Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can be done remotely by sending a specially crafted email message,” the researchers noted. “No manual interaction other than viewing the message in a web browser is required.” Exploting CVE-2023-5631 Roundcube is an open-source browser-based email client … More →

The post …

0 day apt communications cve don't miss email entities eset europe exploitation exploited exploiting government government-backed attacks hot stuff message open source researchers roundcube roundcube webmail servers spy tank vulnerability webmail winter winter vivern xss zero-day zero-day vulnerability