Global Governments Targeted in Massive Zimbra Zero-Day Hacking Spree
Google's Threat Analysis Group (TAG) has discovered that hackers exploited a zero-day vulnerability in Zimbra Collaboration email server, known as CVE-2023-37580, to steal sensitive data from government systems in multiple countries. The vulnerability, an XSS issue in the Zimbra Classic Web Client, was exploited by four distinct threat actors before the vendor released a patch. The attacks involved email data exfiltration, auto-forwarding, and phishing. Google's report highlights the importance of timely security updates, even for medium-severity vulnerabilities, as adversaries can exploit them to further their attacks. This incident is another example of XSS flaws being leveraged to target mail servers.