Threat actors are actively exploiting multiple Common Vulnerabilities and Exposures (CVEs) against enterprise cloud-hosted collaboration software and email platform Zimbra Collaboration Suite (ZCS), according to an advisory update jointly issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The latest update lists CVEs currently being exploited based on a new Malware Analysis Report, MAR-10398871.r1.v2 and warns that threat actors may be targeting unpatched ZCS instances in both government and private sector networks.
