June 27, 2024 at 08:33AM CISA has warned about threat actors exploiting vulnerabilities in GeoServer, Linux kernel, and Roundcube Webmail. GeoServer flaw (CVE-2022-24816) allows code injection and remote code execution. Linux kernel flaw (CVE-2022-2586) may lead to privilege escalation. Roundcube Webmail (CVE-2020-13965) has a cross-site scripting issue. CISA urges action to mitigate risks. No prior … Read more
October 25, 2023 at 11:41AM Winter Vivern, a low-profile threat group, has been exploiting a zero-day flaw in Roundcube Webmail servers to target governmental organizations and a think tank in Europe. The group sends a specially crafted email that loads an arbitrary JavaScript code, exploiting a newly discovered cross-site scripting flaw. Roundcube has released security … Read more
October 25, 2023 at 09:41AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11 by exploiting a zero-day vulnerability in Roundcube Webmail. The Roundcube development team has released security updates to fix the vulnerability. The group, also known as TA473, uses phishing emails containing … Read more
October 25, 2023 at 09:19AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11. They have been exploiting a Roundcube Webmail zero-day vulnerability and using phishing emails to inject arbitrary JavaScript code. The group has also targeted Zimbra and previously exploited vulnerabilities in Roundcube … Read more