Roundcube email flaws abused in university intrusions tied to China-aligned actors
Source headline: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
Intelligence Summary
A suspected China-aligned threat cluster is exploiting Roundcube webmail vulnerabilities at universities in the U.S. and Canada. The activity targets physics and engineering departments and uses patched critical flaws to gain access. Reported exploitation includes CVE-2024-42009, which carries a high CVSS score. The attackers appear to siphon credentials, increasing the risk of account takeover and lateral movement. Universities using unpatched Roundcube instances should verify they are fully updated and review authentication logs for suspicious behavior.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.