Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as CVE-2025-66376 (CVSS score of 7.2), in Zimbra Collaboration. Attackers exploited insufficiently sanitized HTML emails to run scripts when opened, targeting users in Ukraine.
The flaw is a stored XSS vulnerability in the Classic UI where attackers could abuse CSS @import directives in email HTML. Attackers could explo...
