CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).

Actively Exploited Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

CVE‑2026‑20963 is a deserialization of untrusted data vulnerability in Microsoft SharePoint. The flaw enables an attacker to execute arbitrary code over a network[1]. Introduction to Malware Binary Triage (IMBT) Course …

CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks

CISA Warns Zimbra Collaboration Suite Vulnerability Exploit CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, this security flaw is currently facing active exploitation in the wild. Organizations utilizing Zimbra must urgently prioritize remediation to prevent unauthorized access and potential data compromise. The vulnerabil…

CISA Issues Urgent Warning on Exploitation of Microsoft SharePoint Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding the active exploitation of a significant vulnerability in Microsoft SharePoint. Identified as CVE-2026-20963, this flaw poses serious risks by allowing unauthorized attackers to execute code remotely over a network. With a Common Vulnerability Scoring System (CVSS) score of 8.8, it is imperative that organizations, especially federal agencies, take …

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)

CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers.