Bleeping Computer

Zimbra patches zero-day vulnerability exploited in XSS attacks

Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers. Now ...

Microsoft’s March 2026 update fixes 80+ security vulnerabilities

Yesterday was Patch Tuesday for March, with Microsoft releasing security updates that addressed 84 security vulnerabilities. In addition to Windows and Office, Microsoft’s cloud services were also ...
WeLiveSecurity

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...
Dark Reading

Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit

Low-profile threat group Winter Vivern has been exploiting a zero-day flaw in Roundcube Webmail servers with a malicious email campaign targeting governmental organizations and a think tank in Europe ...
Searchenginejournal.com

XSS Vulnerability Affects Beaver Builder WordPress Page Builder

Beaver Builder is a popular plugin that allows anyone to create a professional looking website using an easy to use drag and drop interface. Users can start with a predesigned template or create a ...
Bleeping Computer

CISA: Roundcube email server bug now exploited in attacks

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent ...
Dark Reading

Cyberattackers Exploit Zimbra Zero-Day Via ICS

An unknown threat actor masquerading as the Libyan Navy's Office of Protocol targeted the Brazilian military earlier this year using a malicious calendar (ICS) file to deliver an exploit for a then ...