ESET researchers have revealed that the Winter Vivern Russian hacking group has exploited a zero-day vulnerability in Roundcube Webmail, targeting various European government entities and think tanks.

A well-known espionage group typically seen supporting Russia and Belarus was caught exploiting a zero-day vulnerability affecting a popular webmail service used by governments across Europe.

Cyber threat intelligence firm Recorded Future has discovered, a Russia-linked APT group has been exploiting security loopholes in the open-source Roundcube webmail software to target mainly Ukrainian ...

A Russian cyberespionage group has been observed exploiting vulnerable Roundcube webmail servers in attacks against European government, military, and critical infrastructure entities, cybersecurity ...

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...

Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been ...

Winter Vivern, believed to be a Belarus-aligned hacker, attacked European government entities and a think tank starting on Oct. 11, according to an Ars Technica report Wednesday. ESET Research ...

According to ESET Research, Winter Vivern is a Russian hacking group that has been operating since 2020. The notorious cybercriminals reportedly target governments across Central Asia and Europe. The ...

Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. The flaw, which impacts Roundcube versions 1.1.0 ...

A Command Injection vulnerability exists in Roundcube versions before 1.4.4, 1.3.11 and 1.2.10. Because the "_im_convert_path" does not perform sanitization/input filtering, an attacker with access to ...

Jesus Vigo reviews the steps necessary to add a front-end webmail application using Roundcube that's hosted on OS X Server. In a previous article, I covered the steps on how to setup and configure the ...