🟠 High  |  Source: The Hacker News


A suspected China-aligned threat group is actively exploiting a critical, now-patched vulnerability (CVE-2024-42009, CVSS 9.3) in Roundcube webmail to steal credentials from physics and engineering departments at US and Canadian universities. The campaign highlights the ongoing targeting of academic institutions, likely for intellectual property theft. Roundcube’s widespread use in academia and self-hosted environments makes this a significant concern for organisations that have not yet applied available patches.

Security Architect’s Take: If your organisation runs Roundcube, patch immediately to address CVE-2024-42009 and audit webmail access logs for anomalous authentication or data exfiltration activity. More broadly, consider whether self-hosted webmail is justified given the attack surface it presents, and enforce MFA on all email access points to limit credential-theft impact.

Original advisory: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities