Archives

Zimbra

Threat Intelligence

Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925

August 10, 2022

Volexity Threat Research

[Note: Volexity has reported all findings in this post to Zimbra. Where an existing contact was known, Volexity has notified local CERTs of compromised Zimbra instances in their constituency. The […]

Threat Intelligence

Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra

February 3, 2022

Steven Adair and Tom Lancaster

[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022. This vulnerability […]

1 / 1