SecurityWeek

Recent RoundCube Webmail Vulnerability Exploited in Attacks

The US cybersecurity agency CISA on Friday warned of two RoundCube Webmail vulnerabilities being exploited in the wild. Prevalent within government and enterprise networks, RoundCube Webmail is a ...
Bleeping Computer

CISA: Roundcube email server bug now exploited in attacks

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent ...
VentureBeat

Massive open source email & collaboration platform Roundcube beats Indiegogo funding goal

Hundreds of millions of people use digital collaboration tools daily. But just three major vertical silos — owned by Google, Microsoft, and Apple — own the majority of the business, collectively ...
Cyber Daily

You’ve got mail: Pair of RoundCube Webmail vulnerabilities added to KEV Catalog

CVE-2025-68461 was only disclosed last December, and impacts versions of Roundcube Webmail before 1.5.12 and 1.6 before ...
WeLiveSecurity

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...
Bleeping Computer

European govt email servers hacked using Roundcube zero-day

The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and think tanks since at least October 11. The Roundcube ...