IT security researchers have observed attacks on a stored cross-site scripting vulnerability in Roundcube Webmail. An update is available. Attackers are attempting to abuse a security vulnerability in ...

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...

Attackers can exploit several vulnerabilities in Roundcube Webmail and, in the worst case, view emails from victims or even send them in their name. One vulnerability is classified as"critical".

ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new ...

A malware group has been busy creating a dangerous new vulnerability in the Roundcube webmail service, which is popular in European government circles. What makes this issue so important is that is a ...

Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the ...

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...

ESET researchers have revealed that the Winter Vivern Russian hacking group has exploited a zero-day vulnerability in Roundcube Webmail, targeting various European government entities and think tanks.

This week, ESET research described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to target European governmental entities and a think ...