VulnHub

A Russian advanced persistent threat (APT) group has been exploiting a critical cross-site scripting (XSS) vulnerability in Zimbra, identified as CVE-2025-66376, with a severity score of 7.2. The attackers are sending HTML emails that contain insufficiently sanitized scripts, which execute when opened by users. This campaign specifically targets individuals in Ukraine, highlighting the ongoing cyber conflict in the region. The exploitation of this vulnerability could allow attackers to compromise user accounts and access sensitive information. Organizations using Zimbra should be particularly vigilant and take immediate action to secure their systems.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of a recently patched vulnerability in SharePoint, identified as CVE-2026-20963. This remote code execution flaw allows attackers to run malicious code on affected systems, posing a significant risk to organizations using the software. Microsoft released a patch for this vulnerability back in January, but the discovery of in-the-wild exploitation suggests that some users may not have applied the update. Organizations using SharePoint should prioritize implementing the latest security updates to protect against potential breaches. Failing to address this vulnerability could lead to unauthorized access and data compromise, making it crucial for companies to stay vigilant and proactive in their cybersecurity practices.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about two significant security vulnerabilities affecting the Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint. Both flaws, identified as CVE-2025-66376 and another not specified in the article, have been found to be actively exploited by attackers. The CVE-2025-66376 vulnerability has a CVSS score of 7.2, indicating a moderate to high risk. Organizations using these platforms are urged to apply the necessary patches to protect against potential attacks. The exploitation of these vulnerabilities underscores the need for timely updates and vigilance in cybersecurity practices, especially for government entities.

The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. federal agencies to address a vulnerability in the Zimbra Collaboration Suite (ZCS) that is currently being exploited in the wild. This flaw allows for cross-site scripting attacks, which can enable attackers to execute malicious scripts in the context of a user's session. Affected organizations need to act quickly to secure their servers to prevent unauthorized access and data breaches. The urgency of this directive underscores the importance of maintaining up-to-date security practices, especially for government entities that handle sensitive information. Users of ZCS should ensure their systems are patched as soon as possible to mitigate the risk posed by this vulnerability.

The Interlock ransomware gang has been actively exploiting a serious remote code execution vulnerability in Cisco's Secure Firewall Management Center (FMC) software since late January. This flaw, classified as having maximum severity, allows attackers to execute arbitrary code on affected systems, putting organizations at significant risk. Companies using this software should be particularly vigilant, as the vulnerability is being exploited in ongoing attacks. Cisco has not yet released a patch to address this issue, which raises concerns about the potential for widespread impact. Organizations relying on Cisco FMC should prioritize security measures and closely monitor any unusual activity to safeguard their networks.

Amazon Threat Intelligence has issued a warning regarding an active ransomware campaign known as Interlock, which is exploiting a significant vulnerability in Cisco's Secure Firewall Management Center (FMC) Software. This vulnerability, identified as CVE-2026-20131, has a maximum severity score of 10.0 and stems from an insecure deserialization of user-supplied Java byte streams. This flaw could allow attackers to gain root access without authentication, posing a serious risk to organizations using affected Cisco products. The exploitation of this vulnerability is concerning as it enables unauthorized access, potentially leading to data breaches and system compromises. Companies using Cisco FMC Software must take immediate action to protect their systems from this ongoing threat.

A significant security vulnerability, identified as CVE-2026-3888, has been discovered in default installations of Ubuntu Desktop versions 24.04 and later. This flaw allows unprivileged local attackers to escalate their privileges to root access, potentially giving them complete control over the affected systems. With a CVSS score of 7.8, this high-severity issue poses a serious risk to users who have not applied necessary security measures. It is crucial for Ubuntu users to be aware of this vulnerability, as it could lead to unauthorized access and manipulation of sensitive data. Immediate action is recommended to safeguard systems against potential exploitation.

Researchers have identified a severe vulnerability in the GNU InetUtils telnet daemon, known by its CVE identifier CVE-2026-32746. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges through Telnet connections on port 23. With a CVSS score of 9.8, this vulnerability poses a significant risk to systems using the affected telnetd. The issue arises from an out-of-bounds write in the LINEMODE Set, which could be exploited easily by attackers. Organizations using this software need to take immediate action to secure their systems, as the implications of this flaw could lead to unauthorized access and control over critical infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Wing FTP Server software that is currently being exploited. This flaw enables low-privileged attackers to access the complete local installation path of the software, which could lead to further exploitation or data breaches. Users of Wing FTP Server need to be particularly vigilant, as this vulnerability could allow malicious actors to gain insights into the server's configuration and potentially exploit other weaknesses. Companies using this software should ensure they are taking appropriate measures to secure their systems and monitor for any suspicious activity. Immediate action is crucial to mitigate the potential risks associated with this vulnerability.

Researchers have discovered a serious vulnerability in Android that allows attackers to hijack mobile payment applications using a technique called LSPosed-based runtime manipulation. This attack can bypass security measures such as SIM binding, which is intended to protect users' financial transactions. As a result, anyone using affected payment apps could be at risk of fraud and unauthorized transactions. This incident highlights the ongoing challenges in mobile security, especially for users who rely on their devices for financial activities. Users should be cautious and consider reviewing their app security settings until further protections are implemented.