本記事はキヤノンマーケティングジャパンが提供する「サイバーセキュリティ情報局」に掲載された「Roundcube Webmailサーバーのゼロデイ脆弱性を悪用したWinter Vivernの攻撃」を再編集したものです。 ESET社は、Winter Vivernのサイバースパイ活動を1年以上にわたっ ...

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...

A code-smuggling gap in the Roundcube webmailer is already under attack. Tens of thousands of systems worldwide are still vulnerable. The critical security vulnerability in Roundcube Webmail that ...

Winter Vivern, believed to be a Belarus-aligned hacker, attacked European government entities and a think tank starting on Oct. 11, according to an Ars Technica report Wednesday. ESET Research ...

IT security researchers have observed attacks on a stored cross-site scripting vulnerability in Roundcube Webmail. An update is available. Attackers are attempting to abuse a security vulnerability in ...

The threat associated with a critical decade-old remote code execution vulnerability in Roundcube webmail has increased sharply in recent days, with proof-of-concept (PoC) code for the bug becoming ...

Low-profile threat group Winter Vivern has been exploiting a zero-day flaw in Roundcube Webmail servers with a malicious email campaign targeting governmental organizations and a think tank in Europe ...

Winter Vivern has been targeting Zimbra and Roundcube email servers belonging to governmental entities since at least 2022. For more technical information about Winter Vivern, its latest attack, and ...