Security News > 2023 > November > Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
2023-11-16 16:09
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score:
News URL
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html
Related news
- U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-37580 | Cross-site Scripting vulnerability in Zimbra Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | 6.1 |