CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
嗯，用户让我帮忙总结一下这篇文章的内容，控制在100字以内，而且不需要用“文章内容总结”这样的开头。首先，我得仔细阅读文章，理解主要信息。文章主要讲的是美国网络安全和基础设施安全局（CISA）敦促政府机构修补两个安全漏洞，分别影响Synacor Zimbra Collaboration Suite和微软的Office SharePoint。这两个漏洞已经被积极利用了。然后，文章还提到亚马逊发现Interlock勒索软件利用了思科防火墙管理软件的一个最高严重级别的漏洞，CVSS评分是10.0。这个漏洞被用作零日攻击，说明攻击者在寻找未知的漏洞来获取初始访问权限。接下来，我需要把这些信息浓缩到100字以内。首先点出CISA的警告，然后提到两个漏洞的影响和评分，接着是亚马逊发现的思科漏洞被利用的情况，最后指出攻击者针对边缘网络设备的趋势。要注意用词简洁，避免重复。比如，“敦促”比“建议”更正式一些。“修补”或“应用补丁”都可以。同时，要提到这些漏洞已经被积极利用，并且有具体的CVSS评分来说明严重性。最后检查一下字数是否符合要求，并确保没有遗漏关键信息。比如，CISA建议的补丁应用时间、亚马逊提到的行业目标以及攻击者针对不同厂商的趋势都是重要的点。总结下来，应该能写出一个简洁明了的摘要。 </think> 美国网络安全机构警告政府机构修补影响Synacor Zimbra和微软SharePoint的安全漏洞（CVE-2025-66376和CVE-2026-20963），因其已被活跃利用。同时，亚马逊披露Interlock勒索团伙利用思科防火墙软件零日漏洞（CVE-2026-20131）攻击多个行业目标。 2026-3-19 06:5:0 Author: thehackernews.com(查看原文) 阅读量:8 收藏

Network Security / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild.

The vulnerabilities in question are as follows -

CVE-2025-66376 (CVSS score: 7.2) - A stored cross-site scripting vulnerability in the Classic UI of ZCS, where attackers could abuse Cascading Style Sheets (CSS) @import directives in an HTML e-mail message. (Fixed in versions 10.0.18 and 10.1.13 in November 2025)
CVE-2026-20963 (CVSS score: 8.8) - A deserialization of untrusted data vulnerability in Microsoft Office SharePoint that allows an unauthorized attacker to execute code over a network. (Fixed in January 2026)

There are currently no public reports referencing the exploitation of aforementioned flaws, who may be exploiting them, and the scale of such efforts. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply patches for CVE-2025-66376 by April 1, 2026, and for CVE-2026-20963 by March 23, 2026.

The disclosure comes as Amazon revealed that threat actors associated with Interlock ransomware have exploited a maximum-severity security flaw impacting Cisco's firewall management software (CVE-2026-20131, CVSS score: 10.0) since January 26, 2026, more than a month before it was publicly disclosed.

"Interlock has historically targeted specific sectors where operational disruption creates maximum pressure for payment," Amazon said. These sectors include education, engineering, architecture, construction, manufacturing, industrial, health care, and government entities.

The attack once again highlights a persistent pattern of threat actors targeting edge network devices from different vendors, including Cisco, Fortinet, Ivanti, and others, to obtain initial access to target networks. The fact that CVE-2026-20131 was weaponized as a zero-day shows that attackers are investing time and resources to find previously unknown flaws that could grant them elevated access.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html
如有侵权请联系:admin#unsafe.sh