A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021.
The espionage operation — codenamed “Ema…
Servisnet Tessa – Add sysAdmin User (Unauthenticated) (Metasploit)
WordPress Plugin IP2Location Country Blocker 2.26.7 – Stored Cross Site Scripting (XSS) (Authenticated)
Servisnet Tessa – MQTT Credentials Dump (Unauthenticated) (Metasploit)
Servisnet Tessa – Privilege Escalation (Metasploit)
WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated)
