Attackers have targeted mailboxes in multiple waves across two attack phases. Business email platform Zimbra has released a hotfix for a cross-site scripting (XSS) vulnerability whose abuse has underpinned a series of spear-phishing campaigns. A suspected, previously unknown Chinese APT group has been attempting to leverage the flaw to load malicious JavaScript that exfiltrates mail … Continue reading Zimbra issues hotfix for XSS vulnerability under active exploitation