Attacks on Chrome, Zimbra, ThreatSonar, and ActiveX module observed

Despite operating in a reduced capacity, the US cybersecurity agency CISA has issued a warning about ongoing attacks exploiting vulnerabilities in Chrome, Zimbra, ThreatSonar, and an ActiveX module. One of the vulnerabilities is already of legal age: it was discovered 18 years ago.

However, the current shutdown of the US agency appears to be causing delays, which CISA Director Gottumukkala recently warned about in a hearing before the US House of Representatives. Just the night before Wednesday, CISA provided a notice about the abuse of the Chrome vulnerability in CSS processing, for which Google had already provided an emergency update on Saturday night (CVE-2026-2441, CVSS 8.8, Risk "high").

Other Software Under Attack

Furthermore, IT security experts apparently have evidence of attacks on a vulnerability in ThreatSonar Anti-Ransomware. Due to insufficient validation of uploaded files, users with admin rights on the platform can upload malicious files, which they can use to execute arbitrary system commands on the server (CVE-2024-7694, CVSS 7.2, Risk "high"). An older vulnerability in the Groupware Zimbra is also under fire. It is a Server-Side Request Forgery (SSRF) with the WebEx Zimlet installed and the JSP Zimlet active. Such SSRF leaks typically allow access to otherwise isolated resources through redirects (CVE-2020-7796, CVSS 9.8, Risk "critical").

However, the oldest among the currently attacked vulnerabilities is an unexpected reappearance: a security vulnerability in Microsoft's Video ActiveX Control. At the time, it was included in Windows 2000 SP4, XP SP2 and SP3, Vista Gold, SP1 and SP2, Server 2003 SP2, and Server 2008 Gold and SP2, and allowed attackers from the network to inject malicious code via manipulated websites (CVE-2008-0015, CVSS [2.0] 9.3, Risk "high").

IT managers should check if they are using the vulnerable software and update it to the latest version.

(dmk)