Security News > 2023 > November > Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
2023-11-16 16:09
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score:
News URL
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-37580 | Cross-site Scripting vulnerability in Zimbra Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | 6.1 |