"Four Threat Groups Targeted Zimbra Collaboration Flaw"

According to Google's Threat Analysis Group (TAG), four different campaigns are exploiting a vulnerability in the Zimbra Collaboration server, which the team discovered in June. Three of the campaigns emerged in the weeks following the bug's hotfix being posted to GitHub. The Cross-Site Scripting (XSS) bug first appeared in June, when the researchers observed a threat actor exploiting it in attacks targeting government organizations in Greece. This article continues to discuss the discovery of four separate campaigns exploiting a vulnerability in the Zimbra Collaboration server.

Decipher reports "Four Threat Groups Targeted Zimbra Collaboration Flaw"

Submitted by grigby1