← All stories
● Covered by 1 source Β· 1 reportHigh impact

China-Aligned Hackers Target Universities Using Roundcube Vulnerabilities

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

China-aligned hackers exploited critical vulnerabilities in Roundcube to access U.S. and Canadian university email systems. This tactic highlights risks for institutions linked to national security and advanced scientific research, as the attackers utilize phishing and XSS exploits to siphon credentials.

Key points

Exploitation of Roundcube Vulnerabilities

A suspected threat group linked to China has been observed exploiting vulnerabilities in Roundcube webmail software. This activity targets administrators and professors in physics and engineering departments of universities in the U.S. and Canada, taking advantage of critical security flaws like CVE-2024-42009.

Nature of Attacks

The attack exploits now-patched vulnerabilities, including a cross-site scripting (XSS) flaw that only requires victims to open the email in Roundcube. The exploitation allows attackers to execute arbitrary JavaScript code in the context of the victim's browser.

Target Selection and Techniques

The targeted departments were running versions of Roundcube vulnerable to N-day security flaws, suggesting preparatory reconnaissance was conducted before the phishing campaign. Attackers used compromised sender emails and exploited lax DMARC policies to send malicious emails.

Impact of Exploits

The exploit's payload, codenamed IceCube, collects sensitive information, including user credentials, two-factor authentication data, and cookies. The harvested data is relayed to an external system, presenting significant risks for the affected institutions.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2024-420099.3 CRITICAL CVE CVE-2025-491139.9 CRITICAL CVE CVE-2026-552008.1 HIGH CVE CVE-2026-468179.8 CRITICAL

Reporting from

China-aligned hackers exploited critical vulnerabilities in Roundcube to access U.S. and Canadian university email systems. This tactic highlights risks for institutions linked to national security and advanced scientific research, as the attackers utilize phishing and XSS exploits to siphon credentials.