- SmarterTools hit by Warlock ransomware exploiting CVE-2026-23760 in SmarterMail
- Breach affected office network and data center, but business apps and account data stayed safe
- Company patched vulnerability, ditched Windows servers, and dropped Active Directory to prevent recurrence
American software company SmarterTools confirmed being struck with ransomware, but said the attack did not affect its business applications, or account data.
In a data breach notification published on the company’s website, Chief Commercial Officer Derek Curtis said that the company missed updating a server, which was then compromised through a known vulnerability.
“Prior to the breach, we had approximately 30 servers/VMs with SmarterMail installed throughout our network. Unfortunately, we were unaware of one VM, set up by an employee, that was not being updated. As a result, that mail server was compromised, which led to the breach,” Curtis explained.
Linux and Windows
The vulnerability in question, as per BleepingComputer, is CVE-2026-23760, an authentication bypass flaw in SmarterMail before Build 9518 which allows resetting administrator passwords and obtaining full privileges.
Curtis also said that SmarterTools isolates its networks in case of a breach, which allowed its website, shopping cart, My Account portal, and other services, to remain online while the issue was being addressed. “None of our business applications or account data were affected or compromised,” he added.
The office network, and a data center where most of the quality control work is being done, were affected, it was further explained.
CyberInsider said the breach was attributed to the Warlock ransomware gang, allegedly famous for targeting Microsoft-based infrastructure. This group seems to have attacked SmarterTools with a Windows-based encryptor, while the majority of the infrastructure was on Linux.
“Because we are primarily a Linux company now, only about 12 Windows servers looked to be compromised and, on those servers, our virus scanners blocked most efforts,” Curtis also said. “None of the Linux servers were affected.”
To make sure there is no sequel, SmarterTools ditched Windows entirely, wherever it could, and no longer uses Active Directory services (which the crooks used to move laterally throughout the network.)
Those of you running SmarterTools, worrying you might be next, should make sure to upgrade to Build 9518 (January 15) to patch the vulnerability. Build 9526, released on January 22, complements the fixes with additional improvements.
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.