Winter Vivern Capitalizes on Zero-Day Flaw in Roundcube

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The Winter Vivern cyberespionage group has been actively exploiting a zero-day vulnerability in the Roundcube webmail. The identified vulnerability, CVE-2023-5631, permits stored cross-site scripting through HTML email messages, enabling remote attackers to execute arbitrary JavaScript code. This vulnerability is leveraged by the Threat Actors to harvest email messages from the accounts of the victims.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.