A threat actor is offering two Cock.li databases for sale on the dark web Email hosting provider confirms authenticity of the database on sale Users are urged to change their passwords A well-known ...

A code-smuggling gap in the Roundcube webmailer is already under attack. Tens of thousands of systems worldwide are still vulnerable. The critical security vulnerability in Roundcube Webmail that ...

The threat associated with a critical decade-old remote code execution vulnerability in Roundcube webmail has increased sharply in recent days, with proof-of-concept (PoC) code for the bug becoming ...

Up first, if you’re running a Roundcube install prior to 1.5.10 or 1.6.11, it’s time to update. We have an authenticated Remote Code Execution (RCE) in the Roundcube Webmail client. And while that’s ...

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...

The Roundcube email client has a critical remote code execution flaw tracked as CVE-2025-49113 with a CVSS score of 9.9. The vulnerability has been present in Roundmail for over a decade, allowing ...

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible ...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...

Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the ...

An XSS vulnerability in Roundcube Webmail has been targeted for code execution against a governmental organization in a CIS country. A threat actor was caught attempting to exploit a recent ...