CISA orders feds to patch Zimbra XSS flaw exploited in attacks CISA has ordered federal agencies to secure Zimbra Collaboration Suite servers after active exploitation of a stored XSS vulnerability (CVE-2025-66376) that can be abused via CSS @import in HTML emails to execute arbitrary JavaScript. The agency added the flaw to its catalog of vulnerabilities exploited in the wild and gave FCEB agencies until April 1 under BOD 22-01 to patch or apply mitigations, while warning all organizations to update or discontinue the product if mitigations are unavailable. #Zimbra #CVE-2025-66376 #CVE-2025-27915 #Synacor #WinterVivern

CISA mandates federal agencies to patch Zimbra Collaboration Suite servers by April 1 due to active exploitation of a stored XSS flaw via CSS @import in HTML emails (CVE-2025-66376). #ZimbraFlaw #USFed #XSSVulnerability

Fortinet discloses high-severity XSS vulnerability (CVE-2025-52436) in FortiSandbox, allowing unauthenticated command execution. Immediate patching recommended. #CyberSecurity #FortiSandbox #XSSVulnerability Link: thedailytechfeed.com/critical-xss...

Nagios XI patches critical XSS vulnerability in Graph Explorer. Admins urged to update to version 2024R2.1 to prevent potential exploits. #CyberSecurity #NagiosXI #XSSVulnerability Link: thedailytechfeed.com/critical-xss...