Hackers target vulnerabilities in Roundcube Webmail

CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog.

Roundcube Webmail: Attacks on security vulnerabilities ongoing

The IT security authority CISA warns of currently observed attacks on Roundcube webmail vulnerabilities. Admins should update ...
SecurityWeek

Recent RoundCube Webmail Vulnerability Exploited in Attacks

The US cybersecurity agency CISA on Friday warned of two RoundCube Webmail vulnerabilities being exploited in the wild. Prevalent within government and enterprise networks, RoundCube Webmail is a ...
Cyber Daily

You’ve got mail: Pair of RoundCube Webmail vulnerabilities added to KEV Catalog

CVE-2025-68461 was only disclosed last December, and impacts versions of Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12. This is a cross-site-scripting vulnerability with a CVSS score of 7.2, ...
Hackaday

This Week In Security: Roundcube, Unified Threat Naming, And AI Chat Logs

Up first, if you’re running a Roundcube install prior to 1.5.10 or 1.6.11, it’s time to update. We have an authenticated Remote Code Execution (RCE) in the Roundcube Webmail client. And while that’s ...
Infosecurity-magazine.com

Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers

ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new ...
Bleeping Computer

CISA: Roundcube email server bug now exploited in attacks

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent ...
Bleeping Computer

European govt email servers hacked using Roundcube zero-day

The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and think tanks since at least October 11. The Roundcube ...
WeLiveSecurity

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...
WeLiveSecurity

Roundcube Webmail servers under attack – Week in security with Tony Anscombe

This week, ESET research described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to target European governmental entities and a think ...
Hackaday

This Week In Security: 1Password, Polyglots, And Roundcube

This week we got news of a security incident at 1Password, and we’re certain we aren’t the only ones hoping it’s not a repeat of what happened at LastPass. 1Password has released a PDF report on the ...