Telerik Vulnerability Abused by Threat Actors - Warns CISA

Multiple threat groups were found abusing CVE-2023-26360, a high-severity three-year-old bug, in Progress Telerik to infiltrate an unnamed federal entity in the U.S. The successful exploitation of the bug allowed threat actors to remotely execute arbitrary code on an FCEB agency's Microsoft Internet Information Services (IIS) web server.