A China-aligned threat group is targeting universities in the US and Canada by exploiting vulnerabilities in Roundcube webmail software, specifically the critical flaw CVE-2024-42009, which has a CVSS score of 9.3. This vulnerability, now patched, allows attackers to extract credentials from the email solution used by physics and engineering departments. The exploitation of this flaw is a significant concern, as it enables threat actors to gain unauthorized access to sensitive information. The fact that CVE-2024-42009 is being actively discussed in relation to China suggests a high level of interest in this vulnerability1. The exploitation of this flaw by a suspected state-aligned threat group underscores the importance of prompt patching and monitoring for potential security breaches. This campaign highlights the need for universities to prioritize the security of their webmail systems, particularly those used by sensitive departments, to prevent intellectual property theft and other malicious activities.
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
⚠️ Critical Alert
Why This Matters
CVE-2024-42009 is in active discussion involving China — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, July 7). Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities. *The Hacker News*. https://thehackernews.com/2026/07/suspected-china-aligned-hackers-exploit.html
Original Source
The Hacker News
Read original →