Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SmarterTools hit by ransomware attack

Incident
First reported
Last updated
Happening score
H score 44
3 unique sources, 3 articles

Summary

Hide ▲

SmarterTools suffered a ransomware attack on January 29 after attackers used an unpatched SmarterMail VM to gain access, disrupting the company’s office network and a data center and raising the risk of broader internal compromise. The intrusion matters because the attackers moved laterally and compromised 12 Windows servers before the environment was shut down and remediated.

Related Happenings

Instructure hit by cyberattack

Incident
First: 04.05.2026 01:16 Last: 04.05.2026 01:16 Sources 1

About this happening: **Instructure** disclosed a **cybersecurity incident** that exposed user information and prompted an investigation with outside experts and law enforcement. The event matters beca...

Latest development: 14.05.2026 23:19

The House Committee on Homeland Security and the US Senate Committee on Health, Education, Labor, and Pensions sought briefings from Instructure over the Canvas compromise, pressing the edtech vendor on whether it paid a ransom, what data was affected, how it handled the recent attacks, and whether the incident was linked to a prior Salesforce compromise.

Open Happening

DigiCert hit by network compromise

Incident
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

About this happening: DigiCert disclosed an **early April** **support environment compromise** that exposed **initialization codes** for approved **EV code-signing certificate orders**, creating a path...

Latest development: 04.05.2026 15:46

By April 17, DigiCert revoked 60 certificates tied to the support-portal compromise, including 27 explicitly linked to the threat actor and 11 used to sign Zhong Stealer, and canceled pending orders to close attacker access. DigiCert also enforced multi-factor authentication for administrative workflows, blocked access to initialization codes from proxied support users, restricted file types for support chat and Salesforce case attachments, and improved logging.

Open Happening

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

About this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...

Open Happening

Victim-1 hit by cyberattack

Incident
First: 03.04.2026 12:04 Last: 03.04.2026 12:04 Sources 1

About this happening: **Victim-1** suffered an **unauthorized-access lockout incident** that denied domain administrator access and disrupted **254 servers** and **3,284 workstations**. The intruder us...

Open Happening

University of Mississippi Medical Center (UMMC) hit by ransomware attack

Incident
First: 20.02.2026 13:50 Last: 20.02.2026 13:50 Sources 1

About this happening: The **University of Mississippi Medical Center (UMMC)** suffered a **ransomware attack** that forced **all clinic locations statewide** to close and disrupted access to **Epic ele...

Open Happening

Timeline

  1. 10.02.2026 12:24 2 articles · 3mo ago

    Warlock SmarterMail breach analysis links CVE-2026-23760 and CVE-2026-24423

    Technical Analysis Update

    ReliaQuest identified activity likely tied to Warlock on SmarterTools systems that abused CVE-2026-23760 to bypass SmarterMail authentication, stage ransomware payloads on internet-facing systems, and chain the access with the software's built-in Volume Mount feature to gain full system control before installing Velociraptor; CISA also confirmed CVE-2026-24423 was being exploited in ransomware attacks.

    Show sources
    Open in new tab
  2. 09.02.2026 14:02 1 articles · 3mo ago

    SmarterTools ransomware intrusion and containment on January 29

    Victim Impact Update

    An unpatched SmarterMail VM gave attackers initial access to SmarterTools, after which they moved laterally into the Windows environment and compromised 12 servers in a data center supporting quality control testing systems, the SmarterTools portal, and Hosted SmarterTrack; the company’s office network was also impacted, and SmarterTools shut off servers at both locations and disabled internet access while evaluating the breach.

    Show sources
    Open in new tab
  3. 09.02.2026 14:02 1 articles · 3mo ago

    SmarterTools publicly attributes the ransomware attack and urges SmarterMail updates

    Initial Disclosure

    On February 9, SmarterTools publicly said the ransomware attack was carried out by Warlock, identified an unpatched SmarterMail VM as the entry point, and said the likely exploited flaw was CVE-2026-24423 (CVSS 9.3), with CVE-2026-23760 and CVE-2025-52691 also patched on January 15; the company advised customers to update SmarterMail to the latest version after build 9518 and build 9526 updates.

    Show sources
    Open in new tab