Researchers have uncovered a critical zero-click vulnerability in FreeScout, a widely used open-source help desk and shared mailbox application. Dubbed “Mail2Shell,” this flaw allows attackers to hijack mail servers without any user interaction or authentication. The vulnerability, tracked as CVE-2026-28289, bypasses a recently patched Remote Code Execution (RCE) flaw, escalating it into an unauthenticated zero-click […] The post Mail2Shell Zero-Click Attack lets Hackers Hijack FreeScout Mail Servers appeared first on Cyber Security News.