A recent adversary simulation conducted by the MDSec ActiveBreach red team uncovered a critical vulnerability in ArcServe UDP Backup software. Tracked CVE-2023-26258, the flaw affects versions 7.0 to 9.0 of the software and allows for remote code execution (RCE), posing a significant risk to organizations relying on the software for backup infrastructure.

Source: Infosecurity