Just seen an attempted RCE for a client that had the foundation accounting software installed. Luckily the EDR blocked the payload download. Client didn’t even know they still had Foundation installed.

Here’s a link to the article I found on it by huntress for remediation tips if your org has it: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software

May be of use to someone on here. Have a great day all.