Topic: state-sponsored attackers

Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)

A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...