Skip to content
The Nexus
DossierENTITY

Roundcube

Coverage of Roundcube in the Nexus archive.

Earliest in view: Jul 7 · 09:00 UTCMost recent: Jul 8 · 18:56 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 8 · 18:56 UTCBLEEPING COMPUTER
    Hackers exploit Roundcube flaw to spy on academic researchers

    Hackers linked to China are exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware, targeting academic researchers.

  • SECURITYJul 7 · 09:00 UTCCYBERSCOOP
    Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities

    China-aligned attackers exploited Roundcube vulnerabilities to breach U.S. and Canadian university networks, targeting physics and engineering departments to steal data and establish persistent access. The campaign, linked to the UNK_MassTraction cluster, used CVE-2024-42009 and CVE-2025-49113 to execute JavaScript and gain mailserver access via phishing emails.