In June 2023, Google’s Threat Analysis Group (TAG) discovered a 0-day exploit targeting Zimbra Collaboration, an email server used by many organizations. The vulnerability allowed malicious scripts to be injected into websites, leading to email data theft and credential phishing. TAG observed four different groups exploiting the bug, even after a patch was released. This highlights the importance of keeping software up-to-date and applying security updates promptly. The exploit campaigns demonstrate how attackers monitor open-source repositories to take advantage of vulnerabilities. This incident follows previous exploits on Zimbra mail servers and underscores the need for code auditing to address XSS vulnerabilities. TAG commends Zimbra for their swift response and urges organizations to prioritize patching.
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-steal-email-data-from-government-organizations/