An unpatched code-execution vulnerability in the Zimbra Collaboration software is under active exploitation by attackers using the attacks to backdoor servers.
The attacks began no later than September 7, when a Zimbra customer reported a few days later that a server running the company’s Amavis spam-filtering engine processed an email containing a malicious attachment. Within seconds, the scanner copied a malicious Java file to the server and then executed it. With that, the attackers had installed a web shell, which they could then use to log into and take control of the server.
Zimbra has yet
→ Continue reading at Ars Technica