Attackers compromised two official Trivy-related GitHub Actions repositories—aquasecurity/trivy-action and aquasecurity/setup-trivy—and backdoored Trivy v0.69.4 releases, distributing a Python-based infostealer that harvests wide-ranging CI/CD and developer secrets. The payload executes in GitHub Actions runners and Trivy binaries, remaining active for up to 12 hours in Actions tags and three hours in the malicious release. The actors leveraged compromised credentials from a prior March incident and added persistence via systemd services, while also linking to a follow-up npm campaign using the CanisterWorm self-propagating worm. The incident traces to a credential compromise initially disclosed in early March 2026, which was not fully contained and enabled subsequent tag and release manipulations. Safe releases are now available and mitigation includes pinning Actions to full SHA hashes, blocking exfiltration endpoints, and rotating all affected secrets.

Google is introducing Advanced Flow, a one-time, multi-step process for Android power users to sideload APKs from unverified developers while reducing the risk of malware or scam installations. Scheduled for an August rollout, the mechanism requires users to enable Developer Mode, confirm they are not under coercion, restart and reauthenticate, wait 24 hours, and then verify legitimacy before installing unverified apps. A persistent warning will be displayed during and after installation. The initiative aims to balance Android’s openness with enhanced protection against social engineering tactics that exploit urgency to bypass security controls. Global financial losses from scams exceeded $442 billion in the prior year, according to the Global Anti-Scam Alliance (GASA).

Threat actors are abusing Microsoft Azure Monitor’s alerting functionality to deliver callback phishing emails that impersonate Microsoft Security Team billing alerts. The emails are sent via Azure’s legitimate platform using the [email protected] address and pass SPF, DKIM, and DMARC checks, increasing their credibility. Attackers craft alerts with phishing messages in the description field, targeting users with fake unauthorized charge warnings to prompt urgent callback to fraudulent support numbers. The campaign leverages easily triggered alert rules tied to billing, invoice, payment, and resource-related events, forwarding emails to victim lists while preserving original Microsoft headers and authentication results to bypass spam filters.

The FBI has directly attributed ongoing Signal and WhatsApp phishing campaigns to Russian Intelligence Services-affiliated threat actors, confirming the compromise of thousands of accounts globally and emphasizing that the attacks primarily target high-value individuals such as current and former U.S. government officials, military personnel, political figures, and journalists. The campaign bypasses end-to-end encryption by hijacking accounts through sophisticated social engineering, including impersonating support services and tricking users into sharing verification codes or scanning malicious QR codes to link attacker-controlled devices to accounts. The campaign was first flagged by CISA in late 2025 and has since been confirmed by German, Dutch, and now U.S. intelligence agencies. Targets include high-ranking politicians, military officers, diplomats, and investigative journalists across Germany and Europe, with additional confirmed targeting in the U.S. and other regions. Attackers gain access to private messages, contact lists, and group chats, enabling them to impersonate victims and launch further phishing campaigns. Signal has emphasized it will never initiate contact to request verification codes or PINs, and both Signal and WhatsApp users are advised to regularly review linked devices and avoid sharing verification codes. Russia-aligned threat clusters such as Star Blizzard, UNC5792 (aka UAC-0195), and UNC4221 (aka UAC-0185) have been associated with similar tactics, and the FBI’s attribution underscores the state-sponsored nature of these operations targeting sensitive communications. French authorities have also warned of a surge in similar campaigns targeting government officials, journalists, and business leaders. Recent FBI and CISA guidance clarifies that victims who share verification codes lose account access while attackers gain monitoring and impersonation capabilities, whereas those who scan malicious QR codes enable attackers to link devices and silently access all past and future messages without the victim losing access unless explicitly removed from the app settings.

Oracle released an emergency security update addressing CVE-2026-21992, a critical unauthenticated remote code execution (RCE) vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw, with a CVSS v3.1 score of 9.8, allows remote exploitation over HTTP without authentication or user interaction, posing significant risk to exposed enterprise systems. Affected versions include Oracle Identity Manager 12.2.1.4.0, 14.1.2.1.0, and Oracle Web Services Manager 12.2.1.4.0, 14.1.2.1.0. Oracle strongly recommends immediate patching due to the vulnerability's low attack complexity and potential for widespread exploitation. The NIST NVD characterizes the flaw as "easily exploitable" and warns it may lead to full compromise of susceptible instances. As of this update, Oracle has not observed active exploitation of CVE-2026-21992 in the wild, though CISA previously added a similar Oracle Identity Manager pre-authenticated RCE flaw (CVE-2025-61757, CVSS 9.8) to its Known Exploited Vulnerabilities (KEV) catalog in November 2025, underscoring the pattern of high-risk, pre-auth RCE flaws in these products.

CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on March 21, 2026, requiring federal agencies to patch them by April 3, 2026. The vulnerabilities include three Apple issues (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520), a critical Craft CMS flaw (CVE-2025-32432), and a Laravel Livewire issue (CVE-2025-54068), all under active exploitation. The Apple flaws are linked to the DarkSword iOS exploit kit, while the Craft CMS and Laravel Livewire bugs are tied to campaigns by MuddyWater and other threat actors. Exploitation of CVE-2025-32432 as a zero-day since February 2025 has been attributed to intrusion set Mimo (aka Hezb), deploying cryptocurrency miners and residential proxyware. CVE-2025-54068 is associated with Iranian state-sponsored group MuddyWater (aka Boggy Serpens), which has targeted diplomatic, energy, maritime, and financial sectors globally.

A previously undocumented self-spreading supply chain worm, dubbed CanisterWorm, is propagating across 47 npm packages via compromised developer accounts, enabling decentralized command and control (C2) through Internet Computer Protocol (ICP) canisters. The malware leverages postinstall hooks to deploy Python backdoors that retrieve C2 URLs from tamper-proof ICP canisters, facilitating resilient, updatable payload delivery and persistent system compromise. Initial attacks involved manual propagation using stolen npm tokens, but a subsequent variant in @teale.io/eslint-config automatically harvests tokens and self-propagates without user interaction, escalating the threat to a fully automated supply chain worm. The ICP canister infrastructure supports dynamic C2 URL updates, enabling rapid retooling of the attack chain, including a dormant state triggered by YouTube links. The scope includes 28 packages in @EmilGroup, 16 in @opengov, @teale.io/eslint-config, @airtm/uuid-base32, and @pypestream/floating-ui-dom, with persistence achieved via masquerading systemd services. The operation is attributed to the cloud-focused cybercriminal group TeamPCP, following an initial compromise of Trivy scanner releases via stolen credentials.

An international law enforcement operation, codenamed Operation Alice, dismantled a fraudulent dark web platform advertising non-existent child sexual abuse material (CSAM) and cybercrime-as-a-service offerings. The platform, operated by a 35-year-old suspect based in China, lured approximately 10,000 users into paying between EUR 17 and EUR 250 in Bitcoin (totaling roughly $400,000) for advertised CSAM packages that were never delivered. The scam used previews of claimed CSAM to deceive victims into entering personal details and completing payments. The takedown involved the seizure of 287 servers across jurisdictions, with 105 servers located in Germany, and resulted in an international arrest warrant issued for the platform's operator.

A misconfigured server hosted by a German cloud provider was discovered containing the complete toolset of a Beast ransomware group affiliate, exposing the group\'s tactics, techniques, and procedures (TTPs). The server contained reconnaissance, network mapping, credential theft, exfiltration, persistence, and lateral movement tools. Analysis of the toolset reveals significant overlap with other ransomware gangs, including the use of dual-use utilities such as AnyDesk, Mega, and batch scripts aimed at disrupting backups and security processes. The exposure provides defenders with actionable intelligence on mitigations and detection strategies against ransomware operations.

Within 20 hours of the public disclosure of an unauthenticated remote code execution vulnerability in Langflow (CVE-2026-33017), threat actors began exploiting exposed instances to execute arbitrary Python code, harvest credentials, and potentially compromise connected databases and software supply chains. The vulnerability, assigned a CVSS score of 9.3, requires no authentication and can be triggered via a single HTTP POST request to the /api/v1/build_public_tmp/{flow_id}/flow endpoint, where attacker-controlled data is passed to an unsandboxed exec() call. The flaw affects all versions of Langflow prior to and including 1.8.1, with a fix available in development version 1.9.0.dev8. It was discovered by security researcher Aviral Srivastava and reported on February 26, 2026. Sysdig observed the first exploitation attempts within 20 hours of the March 17, 2026 advisory, despite the absence of a public proof-of-concept. Attackers rapidly progressed from automated scanning to staged payload delivery and credential harvesting, including extraction of environment variables, configuration files, and database contents. The incident underscores the accelerating timeline of vulnerability weaponization, where attackers now routinely exploit flaws within hours of disclosure, far outpacing typical patching timelines for defenders.

A critical insecure deserialization vulnerability in Cisco Secure Firewall Management Center (FMC) Software, tracked as CVE-2026-20131 (CVSS 10.0), is being actively exploited by the Interlock ransomware group to gain unauthenticated remote root access on unpatched systems. The flaw enables unauthenticated remote attackers to bypass authentication and execute arbitrary Java code with root privileges via crafted HTTP requests to a specific endpoint. Exploitation has been observed as a zero-day since January 26, 2026, more than a month before public disclosure and patch availability. Cisco issued its first advisory for CVE-2026-20131 on March 4, 2026, and Amazon Threat Intelligence confirmed active exploitation by Interlock starting in late January. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to patch by March 22, 2026, under BOD 22-01. Post-exploitation tooling includes custom JavaScript/Java RATs, PowerShell reconnaissance scripts, Linux reverse proxy configuration tools, memory-resident web shells, and ConnectWise ScreenConnect for persistence. Compromised environments are leveraged for ransomware operations and secondary monetization.

An Iran-linked threat cluster tracked as Handala (and Void Manticore) executed a destructive wiper campaign against Stryker in March 2026 that erased tens of thousands of devices across 79 countries, disrupting manufacturing, order processing, and logistics for a Fortune 500 medical technology vendor. Unlike financially motivated ransomware, these attacks aim to create operational chaos and real-world consequences by deploying wipers via legitimate administrative tools and tunneling mechanisms to maximize lateral movement and simultaneous wiping. The event underscores a broader shift where geopolitical conflicts increasingly translate into destructive cyber operations against critical infrastructure and supply chains, requiring defenders to prioritize containment, identity controls, and administrative-path restrictions over traditional perimeter defenses.

Google announced a mandatory 24-hour wait period for installing apps from unverified developers on Android as part of a new advanced flow for sideloading, effective August 2026. The policy change aims to reduce malware distribution and scams by delaying installation until users confirm intent via biometric authentication or PIN after a device restart, complicating attacker persistence. Exceptions apply to ADB-based installs and verified developer channels. The move follows Google’s 2025 developer verification mandate requiring all apps on certified Android devices to be registered by verified developers to improve threat actor identification. In parallel, Google introduced limited distribution accounts for hobbyist developers and students, enabling app sharing with up to 20 devices without government ID or fees. The update arrives amid rising Android malware threats, with 17 malware families—including new variants like SURXRAT and TaxiSpy RAT—actively targeting users in Turkey, Italy, and other regions for device takeover and financial fraud.

Cybercriminals are increasingly leveraging artificial intelligence (AI) to enhance phishing campaigns, automate credential abuse, and obfuscate malicious activities by mimicking legitimate user behavior, thereby evading traditional rule-based and signature-based detection mechanisms. This shift necessitates the evolution of behavioral analytics from static pattern monitoring to dynamic, identity-centric risk modeling that identifies subtle behavioral inconsistencies in real time, particularly in the context of compromised credentials and privileged access misuse. The integration of AI into attack methodologies reduces reliance on malware delivery vectors and increases the scalability and stealth of social engineering, credential abuse, and adaptive malware campaigns.

The UK National Crime Agency (NCA) warns that adolescents are being systematically radicalized into cybercrime through exploitative online platforms and recommendation algorithms. The director general of the NCA, Graeme Biggar, highlighted how ‘toxic online spaces’ reshape crime by accelerating its global reach, increasing harm, and blurring boundaries between cybercrime, terrorism, and sexual exploitation. He emphasized that technology is no longer merely a tool but an active driver of criminal ecosystems, with platforms failing to address responsibility for algorithmic radicalization. Biggar also noted a rise in UK-based sophisticated social engineering attacks combining malware with human manipulation, alongside escalating investment scams, sextortion, and sadistic exploitation. Despite these threats, he cited enforcement successes such as the LockBit takedown, a 27% rise in fraud convictions, and sustained child sexual abuse arrest rates.

North Carolina musician Michael Smith pleaded guilty to orchestrating a $10M fraud scheme involving the artificial inflation of streaming royalties on major platforms including Spotify, Apple Music, Amazon Music, and YouTube Music. Using AI-generated music and automated bots, Smith bypassed anti-fraud controls by leveraging over 1,000 bot accounts and VPNs to stream songs billions of times between 2017 and 2024. The operation yielded more than $10M in illicit royalties diverted from legitimate artists and rights holders.

A critical unrestricted file upload vulnerability in Magento’s REST API, dubbed PolyShell by Sansec, enables unauthenticated attackers to upload arbitrary executable files disguised as images and achieve remote code execution (RCE) or account takeover via stored cross-site scripting (XSS). The flaw impacts all Magento Open Source and Adobe Commerce versions up to 2.4.9-alpha2 by leveraging the custom cart item option handling in the REST API, which writes uploaded files to the server’s `pub/media/custom_options/quote/` directory. Depending on web server configuration, this can lead to RCE through PHP execution or stored XSS via malicious payloads in file metadata. No evidence of active exploitation has been observed.

The **Aisuru/Kimwolf botnet ecosystem** has reached a **critical disruption milestone** after a **multi-national law enforcement operation** led by the **U.S. Department of Justice (DoJ)**, alongside **Canadian and German authorities**, successfully **dismantled the command-and-control (C2) infrastructure** of four interconnected botnets—**AISURU, Kimwolf, JackSkid, and Mossad**—on **March 20, 2026**. This **court-authorized takedown**, supported by **18+ tech firms** (including Akamai, Cloudflare, Google, AWS, and Oracle), targeted the botnets’ **3 million+ infected devices** (including **2 million+ Android TVs, routers, DVRs, and IoT cameras**), which had been weaponized to launch **record-breaking DDoS attacks** (e.g., **31.4 Tbps in November 2025**) and **hyper-volumetric campaigns** averaging **3 Bpps, 4 Tbps, and 54 Mrps**. The botnets’ **cybercrime-as-a-service model** enabled operators to sell access to compromised devices for **DDoS extortion, residential proxy monetization, and lateral movement in corporate/government networks**, with **hundreds of thousands of attack commands** issued across sectors like **telecom, gaming, IT, and critical infrastructure**. The disruption **severed C2 communications**, aiming to **prevent further infections** and **eliminate the botnets’ ability to launch future attacks**, including those targeting **U.S. Department of Defense (DoD) networks**. Despite this **first major law enforcement strike**, **persistent infections and operator evasion tactics** (e.g., **ENS-based C2, decentralized proxy abuse**) underscore the **ongoing challenge of full eradication**. Prior milestones include the botnets’ **accidental Sybil attack on the I2P anonymity network** (February 2026), their **exploitation of residential proxy networks (IPIDEA)** for internal network infiltration (January 2026), and **Google’s takedown of IPIDEA** (January 29, 2026), which reduced millions of proxy exit nodes. The DoJ’s action follows a **year of escalating hyper-volumetric attacks**, including **Cloudflare’s mitigation of 47.1 million DDoS attacks in 2025** (a **100% YoY increase**) and **Akamai’s reports of attacks exceeding 30 Tbps/14 Bpps**. While the operation marks a **significant blow to the botnets’ operational capacity**, their **adaptive resilience** and **global scale of infections** demand continued vigilance.

Microsoft reports that the March Windows 11 KB5079473 cumulative update disrupts sign-in operations for Microsoft accounts across multiple applications, including Teams, OneDrive, Microsoft Edge, Excel, Word, and Microsoft 365 Copilot. The issue causes affected systems to display an error message falsely indicating a lack of internet connectivity even when a device is online. The disruption primarily impacts consumer Microsoft accounts and not Entra ID (formerly Azure Active Directory) authentication used in enterprise environments.

A former data analyst contractor for Brightly Software (formerly SchoolDude) was found guilty of extorting the company for $2.5 million using stolen payroll and corporate data after his contract was not renewed. The individual, Cameron Curry (alias "Loot"), exploited his legitimate access to sensitive employee information to threaten data leaks and SEC reporting unless paid. The extortion campaign, which included threats to release PII and false claims about financial discrepancies, led to a Bitcoin payment of $7,540. Curry faces up to 12 years in prison for six counts of interstate extortion. Separately, Brightly disclosed a separate data breach in May 2023 impacting nearly 3 million SchoolDude customers, though this incident was unrelated to Curry’s actions.

LLM-powered applications integrating the Model Context Protocol (MCP) face architectural-level risks that current security controls cannot mitigate via patching or configuration. The integration enables LLMs to autonomously execute actions (e.g., accessing enterprise data, triggering workflows, calling APIs) based on user prompts, removing the human review step inherent to traditional LLM responses. Adversaries can exploit inherent limitations in MCP and LLMs—such as the inability to distinguish content from instructions—via indirect prompt injection or tool poisoning to trigger malicious workflows (e.g., exfiltrating data, sending emails) without user awareness. Mitigations focus on operational controls rather than patches, including least-privilege MCP server permissions, traffic logging, behavioral baselines, and metadata scanning for malicious instructions.

Navia Benefit Solutions disclosed a data breach affecting approximately 2.7 million individuals, with unauthorized access detected between December 22, 2025, and January 15, 2026. The company became aware of suspicious activity on January 23, 2026, and initiated an investigation. Exposed data includes full names, dates of birth, Social Security Numbers, phone numbers, email addresses, and enrollment details for various benefits programs (HRA, FSA, COBRA). No claims or financial details were exposed, but the leaked data poses risks for phishing and social engineering campaigns. Navia has notified law enforcement and offered affected individuals 12 months of identity protection services via Kroll.

A critical unauthenticated remote code execution vulnerability named PolyShell has been disclosed in all supported versions of Magento Open Source and Adobe Commerce (version 2). The flaw stems from the REST API improperly processing file uploads in custom cart item options, enabling attackers to upload and execute polyglot files that act as both images and scripts. Depending on server configuration, this can result in remote code execution or account takeover via stored cross-site scripting. Adobe has released a fix only in the alpha release of version 2.4.9, leaving production deployments vulnerable. Exploitation attempts are expected to accelerate following public disclosure. Impact is high due to the widespread use of Magento/Adobe Commerce in e-commerce, the absence of authentication requirements, and the potential for mass compromise of storefronts.

A newly identified malware family, Speagle, has been observed hijacking the legitimate Cobra DocGuard document security platform to surreptitiously collect and exfiltrate sensitive data from infected systems. The malware abuses Cobra DocGuard’s client-server architecture and compromised servers to blend malicious communications with legitimate traffic, ensuring stealth during exfiltration. Speagle specifically targets systems where Cobra DocGuard is installed, indicating deliberate selection of victims, likely for intelligence collection or industrial espionage purposes. The operational infrastructure overlaps with prior documented abuses of Cobra DocGuard in 2022–2023, suggesting a pattern of exploiting trusted software in supply chain attacks.

Security vendors have identified 54 distinct EDR killer tools that abuse Bring Your Own Vulnerable Driver (BYOVD) techniques by exploiting 34 vulnerable, signed drivers to disable endpoint detection and response (EDR) solutions. The tools are deployed primarily by ransomware groups, affiliates, and underground service providers to neutralize security controls before executing file-encrypting malware. Attackers gain kernel-mode privileges (Ring 0) to terminate EDR processes, disable protection mechanisms, and tamper with kernel callbacks, thereby undermining endpoint defenses through abuse of Microsoft’s driver trust model.

Google is advancing Merkle Tree Certificates (MTCs) to secure Chrome’s HTTPS connections against quantum computing threats, with deployment underway in three phases. MTCs use compact Merkle Tree proofs to reduce bandwidth usage, improve performance, and simplify certificate transparency. Experimental testing with real internet traffic by Google and Cloudflare shows MTCs are faster than classical chains and post-quantum alternatives. Chrome plans to integrate MTCs into its Root Store by 2027, with a feasibility study underway, public deployment in Q1 2027, and the introduction of the Chrome Quantum-resistant Root Store in Q3 2027. MTCs reduce certificate sizes to approximately 840 bytes per page load, compared to 14.7 KB for post-quantum methods like ML-DSA, and require no additional action from website managers beyond server software updates.

North Korean state-sponsored hackers, primarily the Lazarus Group and its Bluenoroff (APT38) subgroup, continue to aggressively target cryptocurrency-adjacent entities to fund the regime’s illicit activities. As of March 2026, confirmed thefts in 2025 exceeded $2 billion, with cumulative losses since 2017 surpassing $6.75 billion. Recent attacks now include e-commerce platforms like Bitrefill, where North Korean operators compromised employee devices to steal cryptocurrency and gift-card inventory. Investigations increasingly reveal sophisticated persistence, cross-chain laundering, and multi-vector social engineering, alongside new enforcement actions targeting facilitators in the U.S. Prior milestones include the record-setting Bybit breach in February 2025 ($1.5B), multiple exchange compromises (e.g., Upbit, BitoPro), and the conviction of five individuals for aiding North Korean IT worker fraud schemes that generated over $2.2M for the regime. North Korean hackers also continue to refine laundering pathways—employing mixers, bridges, obscure blockchains, and custom tokens—over approximately 45-day cycles. U.S. authorities have sought forfeiture of $15M in stolen crypto linked to APT38 and are dismantling ancillary networks used to funnel revenue to Pyongyang.

The Iranian hacktivist group Handala, linked to Iran's Ministry of Intelligence and Security (MOIS), conducted a targeted data-wiping attack against Stryker, a global medical technology company, on March 11, 2026. The attack disrupted over 200,000 systems across 79 countries, with Stryker confirming global disruption to its Microsoft environment and prioritizing restoration of supply-chain systems. Handala claimed responsibility, citing retaliation for a U.S. missile strike, and used Microsoft Intune to issue remote wipe commands, affecting nearly 80,000 devices. The FBI subsequently seized two Handala data leak sites under a U.S. court warrant, disrupting the group's digital infrastructure. Stryker’s operations, particularly in Ireland, suffered severe disruption with over 5,000 workers sent home, and employees reverted to manual workflows during the outage. Handala, active since late 2023, has targeted Israeli organizations historically but expanded operations in alignment with Iranian state interests. Investigators, including Microsoft DART and Palo Alto Unit 42, found no evidence of data exfiltration despite Handala’s claims, and Stryker emphasized the incident was not a ransomware attack. The FBI’s domain seizures mark a significant law enforcement response to Handala’s destructive operations.

The Gentlemen ransomware group, active since summer 2025, continues to evolve its tactics while leveraging a ransomware-as-a-service (RaaS) model. The group employs dual extortion, targeting Windows, Linux, and ESXi environments, with initial access often gained through exploitation of exposed FortiGate VPN devices. Affiliates use PowerShell and WMI for lateral movement, deploy anti-forensic tools, and target backup/security systems to maximize impact. The group is known for advanced evasion techniques, including BYOVD attacks via CVE-2025-7771 in the ThrottleStop driver, tailored to disable specific security vendors' products. The gang emerged from a dispute within the Qilin RaaS ecosystem and rapidly established itself using existing tooling. Its attacks have targeted critical infrastructure, including Romania's Oltenia Energy Complex on December 26, 2025, where documents were encrypted and multiple applications (ERP, email, document management) were temporarily disabled. The company cooperated with authorities and restored systems from backups. The group uses PowerRun.exe and Allpatch2.exe for privilege escalation and ransom notes with the .7mtzhh extension. While the National Energy System was not jeopardized, the incident is still under assessment for potential data theft. The group has added nearly four dozen victims to its leak site but has not yet listed Oltenia Energy Complex, likely due to ongoing negotiations.

CISA added the stored cross-site scripting (XSS) vulnerability CVE-2025-66376 in Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog on March 18, 2026. The flaw, patched in early November 2025, allows unauthenticated attackers to execute arbitrary JavaScript via malicious HTML emails, enabling session hijacking and data theft in compromised Zimbra environments. CISA ordered U.S. federal agencies to patch the flaw by April 1, 2026 under BOD 22-01 and encouraged all organizations to apply mitigations promptly. Russian state-sponsored threat group APT28 (Fancy Bear, Strontium), linked to Russia's military intelligence service (GRU), is actively exploiting CVE-2025-66376 in attacks targeting Ukrainian government entities, including the Ukrainian State Hydrology Agency, as part of a phishing campaign codenamed Operation GhostMail. The attack chain relies on malicious HTML email bodies with obfuscated JavaScript payloads that execute silently in vulnerable Zimbra webmail sessions to harvest credentials, session tokens, 2FA codes, saved passwords, and mailbox contents dating back 90 days, with data exfiltrated over DNS and HTTPS. This exploitation follows prior Russian campaigns against Zimbra infrastructure, including operations by Winter Vivern (since February 2023) and APT29 (Cozy Bear, Midnight Blizzard) in October 2024.