Rapid Weaponization of SmarterMail Flaws via Telegram
🚨 Flare researchers observed rapid exploitation after disclosure of critical SmarterMail vulnerabilities CVE-2026-24423 and CVE-2026-23760. Within days, underground Telegram channels and cybercrime forums circulated proof-of-concept exploits, offensive tooling, and stolen administrator credentials, enabling mass scanning and automated compromise. CISA added CVE-2026-24423 to the Known Exploited Vulnerabilities (KEV). Organizations are urged to patch immediately, increase identity telemetry, and segment mail servers to limit lateral movement.
