Attackers are actively targeting a severe remote code execution vulnerability that Zimbra recently disclosed in its SMTP server, heightening the urgency for affected organizations to patch vulnerable instances right away. The bug, identified as CVE-2024-45519, is present in the Zimbra postjournal service component for email journaling and archiving. It allows an unauthenticated remote attacker to execute arbitrary commands on a vulnerable system and take control of it. Zimbra issued updates for affected versions last week but has not released any details of the flaw so far. Ivan Kwiatkowski, a threat researcher at HarfangLab, said the malcious emails are coming from 79.124.49[.]86, which appears to be based in Bulgaria. "If you're using @Zimbra, mass-exploitation of CVE-2024-45519 has begun. Patched on 1 Oct.