OTX Bot46m ago

Operation GhostMail: Russian APT Exploits Zimbra XSS to Target Ukraine Government

A sophisticated phishing campaign targeting a Ukrainian government agency exploits a cross-site scripting vulnerability in Zimbra Collaboration Suite. The attack, attributed to a Russian APT group, uses a seemingly innocuous internship inquiry email to deliver a malicious JavaScript payload. When opened in a vulnerable Zimbra webmail session, the script silently executes, harvesting credentials, session tokens, 2FA codes, and mailbox contents. The multi-stage attack employs obfuscation techniques, SOAP API abuse, and dual-channel exfiltration via DNS and HTTPS. The campaign demonstrates the evolution of webmail-focused intrusions, relying on browser-resident stealers rather than traditional malware binaries.

Pulse ID: 69b975d80c8af764ef55c18f
Pulse Link: https://otx.alienvault.com/pulse/69b975d80c8af764ef55c18f
Pulse Author: AlienVault
Created: 2026-03-17 15:40:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#2FA #Browser #CyberSecurity #DNS #Email #Government #HTTP #HTTPS #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #Phishing #RAT #Russia #UK #Ukr #Ukraine #Ukrainian #Vulnerability #Webmail #XSS #Zimbra #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Auth Updates Bot6h ago

Update Service AU sites (#8548)

#2fa

https://github.com/2factorauth/twofactorauth/commit/507bf1157103869b832123c5efa8fd64dac8bf1f

Auth Updates Bot10h ago

Remove SMS from UC San Diego (#8551)

#2fa

https://github.com/2factorauth/twofactorauth/commit/958468d1e93f73ca84c1a7acb7a5b0ae09445159

Remove SMS from UC San Diego (#8551) · 2factorauth/twofactorauth@958468d

List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software. - Remove SMS from UC San Diego (#8551) · 2factorauth/twofactorauth@958468d

GitHub
Auth Updates Bot19h ago

Update Docusign (#8549)

#2fa

https://github.com/2factorauth/twofactorauth/commit/bde5f97f889dfe89016069d5777308d8c785dcc3

Update Docusign (#8549) · 2factorauth/twofactorauth@bde5f97

List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software. - Update Docusign (#8549) · 2factorauth/twofactorauth@bde5f97

GitHub
Auth Updates Bot19h ago

Update myGov (#8547)

#2fa

https://github.com/2factorauth/twofactorauth/commit/f90eea6ca67c29f061ef72f47e582eea6be691f2

Update myGov (#8547) · 2factorauth/twofactorauth@f90eea6

List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software. - Update myGov (#8547) · 2factorauth/twofactorauth@f90eea6

GitHub
shr2d ago
I had 2FA set up with my Lemmy account a couple of years ago, and at some point it seems to have gotten turned off somehow. I don't know if I did that inadvertently or what. Turned it back on. Concerning. #lemmy #2fa #privacy #security
Bricked4d ago

Thinking back to that one time I had to enter a 2FA code and a Captcha popped up, so the code expired when I was finally able to submit it

#captcha #2fa

Mathieu4d ago

À propos #2FA @sebsauvage (https://sebsauvage.net/links/?YvTaEw)
conseille l'application mobile https://f-droid.org/fr/packages/com.beemdevelopment.aegis/

Free OTP+ reste un bon outil ou faut-il passer à un autre app ?

Microsoft tightens Authenticator checks on Android and iOS • The Register - Liens en vrac de sebsauvage

hackers-arise.official5d ago

Cyberwar Mission: Hack the Adversary’s 2FA Protected Account

https://hackers-arise.com/cyberwar-mission-hack-the-adversarys-account-2/
#cybersecurity #infosec #2FA

IPFire News6d ago
IPFire now supports Two-Factor Authentication for OpenVPN - Learn more on our blog https://blog.ipfire.org/post/openvpn-otp-2fa #openvpn #2fa #otp #ipfire #security
www.ipfire.org - OpenVPN OTP/2FA