(March 8, 2017) Cisco Talos group has identified attacks against a 0Day vulnerability in Apache Struts, which is a popular Java app framework. An advisory was issued Monday, stating the problem exists in the Jakarta Multipart parser. An attacker could perform a RCE attack with a malicious contenttype value. Users were advised to upgrade or switch to a different implementation of the parser. Numerous attacks appeared to be taking advantage of a publicly released proof of concept to run assorted commands. Struts was previously compromised by Chinese hackers in 2014, who exploited known vulnerabilities to install a backdoor. Message here: keep patches current.

Source: http://www.csoonline.com/article/3178744/security/cisco-and-apache-issue-warnings-over-zero-day-flaw-being-targeted-in-the-wild.html#tk.twt_cso