heise online

Roundcube Webmail: Attacks with forged attachments

IT security researchers have observed attacks on a stored cross-site scripting vulnerability in Roundcube Webmail. An update is available. Attackers are attempting to abuse a security vulnerability in ...
Bleeping Computer

Hacker selling critical Roundcube webmail exploit as tech info disclosed

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...
heise online

Roundcube Webmail: More than 10,000 vulnerable instances in Germany

A code-smuggling gap in the Roundcube webmailer is already under attack. Tens of thousands of systems worldwide are still vulnerable. The critical security vulnerability in Roundcube Webmail that ...
Bleeping Computer

Hackers exploit Roundcube webmail flaw to steal email, credentials

Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the ...
Hackaday

This Week In Security: Roundcube, Unified Threat Naming, And AI Chat Logs

Up first, if you’re running a Roundcube install prior to 1.5.10 or 1.6.11, it’s time to update. We have an authenticated Remote Code Execution (RCE) in the Roundcube Webmail client. And while that’s ...