SecurityWeek

Recent RoundCube Webmail Vulnerability Exploited in Attacks

The US cybersecurity agency CISA on Friday warned of two RoundCube Webmail vulnerabilities being exploited in the wild. Prevalent within government and enterprise networks, RoundCube Webmail is a ...

Roundcube Webmail: Attacks on security vulnerabilities ongoing

The IT security authority CISA warns of currently observed attacks on Roundcube webmail vulnerabilities. Admins should update.
Cyber Daily

You’ve got mail: Pair of RoundCube Webmail vulnerabilities added to KEV Catalog

CVE-2025-68461 was only disclosed last December, and impacts versions of Roundcube Webmail before 1.5.12 and 1.6 before ...
Bleeping Computer

CISA: Roundcube email server bug now exploited in attacks

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent ...
TechRadar

Roundcube email flaw is being exploited, so patch now, US government warns

A vulnerability in the Roundcube email server platform is being actively exploited, the US government warns, urging its bodies to apply the patch and secure their instances sooner, rather than later.
WeLiveSecurity

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...