Add Yahoo as a preferred source to see more of our stories on Google. This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily ...

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent ...

ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new ...

Up first, if you’re running a Roundcube install prior to 1.5.10 or 1.6.11, it’s time to update. We have an authenticated Remote Code Execution (RCE) in the Roundcube Webmail client. And while that’s ...

The threat associated with a critical decade-old remote code execution vulnerability in Roundcube webmail has increased sharply in recent days, with proof-of-concept (PoC) code for the bug becoming ...

A malware group has been busy creating a dangerous new vulnerability in the Roundcube webmail service, which is popular in European government circles. What makes this issue so important is that is a ...

The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and think tanks since at least October 11. The Roundcube ...

New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail Your email has been sent After reading the technical details about this zero-day that targeted governmental ...

This week we got news of a security incident at 1Password, and we’re certain we aren’t the only ones hoping it’s not a repeat of what happened at LastPass. 1Password has released a PDF report on the ...

A relentless team of pro-Russia hackers has been exploiting a zero-day vulnerability in widely used webmail software in attacks targeting governmental entities and a think tank, all in Europe, ...

This week, ESET research described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to target European governmental entities and a think ...

CISOs need to ensure that web email clients and browsers are kept up to date following the discovery of cross site scripting attacks on organizations running webmail clients such as Roundcube, Horde, ...