Zimbra 0-day used to target international government organizations

Google TAG identified at least four campaigns exploiting CVE-2023-37580 (a reflected XSS in Zimbra mail servers), including attacks that began after a fix was pushed to GitHub but before Zimbra’s public advisory. The report highlights ongoing active exploitation of mail-server XSS vulnerabilities, the attackers’ monitoring of open-source repositories to exploit unreleased fixes, and urges organizations to apply patches promptly while noting that TAG added affected sites to Safe Browsing.