Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latestfindingsshow that thecritical vulnerability, tracked asCVE-2023-2868(CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery.