Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

SmarterTools confirmed that the Warlock ransomware gang, also known as Storm-2603, breached its network by exploiting an unpatched SmarterMail server instance. The incident occurred on January 29, 2026, when a mail server that had not been updated to the latest version was compromised, as stated by the company’s Chief Commercial Officer, Derek Curtis. This highlights a critical vulnerability in the organization’s cybersecurity posture due to delayed patching.

The breach underscores the persistent threat posed by ransomware groups targeting unpatched software, particularly in email servers that handle sensitive communications. SmarterTools’ acknowledgment of the incident serves as a cautionary tale for other organizations to prioritize timely updates and robust security measures to prevent similar attacks. The involvement of the Warlock gang, a known threat actor, adds to the urgency of addressing such vulnerabilities across the industry.

Key Takeaways

Ransomware breach via unpatched SmarterMail server on January 29, 2026
Threat actor identified as Warlock gang (Storm-2603)
Importance of timely software updates to prevent exploitation
Incident highlights risks in email server security
SmarterTools publicly confirmed the breach, emphasizing transparency

Threat Actors

Warlock, Storm-2603

Source: The Hacker News

Press ESC to close

Key Takeaways

Threat Actors

Share Article:

Tarang Parmar

ZAST.AI Raises $6M Pre-A to Scale “Zero False Positive” AI-Powered Code Security

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data