Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the...

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...

PT-2025-19714 · Unknown · Output Messenger

Name of the Vulnerable Software and Affected Versions: Output Messenger versions prior to 2.0.63 Description: The issue is related to a directory traversal vulnerability in the Output Messenger Server Manager application. This vulnerability allows remote attackers to access sensitive files outsid...