A malware group has been busy creating a dangerous new vulnerability in the Roundcube webmail service, which is popular in European government circles. What makes this issue so important is that ...

By sending this email, attackers could inject arbitrary JavaScript code into the victim’s Roundcube session, ultimately enabling them to access and exfiltrate email messages. ESET warned that Winter ...

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.

ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe.

The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day since at least October 11 to attack European government entities and think tanks.

New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail Your email has been sent After reading the technical details about this zero-day that targeted ...

Roundcube released a patch soon after, but the zero-day vulnerability could expose all a user’s emails simply by viewing an innocent looking message.

A vulnerability in the Roundcube email server platform is being actively exploited, the US government warns, urging its bodies to apply the patch and secure their instances sooner, rather than ...

ESET researchers have revealed that the Winter Vivern Russian hacking group has exploited a zero-day vulnerability in Roundcube Webmail, targeting various European government entities and think tanks.

Open-source webmail project Roundcube has merged its operations with open-source file syncing and sharing software company Nextcloud after the founder of the mail project decided he wanted out ...