Skip to content
Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as CVE-2025-66376 (CVSS score of 7.2), in Zimbra Collaboration. Attackers exploited insufficiently sanitized HTML emails to run scripts when opened, targeting users in Ukraine. The flaw is a stored XSS vulnerability in the Classic UI where attackers could abuse CSS @import directives in email HTML. Attackers could explo...
Russian APT targets Ukraine via Zimbra XSS flaw CVE | Huntaegis