A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. Lace Tempest has previously exploited zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer installations to steal data from many enterprises and public sector organizations.
Source: Help Net Security