SecurityWeek

Russian APT Exploits Zimbra Vulnerability Against Ukraine

Russia-linked APT28 has exploited a high-severity XSS vulnerability in Zimbra in attacks against Ukrainian entities.

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).
Dark Reading

Cyberattackers Exploit Zimbra Zero-Day Via ICS

An unknown threat actor masquerading as the Libyan Navy's Office of Protocol targeted the Brazilian military earlier this year using a malicious calendar (ICS) file to deliver an exploit for a then ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Computer Weekly

Nation states buying hacking tools from underground Russian cyber forums

Nation states have been identified shopping on Russian cyber crime forums for malware they can use to wipe computers of data in hostile hacking attacks. Russian-speaking hacking forums, including ...
Searchenginejournal.com

WordPress Discovers XSS Vulnerability – Recommends Updating To 6.5.2

WordPress announced the 6.5.2 Maintenance and Security Release update that patches a store cross site scripting vulnerability and fixes over a dozen bugs in the core and the block editor. The same ...