Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day (CVE-2023-37580) to steal emails from governments. Google Threat Analysis Group (TAG)Â researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580Â (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens […]
A massive social engineering campaign is targeting users of the Zimbra Collaboration email server to steal their login credentials. ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. Zimbra Collaboration is an open-core collaborative software platform. The campaign is still ongoing and is targeting a wide range of […]
Zimbra has released updates to address a zero-day vulnerability actively exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Zimbra urges customers to manually install updates to fix a zero-day vulnerability that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers. Zimbra Collaboration Suite is a comprehensive open-source messaging and […]
Russian hacking group Winter Vivern has been actively exploiting Zimbra flaws to steal the emails of NATO and diplomats. A Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 […]
Threat actors have compromised hundreds of servers exploiting critical flaw CVE-2022-41352 in Zimbra Collaboration Suite (ZCS). Last week, researchers from Rapid7 warned of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352, in the Zimbra Collaboration Suite. Rapid7 has published technical details, including a proof-of-concept (PoC) code and indicators of compromise (IoCs) regarding […]
Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide. Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries. Yesterday, August 11, CISA has […]
US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924, to its Known Exploited Vulnerabilities Catalog. In middle June, researchers from Sonarsource discovered […]
Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab’s UnRAR utility, tracked as CVE-2022-30333, that can be exploited by remote attackers to execute arbitrary code on a system that relies on the binary, like Zimbra […]
A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of users. Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite, tracked as CVE-2022-27924Â (CVSS score: 7.5), that can be exploited by an unauthenticated attacker to steal login credentials of users without user […]
Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). Ukraine’s CERT (CERT-UA) warns of threat actors that are targeting government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). “Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch […]