Telegram Channels Expose Rapid Weaponization of SmarterMail Flaws

Telegram Channels Expose Rapid Weaponization of SmarterMail Flaws 🚨

Flare researchers monitoring underground Telegram channels and cybercrime forums have observed threat actors rapidly sharing proof-of-concept exploits, offensive tools, and stolen administrator credentials related to recently disclosed SmarterMail vulnerabilities. This provides insight into how quickly attackers weaponize new security flaws.

In parallel, additional vulnerabilities CVE-2026-23760 (CVSS 9.3) include authentication bypass and password reset logic flaws. This allows attackers to reset administrator credentials or gain privileged access to the platform. Research shows that attackers were quickly reverse-engineering patches to identify and weaponize these weaknesses within days of release.

When combined, these issues enabled full server takeover scenarios, where attackers could move from application-level access to operating system control and potentially domain-level compromise in connected environments.

CISA added CVE-2026-24423 to the Known Exploited Vulnerabilities catalog in early February 2026, after confirming active ransomware exploitation. This confirms that attackers are quick to exploit newly discovered critical RCE-related vulnerabilities: Vulnerability disclosure, PoC written and released, mass scanning operation, weaponization, data exfiltration, ransomware, etc. The timeline has shrunk from months/weeks to days.

For more details, check out the full article: Read full article