Thousands of internet-exposed servers remain vulnerable to the critical-severity ConnectWise flaw.
Mass exploitation of a new Fortinet authentication bypass flaw (CVE-2022-40684) is ongoing and proof of concept exploits are available.
Zimbra has published mitigations against the actively exploited flaw (CVE-2022-41352) in Zimbra Collaboration Suite; however, it has yet to issue a fix.
The critical-severity unauthenticated remote code execution flaw is now being actively exploited, according to CISA.
Attackers are eyeing known vulnerabilities in the Zimbra collaboration suite to target government and private sector organizations.