A threat actor is offering two Cock.li databases for sale on the dark web Email hosting provider confirms authenticity of the database on sale Users are urged to change their passwords A well-known ...

A code-smuggling gap in the Roundcube webmailer is already under attack. Tens of thousands of systems worldwide are still vulnerable. The critical security vulnerability in Roundcube Webmail that ...

The threat associated with a critical decade-old remote code execution vulnerability in Roundcube webmail has increased sharply in recent days, with proof-of-concept (PoC) code for the bug becoming ...

Up first, if you’re running a Roundcube install prior to 1.5.10 or 1.6.11, it’s time to update. We have an authenticated Remote Code Execution (RCE) in the Roundcube Webmail client. And while that’s ...

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...

The Roundcube email client has a critical remote code execution flaw tracked as CVE-2025-49113 with a CVSS score of 9.9. The vulnerability has been present in Roundmail for over a decade, allowing ...

Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the ...

An XSS vulnerability in Roundcube Webmail has been targeted for code execution against a governmental organization in a CIS country. A threat actor was caught attempting to exploit a recent ...

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials ...

Attackers can exploit several vulnerabilities in Roundcube Webmail and, in the worst case, view emails from victims or even send them in their name. One vulnerability is classified as"critical".