Tag: Zimbra

  • Zimbra zero-day exploit uses iCalendar files to steal emails and credentials

    Zimbra zero-day exploit uses iCalendar files to steal emails and credentials

    A new Zimbra zero-day exploit has been used in targeted attacks worldwide. Hackers deployed malicious iCalendar files to inject JavaScript, steal credentials, and access victims’ emails. The flaw allowed remote code execution inside active webmail sessions, giving attackers full control over compromised accounts. How the Zimbra Zero-Day Exploit Worked Researchers identified the vulnerability as CVE-2025-27915,…