A LinkedIn post from ReliaQuest highlights internal threat research into active exploitation of SmarterMail vulnerabilities, including CVE-2026-23760. According to the post, the observed activity may be linked to Storm-2603, described as a China-based actor associated with Warlock ransomware.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The post indicates that attackers can bypass authentication to reset administrator passwords and then rely on legitimate tools such as Velociraptor to sustain persistent access. It also notes that CISA has warned about exploitation of a separate SmarterMail issue, CVE-2026-24423, and that ReliaQuest has observed possible attempts from distinct infrastructure.
For investors, the post suggests that ReliaQuest is actively engaged in advanced threat research and tracking nation-state–linked or sophisticated ransomware activity, reinforcing its positioning in high-end managed detection and response and threat intelligence services. Demonstrated visibility into emerging vulnerabilities and adversary tradecraft could support customer retention, pricing power, and differentiation versus security competitors.
Heightened awareness of SmarterMail vulnerabilities and related CISA alerts may drive additional demand for incident response, threat monitoring, and advisory services across ReliaQuest’s customer base. Over time, such research-led visibility into emerging threats may translate into upsell opportunities and deeper enterprise integrations, potentially supporting revenue growth and strengthening the company’s role within the cybersecurity ecosystem.