The Cring ransomware made headlines as the threat was used in an attack that exploited a bug in the 11-year-old version of Adobe ColdFusion 9 software, the first recorded incident involving the use of the said vulnerability by Cring operators. Previous Cring attacks used insecure Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) vulnerabilities to gain initial access.