> TritonInfoSec News
Home / Mar 05, 2026 / Story
0
#5 BleepingComputer general March 04, 2026 at 21:51 UTC

Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers

By Bill Toulas

AI Summary

FreeScout helpdesk platform contains a maximum severity zero-click vulnerability dubbed Mail2Shell that allows remote code execution without authentication or user interaction. The flaw represents a patch bypass for an authenticated code execution bug, enabling attackers to achieve full server compromise through email-based exploitation of the open-source support ticket system.

Read full article → https://www.bleepingcomputer.com/news/security/mai…

Relevance score: 88.0/100

# More from March 05

  1. 1
    Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks SecurityWeek
  2. 2
    Global coalition dismantles Tycoon 2FA phishing kit CyberScoop
  3. 3
    FBI seizes LeakBase cybercrime forum, data of 142,000 members BleepingComputer
  4. 4
    VMware Aria Operations Bug Exploited, Cloud Resources at Risk Dark Reading
  5. 6
    New LexisNexis Data Breach Confirmed After Hackers Leak Files SecurityWeek
  6. 7
    Cisco warns of max severity Secure FMC flaws giving root access BleepingComputer
  7. 8
    APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 The Hacker News
  8. 9
    149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict The Hacker News
  9. 10
    Iranian drone strikes hit Amazon data centers in Gulf, disrupting cloud services