<ul><li>Threat actors, possibly supported by the Russian government, hacked high-value mail servers globally by exploiting XSS vulnerabilities.</li><li>XSS vulnerabilities allow attackers to execute malicious code in browsers through programming errors in webserver software.</li><li>The exploits originated from a bug class widely exploited in the past and primarily involve the execution of JavaScript.</li><li>The Kremlin-linked hacking group Sednit gained access to email accounts by targeting vulnerabilities in mail server software like Roundcube, MDaemon, Horde, and Zimbra.</li></ul>

Spies hack high-value mail servers using an exploit from yesteryear

Discover more