CyberSecurityBoard
Sponsor Register Login

Attackers Exploit Zimbra Zero-Day in ICS Environments

A critical zero-day vulnerability in Zimbra Collaboration Suite is being actively exploited by attackers targeting Industrial Control Systems (ICS). This vulnerability allows threat actors to execute arbitrary code remotely, posing significant risks to organizations relying on Zimbra for email and collaboration. The exploitation of this zero-day highlights the increasing trend of cybercriminals focusing on ICS environments, which are crucial for critical infrastructure and industrial operations. Security experts urge immediate patching and enhanced monitoring to mitigate potential damage. This article delves into the technical details of the vulnerability, the attack vectors used, and the implications for cybersecurity in industrial sectors. It also provides best practices for organizations to defend against such sophisticated attacks, emphasizing the importance of timely updates and comprehensive security strategies.

This Cyber News was published on www.darkreading.com. Publication date: Mon, 06 Oct 2025 20:30:08 +0000


Cyber News related to Attackers Exploit Zimbra Zero-Day in ICS Environments

Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
1 year ago Securelist.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now! - “Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, ...
1 year ago Securityaffairs.com CVE-2024-45519
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834
Critical Zimbra RCE flaw actively exploited to take over servers - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
1 year ago Bleepingcomputer.com CVE-2024-45519
Critical Zimbra RCE flaw exploited to backdoor servers using emails - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
1 year ago Bleepingcomputer.com CVE-2024-45519
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs - Google's Threat Analysis Group has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. Hackers leveraged a medium-severity ...
1 year ago Bleepingcomputer.com CVE-2023-37580 CVE-2022-24682 CVE-2023-5631
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
2 years ago Securityweek.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
Zimbra RCE Vuln Under Attack Needs Immediate Patching - "Some emails from the same sender used a series of CC'd addresses attempting to build a Web shell on a vulnerable Zimbra server," Proofpoint said. Attackers are actively targeting a severe remote code execution vulnerability that ...
1 year ago Darkreading.com CVE-2023-37580 CVE-2024-45519 Lazarus Group
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887 CVE-2021-22893
Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq - Resecurity and ICS Technologies IRAQ, a well-established ICT System Integration Company with HQ in Baghdad, Iraq, have joined forces to fortify cybersecurity, fraud prevention and risk intelligence measures nationwide. This strategic partnership is ...
1 year ago Helpnetsecurity.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Zimbra Collaboration Server GraphQL Vulnerability Exposes Sensitive User Data - The flaw resides in Zimbra’s webmail interface’s GraphQL endpoint (/service/extension/graphql), where improper CSRF token validation enables malicious actors to manipulate authenticated users into triggering unintended actions. Zimbra ...
5 months ago Cybersecuritynews.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273 CVE-2021-1435
7 Critical ICS Flaws Unpatched as Critical Infrastructure Attacks Rise - As cyberattacks against critical infrastructure rise, there remains a number of unpatched vulnerabilities in Industrial Control Systems (ICS) that can be exploited. In a recent report from Cybersecurity Ventures, 100 percent of ICS nodes were ...
2 years ago Csoonline.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
Hackers exploited Zimbra flaw as zero-day using iCalendar files - A critical zero-day vulnerability in Zimbra Collaboration Suite has been actively exploited by hackers using malicious iCalendar files. This flaw allows attackers to execute arbitrary code remotely, posing a significant threat to organizations ...
3 days ago Bleepingcomputer.com CVE-2023-4948
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
1 year ago Feeds.dzone.com
Attackers Exploit Zimbra Zero-Day in ICS Environments - A critical zero-day vulnerability in Zimbra Collaboration Suite is being actively exploited by attackers targeting Industrial Control Systems (ICS). This vulnerability allows threat actors to execute arbitrary code remotely, posing significant risks ...
2 days ago Darkreading.com CVE-2024-XXXX
Zimbra RCE Vulnerability (CVE-2024-45519) - Exploit POC Released - Zimbra, a popular email and collaboration platform, has issued a crucial security update to patch a severe vulnerability in its postjournal service. Attackers could exploit it to run arbitrary commands without authentication, which poses a ...
1 year ago Cybersecuritynews.com CVE-2024-45519

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)