:

CHINA-LINKED HACKERS EXPLOIT ROUNDCUBE FLAW AT US, CANADIAN UNIVERSITIES

SECURITY DESK1 MIN READ
WED, JUL 8, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

A China-linked threat cluster is exploiting vulnerable Roundcube servers at academic institutions in the U.S. and Canada to steal credentials and deploy backdoor malware.

The attackers targeted Roundcube webmail installations, gaining access to researcher accounts and institutional systems. The campaign focused on harvesting login credentials and establishing persistent backdoor access for continued surveillance. Roundcube, an open-source webmail client widely deployed in academic and enterprise environments, contained vulnerabilities that allowed the threat actors to compromise unpatched servers. The breach affects multiple universities across North America. Security researchers identified the activity through infrastructure analysis and malware samples. The threat cluster's focus on academic institutions suggests targeting sensitive research data and intellectual property. Affected organizations have been notified to patch Roundcube installations immediately and audit compromised accounts for unauthorized access. The incident underscores ongoing targeting of educational institutions by state-sponsored groups seeking research and development information.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

3H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

3H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

6H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

8H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.