Google blocks a zero-day flaw used to target government emails

Cybersecurity researchers from Google’s Threat Analysis Group (TAG) recently discovered a zero-day vulnerability in a popular email server platform that hackers were using to steal sensitive data from government organizations around the world.

In a blog post published by researchers Clement Lecigne and Maddie Stone of TAG, it was said that a cross-site scripting (XSS) flaw was found in June this year, in a popular email server platform Zimbra Collaboration. An XSS flaw allows threat actors to inject malicious scripts into vulnerable websites. These scripts can pull sensitive information such as email data, user credentials, and authentication tokens, from unsuspecting visitors.

Related Posts