SecurityWeek
10 months agoPrivacy professionals
Zimbra Zero-Day Exploited to Hack Government Emails
A Zimbra Collaboration Suite zero-day vulnerability was exploited to steal email data from government organizations in multiple countries.
The exploit, tracked as CVE-2023-37580, is a reflected cross-site scripting (XSS) bug that requires the user to click on a malicious link.
Google's Threat Analysis Group observed multiple campaigns exploiting the zero-day and linked the attacks to a Russian APT known as Winter Vivern. [ more ]