Chinese threat actors exploited a new zero-day vulnerability in Barracuda's Email Security Gateway (ESG) appliances.