A threat actor, likely to be Chinese, targeted a zero-day vulnerability in the Zimbra open-source email platform. The zero-day exploitation is part of a spear-phishing program that began in December 2021. Volexity, a cybersecurity company, recorded the espionage operation in a technical report. The report stated that cross-site scripting (XSS)  vulnerability if successfully exploited could … Continue reading Threat actor exploiting a zero-day vulnerability in the Zimbra open-source email platform