The Invisible Breach: ‘Operation GhostMail’ Uses Zero-Click XSS to Hijack Ukrainian Webmail Seqrite Labs uncovered Operation GhostMail, a zero-click campaign that leverages an HTML-only email to execute obfuscated JavaScript and intercept webmail sessions without dropping files. Attributed to APT28 and exploiting CVE-2025-66376 in Zimbra, the attack exfiltrates credentials, mailbox data, and contacts from the Ukrainian State Hydrology Agency using DNS and HTTPS channels....

Seqrite Labs reveals Operation GhostMail: a zero-click attack exploiting CVE-2025-66376 in Zimbra to hijack Ukrainian State Hydrology Agency webmail via obfuscated JavaScript in HTML-only emails. #OperationGhostMail #APT28 #Ukraine