general · TheHackerNews
Progress Software has urged ShareFile customers to shut down Windows servers running Storage Zone Controllers due to a credible external security threat. The company temporarily disabled access to affected accounts as a precautionary measure while engaging internal and external security experts. Progress reports no evidence of unauthorized access to ShareFile accounts or data, but the specific nature of the threat remains undisclosed. In parallel, Zimbra patched a critical stored cross-site scripting (XSS) vulnerability in its Classic Web Client that could enable arbitrary code execution through specially crafted emails. Additionally, the Jscrambler npm package was compromised via stolen publishing credentials to distribute a multi-platform information stealer targeting developer secrets across Windows, macOS, and Linux environments.
Defense contractors and SaaS teams relying on these widely-deployed collaboration and email platforms should treat Storage Zone Controller patching as urgent and validate their current Zimbra and npm dependency versions immediately. For organizations under CMMC observation or SOC2 audit scope, supply-chain integrity—particularly around development tools and third-party software updates—is a direct control requirement. Healthcare providers and fintechs handling regulated data should prioritize email security patching under HIPAA and NIST 800-171 frameworks. The convergence of trusted-software compromise and developer-focused attacks underscores why software bill-of-materials (SBOM) and patch-management workflows need stress-testing; an Omniware engagement can scope third-party risk and update cadence in detail.
Source: The Hacker News - https://thehackernews.com/2026/07/weekly-recap-sharefile-threat-citrix.html
Source: TheHackerNews
All briefings