Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA BOD 22-01 Zimbra patch order

Public Sector Action
First reported
Last updated
Happening score
H score 52
1 unique sources, 2 articles

Summary

Hide ▲

CISA ordered Federal Civilian Executive Branch agencies to secure Zimbra Collaboration Suite (ZCS) servers against CVE-2025-66376, an actively exploited flaw that could enable session hijacking and data theft. The directive gave agencies two weeks to act, with a deadline of April 1st, because exposed mail systems remain a live attack surface. CISA also urged other organizations to patch or mitigate the issue as soon as possible.

Related Happenings

CISA revises CIRCIA town hall schedule

Public Sector Action
First: 26.05.2026 15:00 Last: 26.05.2026 15:00 Sources 1

About this happening: CISA **revised the schedule** for **virtual town halls** on the **CIRCIA rulemaking**, reopening stakeholder engagement on a cybersecurity reporting rule that will affect **critic...

Open Happening

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

Congress demands CISA answers on GitHub credential leak

Public Sector Action
First: 22.05.2026 19:34 Last: 22.05.2026 19:34 Sources 1

About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...

Open Happening

CISA launches KEV Nomination Form

Public Sector Action
First: 21.05.2026 15:00 Last: 21.05.2026 15:00 Sources 1

About this happening: CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....

Open Happening

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

Timeline

  1. 18.03.2026 21:57 2 articles · 2mo ago

    CISA orders federal agencies to patch Zimbra CVE-2025-66376

    Legal Policy Action Update

    CISA ordered U.S. federal civilian agencies to secure Zimbra Collaboration Suite (ZCS) against CVE-2025-66376, a stored cross-site scripting flaw in the Classic UI that attackers could trigger through CSS @import directives in email HTML. The directive set an April 1 remediation deadline under Binding Operational Directive (BOD) 22-01 and urged other organizations to apply vendor mitigations or discontinue use of the product if mitigations were unavailable.

    Show sources
    Open in new tab