At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging arecently patched critical vulnerabilityin Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of