ACCORDING to SecurityWeek, SmarterTools was hit by ransomware via an unpatched instance of its SmarterMail email server, with the incident occurring on 29 January 2026 and impacting a data centre hosting quality control testing systems, the company’s portal, and its Hosted SmarterTrack network. The breach began at a VM running SmarterMail, after which hackers moved laterally to Windows servers, compromising 12 of them.
The attackers are described as a ransomware group known as Warlock, which emerged in June 2025 and is believed to operate out of China. The exploit used was CVE-2026-24423, an unauthenticated remote code execution vulnerability with a CVSS score of 9.3, which was patched on 15 January alongside CVE-2026-23760 and CVE-2025-52691.
SmarterTools says Warlock has compromised some of its customers as well, and it advises customers to update to the latest SmarterMail version; build 9518 addressed the flaws on 15 January, while build 9526 was released on 22 January to add improvements.