{"id":213175,"date":"2026-02-09T14:08:00","date_gmt":"2026-02-09T19:08:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/09\/hackers-breach-smartertools-network-using-flaw-in-its-own-software\/"},"modified":"2026-02-13T15:35:11","modified_gmt":"2026-02-13T20:35:11","slug":"hackers-breach-smartertools-network-using-flaw-in-its-own-software","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/09\/hackers-breach-smartertools-network-using-flaw-in-its-own-software\/","title":{"rendered":"Hackers breach SmarterTools network using flaw in its own software"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-breach-smartertools-network-using-flaw-in-its-own-software\/\">Hackers breach SmarterTools network using flaw in its own software<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-breach-smartertools-network-using-flaw-in-its-own-software\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-breach-smartertools-network-using-flaw-in-its-own-software\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-09 14:08:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but it did not impact business applications or account data.<\/p>\n<p>The company&#8217;s Chief Commercial Officer, Derek Curtis, says that the intrusion occurred on January 29, via a single SmarterMail virtual machine (VM)\u00a0set up by an employee.<\/p>\n<p>&#8220;Prior to the breach, we had approximately 30 servers\/VMs with SmarterMail installed throughout our network,&#8221;\u00a0Curtis explained.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/Securing-AI-Agents-970x250.png\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>\u201cUnfortunately, we were unaware of one VM, set up by an employee, that was not being updated. As a result, that mail server was compromised, which led to the breach.\u201d<\/p>\n<p>Although SmarterTools assures that customer data wasn\u2019t directly impacted by this breach, 12 Windows servers on the company\u2019s office network, as well as a secondary data center used for laboratory tests, quality control, and hosting, were confirmed to have been compromised.<\/p>\n<p>The attackers moved laterally from that one vulnerable VM via Active Directory, using Windows-centric tooling and persistence methods. Linux servers, which constitute the majority of the company\u2019s infrastructure, were not compromised by this attack.<\/p>\n<p>The vulnerability exploited in the attack to gain access is CVE-2026-23760, an authentication bypass flaw in SmarterMail before Build 9518, which allows resetting administrator passwords and obtaining full privileges.<\/p>\n<p>SmarterTools reports that the attacks were conducted by the Warlock ransomware group, which has also impacted customer machines using a similar activity.<\/p>\n<p>The ransomware operators waited roughly a week after gaining initial access, the final stage being encryption of all reachable machines.<\/p>\n<p>However, in this case, Sentinel One security products reportedly stopped the final payload from performing encryption, the impacted systems were isolated, and data was restored from fresh backups.<\/p>\n<p>Tools used in the attacks include Velociraptor, SimpleHelp, and&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-breach-smartertools-network-using-flaw-in-its-own-software\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers breach SmarterTools network using flaw in its own software https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-breach-smartertools-network-using-flaw-in-its-own-software\/ Publish Date: 2026-02-09 14:08:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":213176,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2022\/09\/30\/cyber-hacker.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,35,27],"class_list":["post-213175","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-hacker","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213175"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213175"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213175\/revisions"}],"predecessor-version":[{"id":213177,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213175\/revisions\/213177"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213176"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}