Security News > 2023 > November > Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
2023-11-16 16:09
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score:
News URL
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html
Related news
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025 (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-37580 | Cross-site Scripting vulnerability in Zimbra Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | 6.1 |