Hackers Exploit Roundcube Email Servers Vulnerability In XSS Cyberattacks To Access Restricted Data, Warns CISA

CISA warns of an actively exploited vulnerability (CVE-2023-43770) in Roundcube email servers, allowing attackers to access restricted information via malicious links. Impacting versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3, the flaw demands immediate updates as per Roundcube's security team. Listed in CISA's Known Exploited Vulnerabilities Catalog, agencies must secure servers by March 4, following BOD 22-01. Read more...