Zimbra Hack Hits 129,000 Servers; Sednit Suspected

A critical cross-site scripting (XSS) vulnerability tracked as CVE-2024-27443 has impacted more than 129,000 Zimbra Collaboration Suite servers worldwide, according to cybersecurity sources. The flaw has drawn scrutiny due to suspected exploitation by Sednit, a threat group believed to have ties with advanced persistent threat operations.

The vulnerability allows attackers to inject malicious scripts into Zimbra’s webmail interface, potentially compromising user sessions and granting unauthorized access to sensitive communications. Security researchers detected widespread scanning activity and targeted attacks leveraging the flaw shortly after its disclosure.

Zimbra, a widely used open-source email and collaboration platform, is deployed by governments, businesses, and academic institutions globally. The sheer volume of affected servers has raised concerns about the scale and coordination of the exploitation campaign.

Administrators are advised to apply available patches immediately and review system logs for signs of compromise. The incident underscores ongoing risks associated with unpatched web-based communication platforms.