Security News > 2023 > November > Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
2023-11-16 16:09
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score:
News URL
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html
Related news
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- MITRE says state hackers breached its network via Ivanti zero-days (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-31 | CVE-2023-37580 | Cross-site Scripting vulnerability in Zimbra Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | 6.1 |