Barracuda has disclosed information about a recent attack campaign that exploits a zero-day vulnerability in its ESG appliances to deploy three different malware strains. The CISA added the flaw to its KEV catalog last week, urging federal agencies to apply the patches by June 16.