Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/
https://fortifydata.com/blog/cve-2019-1653-cve-2019-1652-cve-2021-40539-cve-2021-27860-volt-typhoon/
https://www.zscaler.com/blogs/security-research/retrospective-avoslocker
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
https://www.trendmicro.com/en_hk/research/23/f/an-overview-of-the-trigona-ransomware.html
https://www.tenable.com/blog/volt-typhoon-cybersecurity-advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://areteir.com/static/5055b091d5c24a9ed63a06d70f2da20e/Trigona-Report_020224_web.pdf
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild