Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

By Newsroom

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of

Related tags
February 13^th 2024 at 04:51

The Hacker News
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
October 25^th 2023 at 13:20

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

By Newsroom

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known

Related tags
October 25^th 2023 at 13:20