Threat intelligence firm Volexity discovered that attackers have been actively exploiting a remote code execution flaw tracked as CVE-2022-27925 with the help of the CVE-2022-37042 auth bypass bug as early as the end of June to compromise Zimbra Collaboration Suite email servers, which are used by over 200,000 businesses, including more than 1,000 government and financial organizations across 140 countries, Bleeping Computer
"Volexity believes this vulnerability
was exploited in a manner consistent with what it saw with Microsoft Exchange 0-day vulnerabilities it discovered in early 2021," according to the firm's threat research team, adding the vulnerability was initially exploited "by espionage-oriented threat actors, but was later picked up by other threat actors and used in mass-exploitation attempts." Successful exploitation permits attackers to launch web shells on some locations on the compromised Zimbra servers to gain continuous access. Volexity said it has discovered more than 1,000 ZCS instances worldwide belonging to various global organizations such as government departments and large businesses that were compromised and backdoored.