Security News

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

2025-02-26 04:33

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known...

#cisa #exploitation #KEV #microsoft #zimbra #CVE-2024-49035

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

2025-02-10 09:09

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain...

#security #SQL #ssrf #update #vulnerabilities #XSS #zimbra #CVE-2025-25064

US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers

2024-10-10 18:49

U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers "at a mass scale." [...]

#hacker #russian #server #UK #US #zimbra

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast

2024-10-06 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started...

#critical #patch #patchtuesday #RCE #vulnerability #zimbra #CVE-2024-45519

Weird Zimbra Vulnerability

2024-10-03 11:04

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint...

#vulnerability #zimbra

Critical Zimbra RCE flaw exploited to backdoor servers using emails

2024-10-02 14:15

Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server. [...]

#backdoor #critical #email #RCE #server #zimbra

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

2024-10-02 11:05

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say...

#critical #CVE #exploitation #RCE #vulnerability #zimbra #CVE-2024-45519

'Patch yesterday': Zimbra mail servers under siege through RCE vuln

2024-10-02 10:50

Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.…

#patch #RCE #server #zimbra

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

2024-10-02 05:56

Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it...

#attack #critical #researcher #zimbra #CVE-2024-45519

Google: Hackers exploited Zimbra zero-day in attacks on govt orgs

2023-11-17 16:04

Google's Threat Analysis Group has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. According to Google's threat analysts, the threat actors exploited the vulnerability on government systems in Greece, Moldova, Tunisia, Vietnam, and Pakistan to steal email data, user credentials, and authentication tokens, perform email forwarding, and lead victims to phishing pages.

#attack #google #hacker #zeroday #zimbra

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News