Tag: Four Hacker Groups

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
News

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

Four distinct groups conducted real-world attacks using a zero-day vulnerability in the Zimbra Collaboration email software to steal authentication tokens, user credentials, and email content. According to a report shared with The Hacker News by Google Threat Analysis Group (TAG), "the majority of this activity occurred after the initial fix became public on GitHub." This vulnerability affects versions prior to 8.8.15 Patch 41 and is tracked as CVE-2023-37580 (CVSS score: 6.1). It is a reflected cross-site scripting (XSS) vulnerability. On July 25, 2023, Zimbra released patches that addressed it. By deceiving the victims into clicking on a malicious URL, a successful exploit of this vulnerability could enable the execution of malicious scripts on their web browsers read more Zero...