Mass exploitation of a new Fortinet authentication bypass flaw (CVE-2022-40684) is ongoing and proof of concept exploits are available.
Zimbra has published mitigations against the actively exploited flaw (CVE-2022-41352) in Zimbra Collaboration Suite; however, it has yet to issue a fix.
The critical-severity unauthenticated remote code execution flaw is now being actively exploited, according to CISA.
Attackers are eyeing known vulnerabilities in the Zimbra collaboration suite to target government and private sector organizations.
The flaws could lead to denial-of-service attacks, information disclosure, privilege escalation, and in some cases, code execution.