Chinese Cyberespionage Exploits University Roundcube Servers
Campaign Combines XSS and Deserialization to Steal Credentials and Deploy Malware Proofpoint identified a likely China-aligned espionage group exploiting chained Roundcube vulnerabilities to steal credentials and deploy persistent malware against U.S. and Canadian university departments conducting sensitive physics, engineering and national security research.