The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to government entities regarding two significant security vulnerabilities in the Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint. These flaws, which have been actively exploited, necessitate immediate action to apply the available patches.
Zimbra and SharePoint Security Flaws
The specific vulnerabilities identified by CISA include CVE-2025-66376 and CVE-2026-20963. The ZCS flaw (CVE-2025-66376) is a stored cross-site scripting issue with a CVSS score of 7.2, where attackers can exploit Cascading Style Sheets (CSS) in HTML emails. This flaw was addressed in November 2025 with updates to versions 10.0.18 and 10.1.13. Meanwhile, SharePoint’s vulnerability (CVE-2026-20963) involves the deserialization of untrusted data, allowing unauthorized code execution over networks, boasting a CVSS score of 8.8. This issue was resolved in January 2026.
Patch Recommendations and Exploit Details
Currently, there are no detailed public reports on the extent or specific actors exploiting these vulnerabilities. Nevertheless, due to their active exploitation, CISA advises Federal Civilian Executive Branch (FCEB) agencies to apply the patch for CVE-2025-66376 by April 1, 2026, and for CVE-2026-20963 by March 23, 2026. Prompt action is crucial to mitigate potential risks.
Cisco Zero-Day Exploited in Ransomware Attacks
In a related development, Amazon has disclosed that a critical vulnerability in Cisco’s firewall management software (CVE-2026-20131) has been targeted by Interlock ransomware groups. This flaw, with a maximum CVSS score of 10.0, was exploited starting January 26, 2026, before its public disclosure. This ransomware group is known for targeting sectors like education, engineering, and healthcare to maximize disruption and pressure for ransom payments.
The exploitation of CVE-2026-20131 exemplifies a broader trend where threat actors focus on network edge devices from vendors like Cisco and Fortinet to gain initial access. This incident underscores the need for vigilance in securing network infrastructure against zero-day attacks that leverage undisclosed vulnerabilities.
Concluding Insights
The recent string of exploits serves as a stark reminder of the evolving tactics employed by cyber adversaries. Organizations must remain proactive in applying security patches and monitoring their systems for potential breaches. Staying informed and prepared is vital to safeguarding against increasingly sophisticated cyber threats.
