The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that threat actors have been exploiting a vulnerability in Zimbra hosted webmail portals

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that threat actors have been exploiting a vulnerability in webmail portals hosted by Zimbra Collaboration Suite.

The confirmation came days after cybersecurity firm Proofpoint reported about a pro-Russian advanced persistent threat (APT) actor, TA473, used unpatched Zimbra vulnerabilities in publicly facing webmail portals, which enabled it to gain access to the email mailboxes of these organizations.