While this vulnerability was patched nearly a year ago, it is still being actively exploited in many organizations. This demonstrates the need for two key functions in any organization – threat intelligence and a patching schedule. Adequate threat intelligence is needed in an organization for a variety of different reasons, but one key reason is to ensure that the organization is made aware of any vulnerabilities that have been released in a timely manner. Threat intelligence works hand-in-hand with a patching schedule, as without it, the team performing the patching may overlook a vulnerability as unimportant or may not be aware of it in the first place. An adequate patching schedule is needed in any organization, as without it, threat intelligence may go unactioned and leave gaps in an environment that an attacker could exploit, leading to the organization being compromised. These two functions both build off each other – if one is lacking, then the overall security of the organization will be affected.
https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-zk-java-framework-rce-flaw/
