Explore Diverse Views.
Get Started
SubscribeLogin
Israel-Hamas Conflict
Baseball
Donald Trump
Soccer
Social Media
Natural Disasters
Artificial Intelligence
NCAA
YouTube
Amazon
Premier League
Republican Party
Cryptocurrency
Published loading...Updated

Spies hack high-value mail servers using an exploit from yesteryear

  • Security firm ESET reported in early 2025 that the Russia-linked Sednit group exploited cross-site scripting vulnerabilities to hack high-value mail servers worldwide.
  • The operations, named RoundPress by ESET, used spearphishing emails delivering XSS exploits primarily targeting Roundcube, Horde, MDaemon, and Zimbra webmail software throughout 2023 and 2024.
  • Sednit exploited both known and zero-day vulnerabilities such as the MDaemon zero-day CVE-2024-11182, deploying heavily obfuscated JavaScript payloads called SpyPress inside victims' webmail sessions.
  • SpyPress stole credentials, emails, and contacts, bypassed two-factor authentication by creating app passwords, and used Sieve rules to forward incoming mail for persistent data exfiltration to attacker servers.
  • The campaign focused on defense and government organizations linked to the Ukraine conflict in Eastern Europe and beyond, underscoring ongoing threats from unpatched webmail vulnerabilities.
Insights by Ground AI
Does this summary seem wrong?

11 Articles

All
Left
2
Center
1
Right
1
Ars TechnicaArs Technica
Center

Spies hack high-value mail servers using an exploit from yesteryear

Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly exploited in decades past. XSS is short for cross-site scripting. Vulnerabilities result from programming errors found in webserver software that, when exploited, allow attackers to execute malicious code in the browsers of people visiting an affecte…

·United States
Read Full Article
n-tv.den-tv.de
Lean Right

Russian hackers very active: Fancy Bear attacks Ukraine's arms suppliers

Manufacturers of Soviet weapons technology outside of Russia are the backbone of Ukrainian defense. However, these companies in Bulgaria, Romania and Ukraine themselves are apparently easy prey for Fancy Bear, a notorious Kremlin hacker team.

Read Full Article
Zeit OnlineZeit Online
Lean Left

Ukraine War: Russian hackers attack arms companies

Fancy Bear – a group of Russian hackers became known under this name, which is now said to have targeted arms companies supplying Ukraine.

·Germany
Read Full Article
SpiegelSpiegel
Lean Left

Ukraine War: Russian hackers target Ukraine's arms suppliers

The Russian government is also attacking targets in Europe in the war against Ukraine. Not with rockets or bombs, but in the form of hacker attacks. Now, experts have uncovered a new campaign.

·Germany
Read Full Article
World NEWS LiveWorld NEWS Live

Spies hack high-value mail servers using an exploit from yesteryear - WorldNL Magazine

Threat actors, likely supported by the Russian government, hacked multiple high-value mail servers around the world by exploiting XSS vulnerabilities, a class of bug that was among the most commonly exploited in decades past. XSS is short for cross-site scripting. Vulnerabilities result from programming errors found in webserver software that, when exploited, allow attackers to execute malicious code in the browsers of people visiting an affecte…

Read Full Article
GBHackers On SecurityGBHackers On Security

Russian Hackers Exploit XSS Vulnerabilities to Inject Malicious Code into Email Servers

A sophisticated cyberespionage campaign, dubbed Operation RoundPress, has been uncovered by cybersecurity researchers at ESET. Attributed with medium confidence to the Russian-linked Sednit group-also known as APT28, Fancy Bear, and Forest Blizzard-this operation targets high-value webmail servers using cross-site scripting (XSS) vulnerabilities. Active since at least 2004, Sednit has a notorious history, including alleged involvement […] The po…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 50% of the sources lean Left
50% Left
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

CSO Online broke the news in on Thursday, May 15, 2025.
Sources are mostly out of (0)

Similar News Topics

Technology

Technology

Fancy Bear

Fancy Bear

Politics

Politics

Ukraine

Ukraine

Ukraine Politics

Ukraine Politics

News
For You
SearchBlindspotLocal