SugarCRM zero-day used to compromise roughly 10% of all internet-accessible servers
Almost 10% of all internet-accessible SugarCRM servers (representing 291 of 3,066 servers, based on Censys data) were hacked and compromised using a zero-day exploit published online in late December. SugarCRM describes the zero-day as an authentication bypass that allows threat actors to upload encoded images containing malicious PHP code on SugarCRM platforms. Censys researchers say …
