Hackers target Roundcube webmail application vulnerability, compromise EU govt servers
Take action: An example of relatively low severity score vulnerability that's actively exploited. The fact that a vulnerability is not remotely exploitable doesn't mean that hackers won't find a way to exploit it - this time by packaging the exploit in an e-mail message and persuading a person close to the system run the exploit for them.
A hacking group known as Winter Vivern has been actively targeting European government entities and think tanks since at least October 11th. They have been exploiting a zero-day vulnerability in Roundcube Webmail, a widely used webmail software, to carry out their cyberattacks.
It is crucial for organizations using Roundcube as their webmail software to ensure they are running patched versions to protect against such attacks.