Winter Vivern Capitalizes on Zero-Day Flaw in Roundcube
Threat Level – Red | Vulnerability Report
Download PDFThe Winter Vivern cyberespionage group has been actively exploiting a zero-day vulnerability in the Roundcube webmail. The identified vulnerability, CVE-2023-5631, permits stored cross-site scripting through HTML email messages, enabling remote attackers to execute arbitrary JavaScript code. This vulnerability is leveraged by the Threat Actors to harvest email messages from the accounts of the victims.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox