Zimbra Zero-Day Exploit

Cyber Security News by CyberSum.net

Published on October 6, 2025 at 12:00 PM

3 sources

A zero-day exploit in Zimbra Collaboration Suite was used to target a military organization in a country, using malicious iCalendar files to deliver JavaScript payloads and steal sensitive data, including credentials, emails, and contacts, with the vulnerability now patched in versions 9.0.0 Patch 44, 10.0.13, and 10.1.5.

Also Read

Winos 4.0 Malware Expands Reach with HoldingHands RAT

The threat actors behind Winos 4.0 malware have expanded their targeting to include new regions, using phishing emails with malicious PDFs to deliver HoldingHands RAT. This campaign, linked to an aggressive cybercrime group, employs SEO poisoning and fake websites to spread the malware. Recent attacks have utilized taxation-themed documents and fake landing pages to deceive recipients into downloading the RAT, which can capture sensitive information and run arbitrary commands.

By Cyber Security News by CyberSum.netOctober 18, 2025 at 03:00 PM