GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday.
January 2, 2026 By Ionut Arghire
A threat actor has been targeting roughly a dozen vulnerabilities in Adobe ColdFusion as part of a massive initial access campaign, GreyNoise warns.
During the Christmas 2025 holiday, the threat intelligence firm observed thousands of requests targeting ColdFusion servers globally, apparently part of a single, coordinated intrusion effort.
The requests mainly originated from Japan-based infrastructure (associated with CTG Server Limited), with two IP addresses accounting for most of the observed traffic.
GreyNoise observed approximately 6,000 requests targeting ColdFusion vulnerabilities that were publicly disclosed in 2023 and 2024, with the activity peaking on December 25.
“The campaign leveraged ProjectDiscovery Interactsh for out-of-band callback verification, with JNDI/LDAP injection as the primary attack vector. The deliberate timing during Christmas Day (68% of traffic) suggests intentional targeting during reduced security monitoring periods,” GreyNoise notes.