Jesus Vigo reviews the steps necessary to add a front-end webmail application using Roundcube that's hosted on OS X Server. In a previous article, I covered the steps on how to setup and configure the ...

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...

A malware group has been busy creating a dangerous new vulnerability in the Roundcube webmail service, which is popular in European government circles. What makes this issue so important is that is a ...

New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail Your email has been sent After reading the technical details about this zero-day that targeted governmental ...

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts. Open source webmail provider Roundcube has ...

Open-source webmail project Roundcube has merged its operations with open-source file syncing and sharing software company Nextcloud after the founder of the mail project decided he wanted out. Thomas ...

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...

Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. The flaw, which impacts Roundcube versions 1.1.0 ...

Winter Vivern, believed to be a Belarus-aligned hacker, attacked European government entities and a think tank starting on Oct. 11, according to an Ars Technica report Wednesday. ESET Research ...

This blogpost introduces an operation that we named RoundPress, targeting high-value webmail servers with XSS vulnerabilities, and that we assess with medium confidence is run by the Sednit ...

ESET researchers have revealed that the Winter Vivern Russian hacking group has exploited a zero-day vulnerability in Roundcube Webmail, targeting various European government entities and think tanks.