Companies are worried that the highly privileged password app could let attackers deep inside an enterprises footprint. FBI, CISA and U.S. Coast Guard Cyber Command warned that state-backed advanced persistent threat (APT) actors are likely among those whod been actively exploiting a critical flaw in a Zoho-owned single sign-on and password management tool since early August. At issue was a critical authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus platform that could lead to remote code execution.”]
Source: https://threatpost.com/podcast-zoho-solarwinds/175553/

