Barracuda Networks has urged some of its customers to physically remove and decommission affected hardware, instead of simply applying software updates, after a major malware outbreak. The Barracuda Email Security Gateway (ESG) 900 appliance was compromised by a previously unknown vulnerability that had been exploited since October 2022. The flaw lay in the Barracuda software component that scans attachments for malware. Barracuda issued a patch which was pushed to all affected appliances, but later urged clients to replace the appliances entirely. Approximately 5% of affected ESG appliances worldwide showed evidence of being compromised.
https://krebsonsecurity.com/2023/06/barracuda-urges-replacing-not-patching-its-email-security-gateways/