The Ukrainian State Hydrology Agency
March 19, 2026
•[ phishing, vulnerability exploitation, XSS ]
BleepingComputer reported that Russia-linked APT28 (GRU) exploited a Zimbra Collaboration Suite vulnerability (CVE-2025-66376) in attacks targeting Ukrainian government entities. Researchers described a phishing operation (Operation GhostMail) where a single HTML email body triggered obfuscated JavaScript exploiting the Zimbra XSS flaw when opened in a vulnerable webmail session. The payload was described as harvesting credentials, session tokens, backup 2FA codes, browser-saved passwords, and mailbox contents going back 90 days, with exfiltration over DNS and HTTPS. One referenced target was the Ukrainian State Hydrology Agency.
Wikimedia Foundation
March 5, 2026
•[ JavaScript worm, script injection, vandalism ]
A self-propagating JavaScript worm modified user scripts and vandalized Meta-Wiki pages, triggering automated edits that injected hidden scripts and disruptive content. Wikimedia engineers temporarily restricted editing across projects during investigation and cleanup, then reverted malicious changes and restored editing. Reporting indicated nearly 4,000 pages were modified and about 85 users had their common.js files replaced during the incident.
European Space Agency
December 23, 2024
•[ hack, xss, government ]
The European Space Agency's official web shop is hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.
Government organization in Pakistan
November 15, 2023
•[ hack, xss, government ]
Researchers from Google's Threat Analysis Group (TAG) discover a campaign targeting government organization in Pakistan, exploiting the CVE-2023-37580 Zimbra email server vulnerability.
Government organization in Greece
November 15, 2023
•[ espionage, xss, government ]
Researchers from Google's Threat Analysis Group (TAG) discover a campaign targeting a government organization in Greece, exploiting the CVE-2023-37580 Zimbra email server vulnerability.
Government Agencies in Ukraine
April 14, 2022
•[ hack, xss, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) reveal the details of a campaign targeting organizations in Ukraine and exploiting the Zimbra CVE-2018-6882 vulnerability.
WordPress Multilingual Plugin (WPML) users
January 19, 2019
•[ hack, xss, technology ]
The web site for the WordPress Multilingual Plugin (WPML) WordPress plugin is hacked and users of the plugin start receiving emails stating that the plugin is filled with vulnerabilities.
Etherscan
July 23, 2018
•[ hack, xss, finance ]
Visitors of the popular Ethereum blockchain explorer Etherscan.io are shown a pop-up message showing "1337" indicating the website has been compromised.
Castorama
June 8, 2016
•[ hack, xss, retail ]
French DIY goods store Castorama pull its website offline after unknown attackers manipulated the site search function to suggest rude versions of household appliances.
