Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA BOD 22-01 Zimbra patch order

Public Sector Action
First reported
Last updated
Happening score
H score 34
1 unique sources, 2 articles

Summary

Hide ▲

CISA ordered Federal Civilian Executive Branch agencies to secure Zimbra Collaboration Suite (ZCS) servers against CVE-2025-66376, an actively exploited flaw that could enable session hijacking and data theft. The directive gave agencies two weeks to act, with a deadline of April 1st, because exposed mail systems remain a live attack surface. CISA also urged other organizations to patch or mitigate the issue as soon as possible.

Related Happenings

CISA KEV remediation order for CVE-2026-48907

Public Sector Action
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...

CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw

Public Sector Action
H score36 First: 16.06.2026 13:47 Last: 16.06.2026 13:47 Sources 1

About this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
H score36 First: 12.06.2026 11:26 Last: 12.06.2026 11:26 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...

CISA KEV update and FCEB remediation deadline

Public Sector Action
H score33 First: 10.06.2026 17:44 Last: 10.06.2026 17:44 Sources 1

About this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...

CISA KEV order for FCEB remediation of CVE-2026-50751

Public Sector Action
H score43 First: 09.06.2026 11:18 Last: 09.06.2026 11:18 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...

Timeline

  1. 18.03.2026 21:57 2 articles · 3mo ago

    CISA orders federal agencies to patch Zimbra CVE-2025-66376

    Legal Policy Action Update

    CISA ordered U.S. federal civilian agencies to secure Zimbra Collaboration Suite (ZCS) against CVE-2025-66376, a stored cross-site scripting flaw in the Classic UI that attackers could trigger through CSS @import directives in email HTML. The directive set an April 1 remediation deadline under Binding Operational Directive (BOD) 22-01 and urged other organizations to apply vendor mitigations or discontinue use of the product if mitigations were unavailable.

    Show sources