HACKERS part of APT28, a state-backed threat group linked to Russia’s military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite vulnerability in attacks targeting Ukrainian government entities, according to Bleeping Computer. The high-severity flaw, tracked as CVE-2025-66376 and patched in early November, stems from a stored cross-site scripting (XSS) that unauthenticated attackers can exploit to gain remote code execution and compromise the Zimbra server and the target’s email account.
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its catalog of vulnerabilities exploited in the wild. CISA also ordered Federal Civilian Executive Branch agencies to secure their servers within two weeks, as mandated by Binding Operational Directive 22-01 issued in November 2021. Read more at Bleeping Computer.