klinikaxp-hardcoded-ftp-supply-chain-attack
Hard-coded FTP credentials in KlinikaXP allowed an attacker to upload a malicious update to the vendor update server, possibly distributing it to client machines; vendors rotated credentials and removed the hard-coded secrets.