Critical SmarterMail Vulnerability Exploited in Ransomware Attacks
The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests. The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
SmarterTools SmarterMail business email and collaboration servers are targeted in attacks exploiting another recent critical-severity vulnerability, the US cybersecurity agency CISA warns.
Roughly two weeks ago, security researchers raised the alarm about hackers exploiting an authentication bypass bug in SmarterMail to reset administrator account passwords and take control of vulnerable instances.
Last week, CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog along with a second SmarterMail issue exploited in the same campaign.
Source: https://www.securityweek.com/critical-smartermail-vulnerability-exploited-in-ransomware-attacks/
Related breach coverage
- Exploitation of Critical Fortinet FortiClient EMS Flaw Begins2026-03-31
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.
- Fortinet Rushes Emergency Fixes for Exploited Zero-Day2026-04-06
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely. The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
- Ivanti Patches Exploited EPMM Zero-Days2026-01-30
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
- Fortinet Patches Critical FortiSandbox Vulnerabilities2026-04-15
The flaws could allow attackers to bypass authentication or execute arbitrary code or commands via HTTP requests. The post Fortinet Patches Critical FortiSandbox Vulnerabilities appeared first on SecurityWeek.