CISA Warns of Actively Exploited Zimbra and SharePoint Vulnerabilities

-


A new cybersecurity alert from Cybersecurity and Infrastructure Security Agency has raised serious concerns about two widely used enterprise platforms: Zimbra Collaboration Suite and Microsoft SharePoint. According to a report published by The Hacker News, both systems contain vulnerabilities that are now being actively exploited by cyber attackers.

Critical Vulnerabilities Identified

The warning focuses on two specific security flaws that have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, a list of threats that are already being used in real-world attacks.

  • CVE-2026-20963 (SharePoint)
    This is a high-severity vulnerability that allows attackers to execute malicious code remotely over a network. It stems from a weakness known as “deserialization of untrusted data,” which can let hackers take control of a system without needing authentication.

  • CVE-2025-66376 (Zimbra)
    This flaw is a stored cross-site scripting (XSS) vulnerability found in Zimbra’s Classic web interface. Attackers can exploit it by sending specially crafted HTML emails containing hidden malicious code. When the victim opens the email, the code executes within their browser.

Both vulnerabilities have already been patched, but the main concern is that many systems remain unupdated and therefore exposed.

Active Exploitation in the Wild

CISA’s warning is especially serious because these vulnerabilities are not just theoretical—they are being actively exploited by attackers. This means hackers are already using these weaknesses to compromise systems, making them a top priority for organizations to address.

Although details about who is behind the attacks or how widespread they are remain unclear, the inclusion in the KEV catalog signals a high level of risk. Security experts consider this catalog a critical “must-fix” list for both government agencies and private organizations.

Urgent Deadlines for Patching

To reduce the risk, CISA has issued strict deadlines for applying security updates:

  • SharePoint vulnerability: patch by March 23, 2026

  • Zimbra vulnerability: patch by April 1, 2026

These deadlines primarily apply to U.S. federal agencies, but cybersecurity professionals strongly recommend that all organizations follow the same timeline.

Broader Cybersecurity Threat Landscape

The warning comes at a time when attackers are increasingly targeting widely used enterprise software to maximize impact. Platforms like SharePoint and Zimbra are deeply integrated into business operations, meaning a successful attack can lead to:

  • Data breaches

  • Unauthorized system access

  • Malware deployment

  • Full network compromise

In many cases, attackers use these vulnerabilities as an entry point before launching larger attacks, such as ransomware campaigns.

The same report also highlights a separate but related concern: a critical zero-day vulnerability in Cisco firewall management software has been exploited in ransomware attacks, showing how quickly threat actors weaponize newly discovered flaws.

Why This Matters

This incident highlights a key trend in modern cybersecurity: attackers are moving faster than ever. Vulnerabilities are often exploited shortly after discovery—or even before they are publicly disclosed.

It also reinforces the importance of patch management. Even when fixes are available, delays in applying updates can leave systems exposed to serious threats.

Conclusion

The latest alert from CISA serves as a clear warning to organizations worldwide. Actively exploited vulnerabilities in widely used platforms like Zimbra and SharePoint present a serious and immediate risk.

As cyber threats continue to evolve, timely updates, strong security practices, and constant vigilance are essential. In today’s environment, failing to patch known vulnerabilities is no longer just a technical oversight—it can become a critical security failure with far-reaching consequences. 

Comments

Post a Comment

Popular posts from this blog

The Hidden Lag Killing Your SIEM Efficiency

-
Image
  If your security tools feel slower than they should, you’re not imagining it. Many IT teams blame their sluggish SIEM performance on query complexity or alert volume. But sometimes the real issue is much simpler: oversized input files quietly dragging your system down. Think about the last time you had to sift through a bloated PDF or an unoptimised log dump. Every unnecessary megabyte adds strain. Every redundant line eats up cycles. Your SIEM doesn’t just react to threats—it processes all incoming data, relevant or not. When it starts lagging, detection gets delayed, triage slows, and in the high-stakes world of threat response, even seconds count. We often focus on analytics and rule tuning, but upstream efficiency—what you feed into your system—deserves just as much attention. This article looks at how optimising your inputs unlocks downstream performance. Why Oversized Files Clog the Pipeline As data volumes grow, organisations face esca lating  data storage costs ,...
Read more

Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution

-
Image
Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution By : Rei Ibraima A newly discovered critical vulnerability in Veeam’s Backup & Replication software, designated as CVE-2025-23120, poses a significant security risk to enterprise environments. The flaw allows authenticated domain users to execute arbitrary code remotely, potentially leading to full compromise of backup infrastructures. About CVE-2025-23120 The vulnerability arises from an insecure deserialization issue within Veeam Backup & Replication components—particularly in the .NET classes Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary. Improper input validation in these components allows attackers to inject malicious serialized objects that are executed on the server side, resulting in Remote Code Execution (RCE). This issue affects systems where Veeam Backup & Replication is deployed in a domain-joined configuration, which—while common—is...
Read more

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

-
Image
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report shared with The Hacker News. "The attacks involved the use of multiple new custom tools, including loaders, credential stealers, and a reverse SSH tool." The intrusion set is also said to have targeted a news agency located in another country in Southeast Asia and an air freight organization located in another neighboring country. The threat cluster, per Broadcom's cybersecurity division, is assessed to be a continuation of a campaign that was disclosed by the company in December 2024 as a high-profile organization in Southeast Asia since at least October 2023. ...
Read more