Email Security Flaw Found in the Wild

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world.

TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To ensure protection against these types of exploits, TAG urges users and organizations to keep software fully up-to-date and apply security updates as soon as they become available.

The vulnerability was discovered in June. It has been patched.

Posted on November 21, 2023 at 7:05 AM1 Comments


Joseph November 21, 2023 10:50 AM

We run Zimbra, but around 2010, we decided to never ever allow access to the Zimbra server directly on the internet.

We require that a VPN is used for end-users to access it and have an email gateway handling all inbound/outbound email between the internet and Zimbra.

Yes, it is a hassle. Yes, initially the CEO was extremely unhappy, until we showed all the attempted logins from nefarious people to his zimbra login. From that point on, he was behind us requiring the VPN.

Zimbra is extremely complex. With so many moving parts, there must be hundreds of bugs in the software stack – hundreds.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.