Tag: Roundcube

Winter Vivern Russian Hacking Group Exploits Zero-Day in Roundcube Webmail Software

Winter Vivern Russian Hacking Group Exploits Zero-Day in Roundcube Webmail Software

Felix - April 6, 2024
The threat actor known as Winter Vivern targeted Roundcube webmail software on Oct. 11, exploiting a zero-day vulnerability to gain unauthorized access to email messages.  What is Winter Vivern Hacking Group (Photo: Kris from Pixabay)Winter Vivern exploits a zero-day flaw...
Roundcube email server bug now exploited in attacks

Roundcube email server bug now exploited in attacks

Felix - February 12, 2024
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent cross-site scripting (XSS) bug that lets attackers access restricted information via plain/text messages...
European govt email servers hacked using Roundcube zero-day

European govt email servers hacked using Roundcube zero-day

Felix - December 31, 2023
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and think tanks since at least October 11. The Roundcube development team released security updates fixing the Stored Cross-Site Scripting (XSS)...