{"id":189908,"date":"2026-02-23T11:50:00","date_gmt":"2026-02-23T16:50:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/23\/hackers-target-vulnerabilities-in-roundcube-webmail\/"},"modified":"2026-02-23T11:55:08","modified_gmt":"2026-02-23T16:55:08","slug":"hackers-target-vulnerabilities-in-roundcube-webmail","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/23\/hackers-target-vulnerabilities-in-roundcube-webmail\/","title":{"rendered":"Hackers target vulnerabilities in Roundcube Webmail"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/hackers-target-vulnerabilities-in-roundcube-webmail\/812839\/\">Hackers target vulnerabilities in Roundcube Webmail<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/hackers-target-vulnerabilities-in-roundcube-webmail\/812839\/\">https:\/\/www.cybersecuritydive.com\/news\/hackers-target-vulnerabilities-in-roundcube-webmail\/812839\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-23 11:50:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Threat actors are targeting a critical and high severity vulnerability in Roundcube Webmail, which is widely used in government and higher education, according to security researchers.\u00a0<br \/>\nThe Cybersecurity and Infrastructure Security Agency on Friday added the vulnerabilities, tracked as CVE-2025-49113 and CVE-2025-68461, to its Known Exploited Vulnerabilities catalog.\u00a0<br \/>\nThe more severe flaw, CVE-2025-49113, is linked to a deserialization vulnerability in Roundcube Webmail that has remained hidden for about 10 years, according to researchers. The flaw had a severity score of 9.9.\u00a0<\/p>\n<p>\u201cRoundcube is not new to this game,\u201d Ryan Dewhurst, head of proactive threat intelligence at watchTowr, told Cybersecurity Dive. \u201cIt has been repeatedly targeted in real world exploitation campaigns for a simple reason. It\u2019s widely used and webmail services are a goldmine.\u201d\u00a0<br \/>\nThe flaw was disclosed in June 2025, and Shadowserver at the time reported about 84,000 instances were vulnerable. Researchers also noted that Roundcube flaws were frequently the target of attacks by state-linked hackers.\u00a0<br \/>\nThe second vulnerability, CVE-2025-68461, is related to a cross-site-scripting vulnerability. It was patched in December.\u00a0<br \/>\nRoundcube, in a December advisory, urged users to update to fixed versions.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers target vulnerabilities in Roundcube Webmail https:\/\/www.cybersecuritydive.com\/news\/hackers-target-vulnerabilities-in-roundcube-webmail\/812839\/ Publish Date: 2026-02-23 11:50:00 Source Domain: www.cybersecuritydive.com Author:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":189909,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/zWLKYoSHVw3zJb_OkwiX9FhFUi2UgioxhcDhgKQCt_Q\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMTU2OTU1NjQwLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-189908","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189908"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=189908"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189908\/revisions"}],"predecessor-version":[{"id":189910,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189908\/revisions\/189910"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/189909"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=189908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=189908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=189908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}