CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests. The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.

Email hack

SmarterTools SmarterMail business email and collaboration servers are targeted in attacks exploiting another recent critical-severity vulnerability, the US cybersecurity agency CISA warns.

Roughly two weeks ago, security researchers raised the alarm about hackers exploiting an authentication bypass bug in SmarterMail to reset administrator account passwords and take control of vulnerable instances.

Last week, CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog along with a second SmarterMail issue exploited in the same campaign.

Now, the cybersecurity agency warns that a third SmarterMail vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3), has been abused in the wild.

The issue is described as an unauthenticated remote code execution (RCE) flaw via the ConnectToHub API.

Because the API processes requests controlled by a remote server, attackers can define arbitrary command execution parameters that are passed to the endpoint, resulting in command execution on all platforms.

“The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application,” a NIST advisory reads.

According to VulnCheck, the root cause of the bug is that the ConnectToHub API “explicitly allows anonymous users and processes JSON data sent in POST requests.”

Attackers can define a mount command with malicious parameters and, upon execution, could escalate privileges on Linux systems, VulnCheck says.

On January 15, SmarterMail build 9511 was released with patches for CVE-2026-24423, as well as for the two SmarterMail defects previously flagged as exploited. Users are advised to update their instances as soon as possible.

On Thursday, CISA added CVE-2026-24423 to the KEV catalog and alerted federal agencies that they should patch it by February 26, warning that it has been exploited by ransomware groups.

The cybersecurity agency slapped a similar patching timeframe to CVE-2025-11953, a critical React Native OS command injection vulnerability that has been exploited in the wild since December.

Related: Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog

Related: Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks

Related: CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over

Related: VS Code Configs Expose GitHub Codespaces to Attacks

Latest News

CYBERNEWSMEDIAPublisher