Zimbra Collaboration, an open-source software suite for collaboration, is utilized by over 5,000 companies and public sector users in more than 140 countries. However, Google TAG discovered a 0-day exploit in June 2023 that targeted Zimbra Collaboration (CVE-2023-37580). Four distinct groups exploited this bug, stealing email data, user credentials, and authentication tokens. The vulnerability, known as Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability, has a base score of 6.1 and a medium severity level. Most of the hacking activity occurred after the initial fix was made public on GitHub. To stay protected, it is recommended to keep software up-to-date and apply security updates promptly. Zimbra released a hotfix on July 5, 2023, and provided an advisory on July 13, 2023. Researchers also identified three threat groups exploiting the vulnerability before the official patch, with a fourth campaign emerging after the fix. The urgency for mail server fixes is underscored by the discovery of these campaigns. Regular XSS exploits highlight the importance of conducting rigorous mail server code audits.
Related Posts

Apple has released iOS 18.4.1 and iPadOS 18.4.1 to address two critical zero-day vulnerabilities that were actively exploited in highly…

The first day of Pwn2Own Ireland 2024 has concluded with an impressive showcase of cybersecurity prowess, as hackers demonstrated their…

Hackers weaponize shortcut files because they are an inconspicuous way to execute malicious code on a target system. These files…