#WebmailSecurity

Roundcube Webmail Vulnerability Exploited in Government Attack

by

October 21, 2024 at 05:58AM An XSS vulnerability in Roundcube Webmail has been exploited for code execution in an attack against a governmental organization in a CIS country, as reported by SecurityWeek. **Meeting Notes Takeaways:** 1. **Vulnerability Identified**: There is an XSS (Cross-Site Scripting) vulnerability in Roundcube Webmail. 2. **Target of Exploitation**: This vulnerability has … Read more

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

by

August 7, 2024 at 10:57AM Security researchers disclosed security flaws in Roundcube webmail software that could allow attackers to execute malicious JavaScript, steal sensitive information, and gain persistent foothold in browsers. The three vulnerabilities have been addressed in Roundcube versions 1.6.8 and 1.5.8 released on August 4, 2024. Additionally, a local privilege escalation flaw in … Read more