VulnHub

Real-time Cybersecurity News

Zero-Click FreeScout Bug Enables Remote Code Execution

Infosecurity Magazine
Actively Exploited
ExploitVulnerability

Overview

A new vulnerability in FreeScout, identified by researchers at Ox Security, allows attackers to execute remote code without any user interaction, a situation referred to as a zero-click exploit. This flaw, dubbed Mail2Shell, could enable malicious actors to take control of FreeScout systems, putting organizations that use this customer support platform at risk. Users of FreeScout should be particularly vigilant, as this vulnerability could lead to unauthorized access and data breaches. The lack of user interaction required for the exploit makes it especially concerning, as it can be executed without any action from the target. Organizations are urged to monitor their systems closely and apply any available updates to mitigate potential risks from this vulnerability.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: FreeScout systems
  • Action Required: Apply patches and updates as soon as they are released; regularly monitor for unusual activity.
  • Timeline: Newly disclosed

Original Article Summary

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

Impact

FreeScout systems

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Apply patches and updates as soon as they are released; regularly monitor for unusual activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit, Vulnerability.

Read Original Article

Related Coverage

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

SecurityWeek

Oracle has issued an emergency patch for a serious vulnerability in its Identity Manager software, identified as CVE-2026-21992. This flaw allows attackers to execute remote code without needing any authentication, raising concerns that it may already be exploited in the wild. This vulnerability poses a significant risk, especially for organizations using Oracle Identity Manager, as it could allow unauthorized access to sensitive systems and data. Users and companies relying on this software are urged to apply the patch promptly to safeguard against potential exploitation. The situation emphasizes the ongoing need for vigilance in software security and timely updates.

Mar 23, 2026

How to disable ACR on your TV - and why doing so is critical for your privacy

Latest news

Recent discussions around smart TVs from brands like Samsung, LG, and Sony have raised concerns about Automatic Content Recognition (ACR) technology. ACR allows these TVs to track what you watch, which can enable advertisers to target you with personalized ads. While this feature can enhance user experience, it also poses significant privacy risks, as it collects data on viewing habits without clear consent. Users are advised to disable ACR settings to safeguard their personal information. This issue affects a wide range of smart TVs and highlights the need for consumers to be aware of their privacy settings. Understanding these risks is crucial as more devices become interconnected and data collection practices evolve.

Mar 23, 2026

Russia-linked actors target WhatsApp and Signal in phishing campaign

Security Affairs

Russian intelligence-linked actors are targeting officials and journalists through phishing campaigns aimed at hijacking accounts on messaging apps like WhatsApp and Signal. The FBI has issued a warning about these cyber actors, who are attempting to gain access to sensitive messages and contacts. This kind of targeted attack poses significant risks to individuals in sensitive roles, as compromised accounts can lead to the leaking of confidential information. Users of these messaging platforms must be vigilant about phishing attempts and employ security measures to protect their accounts. The situation underscores the ongoing threats from state-sponsored cyber activities.

Mar 22, 2026

VoidStealer malware steals Chrome master key via debugger trick

BleepingComputer

VoidStealer is a new type of information-stealing malware that has been discovered to exploit a flaw in Chrome's Application-Bound Encryption (ABE). This malware uses a clever method to bypass security measures and access the master key needed to decrypt sensitive data stored in the Chrome browser. As a result, users' personal information, including passwords and credit card details, could be at risk. This development is concerning for anyone using Chrome, as it highlights vulnerabilities that attackers can exploit to gain unauthorized access to private data. Users should remain vigilant and consider enhancing their security measures to protect against such threats.

Mar 22, 2026

Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw

Help Net Security

Last week, security researchers discovered that ScreenConnect servers were vulnerable to attacks due to misconfigurations, potentially allowing unauthorized access to sensitive data. Additionally, a flaw in Microsoft SharePoint was exploited, putting numerous organizations at risk. This vulnerability could allow attackers to execute malicious code or gain access to restricted information. Both incidents emphasize the need for companies to regularly review their security settings and update their systems to protect against these types of vulnerabilities. With many businesses relying on these platforms, the implications of these security issues could be significant, affecting operational integrity and data confidentiality.

Mar 22, 2026

WorldLeaks ransomware group breached the City of Los Angels

Security Affairs

The WorldLeaks ransomware group has launched attacks against the City of Los Angeles, specifically targeting its Metro system, which resulted in a significant system shutdown. This breach forced the Metro to halt operations temporarily, disrupting public transit services. In addition to Los Angeles, two cities in the Bay Area have declared emergencies due to similar ransomware incidents. These attacks are part of a growing trend in which local governments and essential services are increasingly becoming targets for cybercriminals, raising concerns about the security of public infrastructure and the potential for widespread disruption. The implications of such breaches are serious, as they can hinder public safety and essential services.

Mar 21, 2026