Security · 3h ago
China-Linked Hackers Exploit Roundcube Flaws at US, Canadian Universities
A China-aligned threat group exploited patched Roundcube vulnerabilities (CVE-2024-42009, CVSS 9.3) to steal credentials from physics and engineering departments at US and Canadian universities. The campaign targeted open-source webmail software, highlighting ongoing risks to academic institutions. Patches were available before the attacks, underscoring the importance of timely updates.
Meridian48 take
The targeting of academic departments suggests espionage motives, but the reliance on already-patched flaws indicates basic security hygiene failures.
Read the full reporting
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities →
The Hacker News
roundcube-exploitchina-hackers