THE Warlock Group breached SmarterTools by exploiting vulnerabilities in SmarterMail, with the attack visible on 29 January 2026. The flaws CVE-2026-24423 and CVE-2026-23760 were addressed in SmarterMail release 9511 on 15 January 2026, and both carry critical CVSS scores of 9.3.
According to the executive, SmarterTools had 30 servers and virtual machines with SmarterMail installed, but one unupdated server was the entry point for the breach, leading to compromises on Windows environments where the attacker is believed to have gained access and spread. The company said some SmarterMail customers were affected and urged an immediate update to the fixed version and the use of indicators of compromise to investigate signs of a breach.
SmarterTools also described reorganising networks, isolating systems during incident response, and resetting all passwords, with the breach primarily impacting the office network and a data centre used for lab and quality control work.