The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to patch two security flaws affecting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, saying they are actively being exploited in the wild.
The vulnerabilities in question are:
CVE-2025-66376 (CVSS Score: 7.2) – A stored cross-site scripting vulnerability in the classic UI of ZCS allows an attacker to exploit Cascading Style Sheets (CSS) @import directives in HTML email messages. (Fixed in November 2025 in versions 10.0.18 and 10.1.13) CVE-2026-20963 (CVSS Score: 8.8) – Deserialization of Untrusted Data Vulnerability in Microsoft Office SharePoint allows an unprivileged attacker to execute code via the network. (revised January 2026)
At this time, there are no public reports addressing the exploitation of the aforementioned flaw, who is exploiting it, or its scale. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are encouraged to apply the patch for CVE-2025-66376 by April 1, 2026 and the patch for CVE-2026-20963 by March 23, 2026.
This disclosure comes after Amazon revealed that attackers associated with the Interlock ransomware had been exploiting a maximum severity security flaw (CVE-2026-20131, CVSS score: 10.0) affecting Cisco’s firewall management software since January 26, 2026, more than a month before it was made publicly available.
“Interlock has historically targeted specific sectors where operational disruptions would put the greatest pressure on payments,” Amazon said. These sectors include education, engineering, architecture, construction, manufacturing, industry, healthcare, and government.
This attack once again highlights a persistent pattern of attackers targeting edge network devices from a variety of vendors, including Cisco, Fortinet, and Ivanti, to gain initial access to target networks. The fact that CVE-2026-20131 was weaponized as a zero-day indicates that attackers are investing time and resources to find previously unknown flaws that could allow elevated access.
Source link
