The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has urged authorities businesses to use patches for 2 security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Workplace SharePoint, stating they’ve been actively exploited within the wild.
The vulnerabilities in query are as follows –
- CVE-2025-66376 (CVSS rating: 7.2) – A saved cross-site scripting vulnerability within the Basic UI of ZCS, the place attackers may abuse Cascading Model Sheets (CSS) @import directives in an HTML e-mail message. (Mounted in variations 10.0.18 and 10.1.13 in November 2025)
- CVE-2026-20963 (CVSS rating: 8.8) – A deserialization of untrusted information vulnerability in Microsoft Workplace SharePoint that enables an unauthorized attacker to execute code over a community. (Mounted in January 2026)
There are presently no public studies referencing the exploitation of aforementioned flaws, who could also be exploiting them, and the dimensions of such efforts. In gentle of lively exploitation, Federal Civilian Government Department (FCEB) businesses are really helpful to use patches for CVE-2025-66376 by April 1, 2026, and for CVE-2026-20963 by March 23, 2026.
The disclosure comes as Amazon revealed that risk actors related to Interlock ransomware have exploited a maximum-severity security flaw impacting Cisco’s firewall administration software program (CVE-2026-20131, CVSS rating: 10.0) since January 26, 2026, greater than a month earlier than it was publicly disclosed.
“Interlock has traditionally focused particular sectors the place operational disruption creates most strain for cost,” Amazon stated. These sectors embody schooling, engineering, structure, development, manufacturing, industrial, well being care, and authorities entities.
The assault as soon as once more highlights a persistent sample of risk actors focusing on edge community gadgets from totally different distributors, together with Cisco, Fortinet, Ivanti, and others, to acquire preliminary entry to focus on networks. The truth that CVE-2026-20131 was weaponized as a zero-day exhibits that attackers are investing time and sources to seek out beforehand unknown flaws that would grant them elevated entry.
