Oddbean

Roundcube Webmail Vulnerability Exploited in Government Attack A threat actor was caught attempting to exploit a recent vulnerability in Roundcube Webmail against a governmental organization in a Commonwealth of Independent States (CIS) country, cybersecurity firm Positive Technologies reports. Tracked as CVE-2024-37383 and described as a cross-site scripting (XSS) issue affecting the way Roundcube was handling SVG animate attributes, the bug was patched on May 19 in Roundcube Webmail versions 1.5.7 and 1.6.7. See more: https://www.securityweek.com/roundcube-webmail-vulnerability-exploited-in-government-attack/ #cybersecurity #security