Find notable cyber news and cases, enriched with sources, timelines, and signals.

Roundcube Webmail actively exploited flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 33
2 unique sources, 3 articles

Summary

Hide ▲

Roundcube Webmail is under active exploitation through CVE-2025-49113 and CVE-2025-68461, with attackers also chaining CVE-2024-42009 in phishing-driven intrusions. The activity has been tied to UNK_MassTraction targeting US and Canadian universities, especially physics and engineering departments, to steal credentials and gain network access. CISA placed the flaws in the Known Exploited Vulnerabilities (KEV) Catalog, and Roundcube released 1.6.12 and 1.5.12 to fix affected deployments.

Related Happenings

UNK_MassTraction Roundcube university exploitation campaign

Campaign
H score41 First: 07.07.2026 12:10 Last: 07.07.2026 12:10 Sources 1

How related: The campaign has been observed since May and focuses on physics and engineering departments, administrators and professors, as well as organizations involved in astrophysics, particle physics, or national security-related research.

About this happening: The **UNK_MassTraction** campaign is a **China-linked** activity targeting **Roundcube** webmail at **U.S. and Canadian universities** and related research organizations to steal...

IceCube, SNOWLIGHT, and VShell Roundcube post-exploitation chain

Malware Activity
H score36 First: 07.07.2026 12:10 Last: 07.07.2026 12:10 Sources 1

How related: The JavaScript payload, tracked by Proofpoint as IceCube, was used to steal usernames, passwords, cookies and authentication data.

About this happening: **IceCube** is a **Roundcube** post-exploitation activity targeting **U.S. and Canadian universities** and related research organizations, with observed use since **May** against...

CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)

Advisory/Mitigation
H score38 First: 16.06.2026 08:41 Last: 16.06.2026 08:41 Sources 1

About this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
H score70 First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
H score33 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Timeline

  1. 07.07.2026 18:40 2 articles · 2d ago

    UNK_MassTraction exploits Roundcube mail servers at US and Canadian universities

    Exploitation Observed

    Proofpoint tracked the China-aligned UNK_MassTraction cluster targeting US and Canadian universities, especially physics and engineering departments, by abusing vulnerable Roundcube mail servers. The campaign used phishing emails with malicious content to exploit CVE-2024-42009 and run the IceCube JavaScript payload to steal usernames, passwords, cookies and authentication data, then leveraged CVE-2025-49113 to deploy a webshell or install the VShell backdoor for follow-on access into victim networks.

    Show sources
  2. 23.02.2026 13:44 2 articles · 4mo ago

    CISA flags Roundcube Webmail flaws and orders patching

    Legal Policy Action Update

    CISA added CVE-2025-49113 and CVE-2025-68461 in Roundcube Webmail to its Known Exploited Vulnerabilities Catalog, said the flaws are actively exploited in attacks, and ordered Federal Civilian Executive Branch agencies to secure affected systems within three weeks, by March 13. Roundcube had already released versions 1.6.12 and 1.5.12 to fix the issues in Roundcube 1.6.x and 1.5.x installations.

    Show sources