The ransomware group breached SmarterTools through a vulnerability in the company's own SmarterMail product.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

The Warlock ransomware group breached SmarterTools by exploiting two critical vulnerabilities (CVE-2026-24423 and CVE-2026-23760) in SmarterMail, the company's own mail server product. CVE-2026-24423 is an unauthenticated RCE flaw in the ConnectToHub API, while CVE-2026-23760 is an authentication bypass enabling forced admin password resets — both scoring 9.3 CVSS. The breach occurred on Jan. 29 via a single unpatched server among 30 SmarterMail instances on the company's network. Twelve Windows servers were compromised; Linux servers were unaffected. In response, SmarterTools isolated networks, eliminated Windows infrastructure where possible, dropped Active Directory, and reset all passwords. Some customers were also impacted, as the Warlock Group installs files and waits up to a week before encrypting data. Both vulnerabilities were patched in SmarterMail release 9511 on Jan. 15, and all users are urged to update immediately.

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs

Threat Actors Target SmarterMail Customers