The Adobe fail here is the equivalent to leaving a liquor store unattended with the door propped open and the lights on. Theft there doesn’t require a criminal mastermind.
Given patch rates, reading patches could be the easiest way to add exploits to your toolkit.