MUST READ

U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

 | 

Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

 | 

DarkSword emerges as powerful iOS exploit tool in global attacks

 | 

Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure

 | 

Russia establishes Vienna as key western spy hub targeting NATO

 | 

U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

 | 

Researchers warn of unpatched, critical Telnetd flaw affecting all versions

 | 

CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

 | 

Robotic surgery firm Intuitive reports data breach after targeted phishing attack

 | 

Tracking the Iran War: A Month of Escalation and Regional Impact

 | 

EU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure

 | 

RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts

 | 

CL-STA-1087 targets military capabilities since 2020

 | 

From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures

 | 

Attack on Stryker’s Microsoft environment wiped employee devices without malware

 | 

Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets

 | 

FBI launches inquiry into Steam games spreading malware

 | 

Former Germany’s foreign intelligence VP hit in Signal account takeover campaign

 | 

Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services

 | 

Unprivileged users could exploit AppArmor bugs to gain root access

 | 

CVE-2025-66376

Pierluigi Paganini March 19, 2026
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as CVE-2025-66376 (CVSS score of 7.2), in Zimbra Collaboration. Attackers exploited insufficiently sanitized HTML emails to run scripts when opened, targeting users in Ukraine. […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

Security / March 19, 2026

Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

Security / March 19, 2026

DarkSword emerges as powerful iOS exploit tool in global attacks

Hacking / March 19, 2026

Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure

Malware / March 19, 2026

Russia establishes Vienna as key western spy hub targeting NATO

Intelligence / March 19, 2026