China-Aligned UNK_MassTraction Exploits Roundcube Servers to Target Universities

A suspected China-aligned cluster dubbed UNK_MassTraction that is exploiting n-day flaws in Roundcube webmail to compromise physics and engineering departments at U.S. and Canadian universities. The operators use a two-stage browser-to-server infection chain that begins with a Cross-Site Scripting (XSS) exploit against CVE-2024-42009 to execute JavaScript in the victim’s browser. Escalate to a credential- and […]

The post China-Aligned UNK_MassTraction Exploits Roundcube Servers to Target Universities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Read the original article: