Skip to main content

Tag: roundcube

14 articles

University hallway with generic furnishings and decor, daytime scene.

Hackers Exploit Roundcube Flaw to Target Academic Researchers

A new wave of cyber attacks linked to China is targeting academic researchers in the US and Canada, specifically those in physics, engineering, and national security-related fields, by exploiting a vulnerability in Roundcube webmail servers. The campaign, tracked as 'UNK_MassTraction', has been ongoing since May and has already hit several universities.

Analyst 207
University campus scene with a building and clock tower, hint of computer equipment in foreground.

China-Aligned Hackers Exploit Roundcube Servers at US, Canada Universities

China-aligned hackers are targeting universities in the US and Canada, exploiting vulnerable Roundcube webmail servers to gain access to sensitive physics and engineering departments with potential national security links. This latest campaign highlights the ongoing threat of email-based attacks and the need for robust server security.

Analyst 207
University computer lab with laptops and ordinary lighting.

China-Aligned Hackers Exploit Roundcube Flaws to Infiltrate Universities

China-aligned hackers have launched a sneaky attack on universities, exploiting two flaws in the popular Roundcube webmail client to steal credentials and gain persistent access. At least a few dozen universities are believed to be affected, with Proofpoint researchers confirming fewer than 10 intrusions so far.

Analyst 207
Modern university hallway with offices and classrooms, natural daylight from large windows.

China-Aligned Hackers Exploit Roundcube Flaws at Universities

China-aligned hackers are exploiting vulnerabilities in Roundcube email servers to gain access to sensitive university networks, specifically targeting physics and engineering departments with national security ties. They've cleverly designed their attacks to fly under the radar, using tactics like compromised senders and spoofed domains to reach their targets.

Analyst 207
CISA Adds Two Roundcube Flaws to KEV: Exclusive Critical

CISA Adds Two Roundcube Flaws to KEV: Exclusive Critical

CISA has added two Roundcube vulnerabilities to its KEV list — including a critical 9.9-rated RCE (CVE-2025-49113) — meaning active exploitation is underway. If you run Roundcube, patch now to protect email stores, contacts, and stop attackers from hijacking accounts.

Analyst 207
Hacker steals 1 million Cock.li user records in webmail data breach

Hacker steals 1 million Cock.li user records in webmail data breach

One million Cock.li user records have been stolen in a major webmail breach. Learn how the hack exposed sensitive data and raised cybersecurity concerns.

Analyst 207
Breach Roundup: Critical RCE Flaw in Roundcube Servers

Breach Roundup: Critical RCE Flaw in Roundcube Servers

Breach Roundup: Uncover the critical RCE flaw in Roundcube servers exposing vulnerabilities—immediate action needed to secure your system.

Analyst 207
CISA Expands Catalog of Known Exploited Vulnerabilities with Erlang SSH and Roundcube Issues

CISA Expands Catalog of Known Exploited Vulnerabilities with Erlang SSH and Roundcube Issues

CISA broadens its exploited vulnerabilities catalog by adding Erlang SSH and Roundcube issues, alerting organizations to emerging cyber risks.

Analyst 207
Over 84,000 Roundcube instances vulnerable to actively exploited flaw

Over 84,000 Roundcube instances vulnerable to actively exploited flaw

Over 84,000 Roundcube instances are vulnerable due to an actively exploited flaw. Immediate updates are crucial to secure your email system.

Analyst 207
Hacker selling critical Roundcube webmail exploit as tech info disclosed

Hacker selling critical Roundcube webmail exploit as tech info disclosed

Hacker sells a critical Roundcube webmail exploit as disclosed tech info sparks cybersecurity alarms and prompts urgent vulnerability reviews.

Analyst 207
Legacy Roundcube Vulnerability Lets Authenticated Users Execute Malicious Code

Legacy Roundcube Vulnerability Lets Authenticated Users Execute Malicious Code

Legacy Roundcube vulnerability lets authenticated users execute malicious code. Update immediately to secure your systems.

Analyst 207
Cybersecurity Alert: LummaC2 Malware Exploited to Steal Sensitive Organizational Data

Cybersecurity Alert: LummaC2 Malware Exploited to Steal Sensitive Organizational Data

Urgent cybersecurity alert: LummaC2 malware exploited to steal sensitive organizational data. Strengthen defenses and safeguard your network.

Analyst 207
Russian GRU Cyber Operatives Target Western Tech Firms and Logistics Networks

Russian GRU Cyber Operatives Target Western Tech Firms and Logistics Networks

Russian GRU cyber operatives target Western tech firms and logistics networks with sophisticated cyber attacks that jeopardize global supply chains.

Analyst 207
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

APT28, a Russia-linked group, exploited an MDaemon Zero-Day flaw to compromise government webmail servers, spotlighting critical cybersecurity vulnerabilities.

Analyst 207