SecurityWeek

Russian APT Exploits Zimbra Vulnerability Against Ukraine

Russia-linked APT28 has exploited a high-severity XSS vulnerability in Zimbra in attacks against Ukrainian entities.

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).
Bleeping Computer

High-severity GitLab flaw lets attackers take over accounts

GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. The security flaw (tracked as CVE-2024-4835) ...
The Hacker News

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

Interlock exploits CVE-2026-20131 zero-day since Jan 26, enabling root access on Cisco FMC, increasing ransomware risks.
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Searchenginejournal.com

XSS Vulnerability Affects Beaver Builder WordPress Page Builder

Beaver Builder is a popular plugin that allows anyone to create a professional looking website using an easy to use drag and drop interface. Users can start with a predesigned template or create a ...