Spies hack high-value mail servers using an exploit from yesteryear

Threat actors backed by Russia exploited XSS vulnerabilities in high-value mail servers, targeting governments and defense contractors supplying Ukraine with weapons. ESET reported Sednit (formerly Fancy Bear) gaining access through spear phishing emails, exploiting known and zero-day CVEs across platforms like Roundcube, MDaemon, Horde, and Zimbra. The attacks also affected government agencies in Bulgaria, Romania, Africa, the EU, and South America, underscoring the growing threat of state-sponsored cyberattacks.