Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...

Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. The flaw, which impacts Roundcube versions 1.1.0 ...

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts. Open source webmail provider Roundcube has ...

Roundcube is an open-source application for managing email through a Web interface. It runs on Web servers that support the PHP server-side scripting language. Roundcube may be a good choice for your ...

Jesus Vigo reviews the steps necessary to add a front-end webmail application using Roundcube that's hosted on OS X Server. In a previous article, I covered the steps on how to setup and configure the ...

The threat associated with a critical decade-old remote code execution vulnerability in Roundcube webmail has increased sharply in recent days, with proof-of-concept (PoC) code for the bug becoming ...

A malware group has been busy creating a dangerous new vulnerability in the Roundcube webmail service, which is popular in European government circles. What makes this issue so important is that is a ...

A vulnerability in the Roundcube email server platform is being actively exploited, the US government warns, urging its bodies to apply the patch and secure their instances sooner, rather than later.

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...

Low-profile threat group Winter Vivern has been exploiting a zero-day flaw in Roundcube Webmail servers with a malicious email campaign targeting governmental organizations and a think tank in Europe ...