The FBI says a zero-day vulnerability in Zoho’s ManageEngine Central has been under active exploitation by state-backed hacking groups since at least October. The vulnerability is a critical authentication bypass vulnerability attackers could exploit to execute arbitrary code on vulnerable Desktop Central servers. Zoho advises customers to update their installations to the latest build as soon as possible. The company also warned customers of ongoing exploitation attempts urging them to immediately deploy the security updates to block incoming attacks. There are over 2,900 instances exposed to incoming attacks using the vulnerability. The FBI and CISA issued joint advisories warning of APT actors exploiting these flaws.”]