CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks Ravie LakshmananMar 19, 2026Network Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities in question are as follows - CVE-2025-66376 (CVSS score: 7.2) - A stored cross-site scripting vulnerability in the Classic UI of ZCS, where attackers could abuse Cascading Style Sheets (CSS) @import directives in an HTML e-mail message. (Fixed in versions 10.0.18 and 10.1.13 in November 2025) CVE-2026-20963 (CVSS score: 8.8) - A deserialization of untrusted data vulnerability in Microsoft Office SharePoint that allows an unauthorized attacker to execute code over a network. (Fixed in January 2026) There are currently no public reports referencing the exploitation of aforementioned flaws, who may be exploiting them, and the scale of such efforts. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply patches for CVE-2025-66376 by April 1, 2026, and for CVE-2026-20963 by March 23, 2026. The disclosure comes as Amazon revealed that threat actors associated with Interlock ransomware have exploited a maximum-severity security flaw impacting Cisco's firewall management software (CVE-2026-20131, CVSS score: 10.0) since January 26, 2026, more than a month before it was publicly disclosed. "Interlock has historically targeted specific sectors where operational disruption creates maximum pressure for payment," Amazon said. These sectors include education, engineering, architecture, construction, manufacturing, industrial, health care, and government entities. The attack once again highlights a persistent pattern of threat actors targeting edge network devices from different vendors, including Cisco, Fortinet, Ivanti, and others, to obtain initial access to target networks. The fact that CVE-2026-20131 was weaponized as a zero-day shows that attackers are investing time and resources to find previously unknown flaws that could grant them elevated access. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cisco, Cloud security, cybersecurity, Malware, network security, ransomware, Threat Intelligence, Vulnerability, zero-day Trending News ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse Popular Resources Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Identity Controls Checklist: Find Missing Protections in Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026