The New OilApr 25

Over 10,000 #Zimbra servers vulnerable to ongoing #XSS attacks

https://www.bleepingcomputer.com/news/security/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable/

#cybersecurity

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw.

BleepingComputer
Bernhard BiedermannApr 24

#Zimbra Mail hat ein XSS Problem. 🔥

"Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver."

CVE-2025-48700

"can allow unauthenticated attackers to access sensitive information after executing arbitrary JavaScript within the user's session​​."

"The phishing email has no malicious attachments, no suspicious links, no macros. The entire attack chain lives inside the HTML body of a single email, there are no malicious attachments,"

Updates werden überbewertet, oder? 🔥

"On Friday, Internet security watchdog Shadowserver also warned that over 10,500 Zimbra servers exposed online remain unpatched, most of them in Asia (3,794) and Europe (3,793)."

Warum lernen die Nutzer und Admins nicht dazu? Sind die Schmerzen nicht hoch genug. 🙈

Fragen Sie erfahrene Spezialisten oder einen guten #MSP wie man seine Mail-Server mit Zimbra sicherer betreiben kann. 🙂

https://www.bleepingcomputer.com/news/security/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable/

#MSP #Zimbra

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw.

BleepingComputer
Analyst207Apr 24

Zimbra Servers Targeted in Ongoing XSS Attacks

Beware of sneaky phishing emails that can hijack your Zimbra server with just a glance - no clicks or downloads required. A single malicious email can trigger a cross-site scripting attack, thanks to a recently patched vulnerability, CVE-2025-48700.

https://osintsights.com/zimbra-servers-targeted-in-ongoing-xss-attacks?utm_source=mastodon&utm_medium=social

#CrosssiteScripting #Zimbra #Cve202548700 #XssAttacks #EmailExploits

Zimbra Servers Targeted in Ongoing XSS Attacks

Protect your Zimbra servers from ongoing XSS attacks by learning about CVE-2025-48700 and taking steps to secure your suite now with our expert guidance.

OSINTSights
Citoyens_De_Catharsis 🔻⏚🇵🇸Apr 24

Le Libre pour l'Éducation populaire et pas que... Votre messagerie et votre cloud souverain, confidentiel et éthique !

https://soyezresolu.org/collaborer/zourit/

#CEMÉA #Zourit #LogicielLibre
#Nexcloud #Zimbra

Zourit.net (témoignage)

Construire un monde meilleur n'est possible qu'avec les outils qui nous en donnent la liberté

Marcel SIneM(S)USApr 23
Angriffe auf Cisco SD-WAN, #Zimbra, #TeamCity, #PaperCut und mehr beobachtet | Security https://www.heise.de/news/Angriffe-auf-Cisco-SD-WAN-Zimbra-TeamCity-PaperCut-und-mehr-beobachtet-11265225.html #Patchday #XSS #CrossSiteScripting #exploit
Angriffe auf Cisco SD-WAN, Zimbra, TeamCity, PaperCut und mehr beobachtet

Die US-IT-Sicherheitsbehörde CISA warnt aktuell vor Angriffen auf Cisco SD-WAN, Zimbra, TeamCity, PaperCut und weitere Software.

heise online
phaeton  ⏚Mar 24
Quelqu'un connait #zimbra le nouveau serveur de messagerie de l'éducation nationale. A part qu'ils ont changé de propriétaire que 4x en 10 ans, que ça valeur a été divisée par 10 et qu'elle a été attaquée par en rançongiciel en 2023 je ne trouve pas grand chose.
Show threadwebelysMar 23
@PatriceA @ekimia @plossra_a sous le contrôles des autres membres du @plossra_a nous avons de la maîtrise en #carbonio #zimbra #mail (#imap #pop #webmail ...) mais pas de #bluemind à proprement parler
https://www.ploss-ra.fr/membres/
Les membres – PLOSS-RA

Marcel SIneM(S)USMar 21
Warnung vor Angriffen auf Cisco FMC, #SharePoint und #Zimbra | Security https://www.heise.de/news/Warnung-vor-Angriffen-auf-Cisco-FMC-SharePoint-und-Zimbra-11217003.html #Patchday #XSS #CrossSiteScripting
Warnung vor Angriffen auf Cisco FMC, SharePoint und Zimbra

Cyberkriminelle greifen derzeit Schwachstellen in Cisco FMC, SharePoint und Zimbra an. Updates zum Schließen der Lücken stehen bereit.

heise online
CyberVeille.chMar 20
📢 CISA ordonne aux agences fédérales de sécuriser Zimbra face à une vulnérabilité activement exploitée
📝 Selon BleepingComputer, **CISA** a ordonné aux **agences gouverne...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-19-cisa-ordonne-aux-agences-federales-de-securiser-zimbra-face-a-une-vulnerabilite-activement-exploitee/
🌐 source : https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/
#CISA #Zimbra #Cyberveille
thecybermindMar 20

Zimbra XSS Audit: Signature-based defense is failing. Our latest look at #Zimbra reveals how silent XSS payloads bypass legacy filters. At #TheCyberMindCo, we’re building the Sentinel Alpha on 64-bit NVMe to catch behavioral anomalies in real-time. The blind spot ends here. #CyberSecurity #NCTAG

https://thecybermind.co/2026/03/20/the-zimbra-collaboration-suite/?utm_source=mastodon&utm_medium=jetpack_social

Alarming Zimbra Collaboration Suite Vulnerability TheCyberMind™ 2026

The Zimbra Collaboration Suite Vulnerability by TheCyberMind™ takes us on a deep dive into this and gives us the tools to combat it.

The Cyber Mind