Roundcube – WindowsTechs.com

This Week in Security: The Geopolitical Kernel, Roundcube, and The Archive

Posted on October 25, 2024 by Jonathan Bennett

Leading off the week is the controversy around the Linux kernel and an unexpected change in maintainership. The exact change was that over a dozen developers with ties to or …read more Continue reading This Week in Security: The Geopolitical Kernel, Roundcube, and The Archive→

Posted on October 22, 2024 by Zeljka Zorz

Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Ro… Continue reading Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)→

Posted on August 7, 2024 by Zeljka Zorz

Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Round… Continue reading Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)→

Posted on February 19, 2024 by Ionut Arghire

Russian cyberespionage group targets European government, military, and critical infrastructure entities via Roundcube vulnerabilities.
The post Russian Cyberspies Exploit Roundcube Flaws Against European Governments appeared first on SecurityWeek.
Continue reading Russian Cyberspies Exploit Roundcube Flaws Against European Governments→

Posted on February 13, 2024 by Eduard Kovacs

CISA has added the Roundcube flaw tracked as CVE-2023-43770 to its known exploited vulnerabilities catalog.
The post CISA Warns of Roundcube Webmail Vulnerability Exploitation appeared first on SecurityWeek.
Continue reading CISA Warns of Roundcube Webmail Vulnerability Exploitation→

Posted on February 13, 2024 by Zeljka Zorz

CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Abou… Continue reading Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)→

Posted on October 27, 2023 by Jonathan Bennett

This week we got news of a security incident at 1Password, and we’re certain we aren’t the only ones hoping it’s not a repeat of what happened at LastPass. 1Password …read more Continue reading This Week in Security: 1Password, Polyglots, and Roundcube→

Posted on October 25, 2023 by Ionut Arghire

Russian APT Winter Vivern exploits a zero-day in the Roundcube webmail server in attacks targeting European governments.
The post Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day appeared first on SecurityWeek.
Continue reading Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day→

Posted on October 25, 2023 by Waqas

By Waqas
ESET Research Uncovers New Targeted Campaign Impacting European Governments and Think Tanks.
This is a post from HackRead.com Read the original post: APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities
Continue reading APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities→

Posted on October 25, 2023 by Zeljka Zorz

The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation … Continue reading Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)→