Google Says 4 Attack Campaigns Exploited Zimbra Zero-Day

Zimbra Patched the Cross-Site Scripting Vulnerability on July 25
A zero-day flaw in the Zimbra Collaboration email server proved to be a bonanza for hackers as four distinct threat actors exploited the bug to steal email data and user credentials, says Google. Most of the exploit activity occurred after Zimbra had posted a hotfix on July 5.

attack bug campaigns collaboration credentials cross-site data email email data email server exploit exploited flaw google hackers july scripting server steal threat threat actors vulnerability zero-day zero-day flaw zimbra