[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:suspected-china-aligned-hackers-exploit-roundcube-flaws-against-universities-mrcqxh7z":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":14,"action_required":17,"article_ids":18,"ioc_summary":20,"source_urls":21,"status":23,"expires_at":24,"created_at":25,"updated_at":26,"articles":27},"c2172adb-06ae-4d30-a759-69e69359862f","Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities","suspected-china-aligned-hackers-exploit-roundcube-flaws-against-universities-mrcqxh7z","China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your institution runs Roundcube webmail, you are a likely target.","critical","advisory",[12,13],"CVE-2024-42009","CVE-2025-49113",[15,16],"Roundcube","Proofpoint","Immediately patch Roundcube to the latest version. Search logs for exploitation of CVE-2024-42009 and CVE-2025-49113. Hunt for web shells and VShell artifacts in webmail directories. Review user sessions for unauthorized access to physics and engineering department accounts.",[19],"e1bad131-9852-46d4-8f4d-ea87195f7b8c",null,[22],"https:\u002F\u002Fthehackernews.com\u002F2026\u002F07\u002Fsuspected-china-aligned-hackers-exploit.html","active","2026-07-11T00:05:56.15+00:00","2026-07-09T00:05:59.431434+00:00","2026-07-09T00:08:37.576789+00:00",[28],{"id":19,"title":6,"url":22}]