Apr 24, 2026mediumzero-dayexploited in the wild

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver.

what's affectedUkrainian government entities starting in January

mitigation statusMonitoring updates

first reportedApr 24, 2026

social pulse

mentions (24h)728

velocitytrend up

mentions delta-1% vs yesterday

platform splitX 55% · Reddit 20% · GitHub 25%

keywords

zero-dayvulnerabilitymitigation

x analyticsheat 0

authors 0verified 0%

likes0

retweets0

replies0

quotes0

summaryConversation is accelerating with active-response chatter and exploit validation.

sources

https://www.bleepingcomputer.com/news/security/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable/

Curated Apr 24, 2026 by the ahackaday team./Sources verified./Brief grounded in 1 source.

Grace Your AI security internreadyGrace is ready

Grounded in this brief only — Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks. Press ⌘K any time.

You're answering aschange anytime

Pick a playor type your own ↓

Tone

Pick a play above, or type your question

Generate an answer and Grace will return a grounded response for this incident.

scanning advisory feeds…