Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

November 16, 2023 at 11:48AM A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups, resulting in the theft of email data, user credentials, and authentication tokens. The flaw, tracked as CVE-2023-37580, allowed the execution of malicious scripts by tricking users into clicking on a specially crafted URL. The attacks … Read more

Zimbra Zero-Day Exploited to Hack Government Emails

November 16, 2023 at 11:45AM Google’s Threat Analysis Group (TAG) has disclosed that a zero-day exploit in Zimbra Collaboration Suite was used to steal email data from government organizations worldwide. The vulnerability (CVE-2023-37580) was made public in July, and it allows attackers to execute malicious code through specially crafted URLs sent via email. Google observed … Read more