#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Maximizing Efficiency and Security in Government Cloud Environments

Roundcube | Breaking Cybersecurity News | The Hacker News

Category — Roundcube
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Jun 03, 2025 Email Security / Vulnerability
Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113 , carries a CVSS score of 9.9 out of 10.0. It has been described as a case of post-authenticated remote code execution via PHP object deserialization. "Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization," reads the description of the flaw in the NIST's National Vulnerability Database (NVD). The shortcoming, which affects all versions of the software before and including 1.6.10, has been addressed in 1.6.11 and 1.5.10 LTS . Kirill Firsov, founder and CEO of FearsOff, has been credited with discovering and repor...
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

May 15, 2025 Vulnerability / Email Security
A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has been attributed with medium confidence to the Russian state-sponsored hacking group tracked as APT28, which is also referred to as BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422. "The ultimate goal of this operation is to steal confidential data from specific email accounts," ESET researcher Matthieu Faou said in a report shared with The Hacker News. "Most victims are governmental entities and defense companies in Eastern Europe, although we have observed governments in Africa, Europe, and South ...
Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

Feb 13, 2024 Vulnerability / Email Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  added  a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The issue, tracked as  CVE-2023-43770  (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of linkrefs in plain text messages. "Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages," CISA said. According to a description of the bug on NIST's National Vulnerability Database (NVD), the vulnerability impacts Roundcube versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. The flaw was  addressed  by Roundcube maintainers with  version 1.6.3 , which was released on September 15, 2023. Zscaler security researcher Niraj Shivtarkar has be...
cyber security

Navigating the Maze: How to Choose the Best Threat Detection Solution

websiteSygniaThreat Detection / Cybersecurity
Discover how to continuously protect your critical assets with the right MDR strategy. Download the Guide.
cyber security

Phishing Response Automation Playbook: Reduce Security Analysts' Time on Phishing Alerts

websiteUnderdefensePhishing Protection / Incident Response
Automate your phishing detection and response: from identifying phishing emails to conducting impact analysis and remediation. This playbook includes a phishing response checklist and a step-by-step guide for handling detected phishing emails.
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Oct 25, 2023 Threat Intelligence / Vulnerability
The threat actor known as  Winter Vivern  has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou  said  in a new report published today. Previously, it was using known vulnerabilities in Roundcube and Zimbra, for which proofs-of-concept are available online." Winter Vivern, also known as TA473 and UAC-0114, is an  adversarial collective  whose objectives align with that of Belarus and Russia. Over the past few months, it has been attributed to attacks against Ukraine and Poland, as well as government entities across Europe and India. The group is also assessed to have exploited another flaw Roundcube as recently as August and September (CVE-2020-35730), making it the  second nation-state group after APT28  to target the op...
Expert Insights Articles Videos
Cybersecurity Resources