Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

Four hacker groups exploited a zero-day flaw in the Zimbra Collaboration email software to steal email data, user credentials, and authentication tokens. Google’s Threat Analysis Group (TAG) discovered these activities, most of which occurred after the initial fix became public on GitHub. TAG warned organizations to promptly fix their mail servers and noted a pattern of hackers exploiting XSS vulnerabilities in mail servers.