A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET.
The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html