Dark Reading

PoC Code Escalates Roundcube Vuln Threat

The threat associated with a critical decade-old remote code execution vulnerability in Roundcube webmail has increased sharply in recent days, with proof-of-concept (PoC) code for the bug becoming ...
Bleeping Computer

Hacker steals 1 million Cock.li user records in webmail data breach

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. The ...
techtimes

Winter Vivern Russian Hacking Group Exploits Zero-Day in Roundcube Webmail Software

According to ESET Research, Winter Vivern is a Russian hacking group that has been operating since 2020. The notorious cybercriminals reportedly target governments across Central Asia and Europe. The ...
Hackaday

This Week In Security: Roundcube, Unified Threat Naming, And AI Chat Logs

Up first, if you’re running a Roundcube install prior to 1.5.10 or 1.6.11, it’s time to update. We have an authenticated Remote Code Execution (RCE) in the Roundcube Webmail client. And while that’s ...