CybersecurityJuly 7, 2026· via The Hacker News

Hackers Target University Emails via Roundcube Flaws

Hackers Target University Emails via Roundcube Flaws

Image : The Hacker News

A suspected China-aligned hacking group has been caught exploiting critical vulnerabilities in Roundcube, an open-source email platform widely used by physics and engineering departments at universities in the U.S. and Canada. The campaign leverages now-patched flaws, including CVE-2024-42009—a high-severity issue with a CVSS score of 9.3—to harvest user credentials, raising concerns about academic and research data security.

A Targeted Campaign Against Academic Infrastructure

The threat actors, tracked by security researchers, appear to focus on institutions with advanced research programs in physics and engineering. By compromising Roundcube instances, they gain access to sensitive email communications, potentially exposing intellectual property, collaborative research, or administrative data. The use of open-source software in academia makes such attacks particularly disruptive, as universities often lack the resources for rapid patching across large-scale deployments.

Why Roundcube Remains a High-Stakes Target

Roundcube’s popularity in higher education stems from its flexibility and cost-effectiveness, but the latest campaign highlights the risks of delayed updates. Even after patches for CVE-2024-42009 were released, some institutions may have lagged in deployment, creating openings for exploitation. Security teams must prioritize timely updates and monitor for unusual login patterns to mitigate risks.

While the full scope of the breach remains under investigation, the incident underscores the ongoing challenge of securing open-source tools in critical sectors. Universities and research centers should reassess their patch management strategies and consider additional layers of defense, such as multi-factor authentication, to protect against credential theft and lateral movement within networks.


Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on The Hacker News →

← Back to home