L'autre jour, quelqu'un dans mon entourage me dit que le #webmail qu'il utilise côté pro a changé. Le nouveau est #lent au possible et #impraticable comparé à l'ancien. C'est le jour et la nuit.
Arriverez-vous à deviner dans quel environnement il se trouve à présent ?
Perso, j'avais deviné avant de le voir 😁 .
Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine
An exposed open directory revealed a comprehensive Roundcube exploitation toolkit used by APT28 to target Ukrainian government entities. The toolkit includes XSS payloads, a Flask-based C2 server, CSS injection tools, and a Go-based implant. It enables credential harvesting, persistent mail forwarding, bulk email exfiltration, address book theft, and 2FA secret extraction. The primary target was identified as mail.dmsu.gov.ua, Ukraine's State Migration Service. Technical analysis shows significant overlaps with previously documented APT28 operations, while introducing new capabilities such as CSS-based side-channel attacks and browser credential theft. The toolkit's modular approach and sophisticated evasion techniques demonstrate APT28's evolving tactics in compromising webmail platforms for long-term intelligence gathering.
Pulse ID: 69ba83b93cb449af00474243
Pulse Link: https://otx.alienvault.com/pulse/69ba83b93cb449af00474243
Pulse Author: AlienVault
Created: 2026-03-18 10:51:37
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#2FA #APT28 #Browser #CredentialHarvesting #CyberSecurity #Email #Government #ICS #InfoSec #OTX #OpenThreatExchange #RAT #UK #Ukr #Ukraine #Ukrainian #Webmail #XSS #bot #AlienVault
Operation GhostMail: Russian APT Exploits Zimbra XSS to Target Ukraine Government
A sophisticated phishing campaign targeting a Ukrainian government agency exploits a cross-site scripting vulnerability in Zimbra Collaboration Suite. The attack, attributed to a Russian APT group, uses a seemingly innocuous internship inquiry email to deliver a malicious JavaScript payload. When opened in a vulnerable Zimbra webmail session, the script silently executes, harvesting credentials, session tokens, 2FA codes, and mailbox contents. The multi-stage attack employs obfuscation techniques, SOAP API abuse, and dual-channel exfiltration via DNS and HTTPS. The campaign demonstrates the evolution of webmail-focused intrusions, relying on browser-resident stealers rather than traditional malware binaries.
Pulse ID: 69b975d80c8af764ef55c18f
Pulse Link: https://otx.alienvault.com/pulse/69b975d80c8af764ef55c18f
Pulse Author: AlienVault
Created: 2026-03-17 15:40:08
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#2FA #Browser #CyberSecurity #DNS #Email #Government #HTTP #HTTPS #InfoSec #Java #JavaScript #Malware #OTX #OpenThreatExchange #Phishing #RAT #Russia #UK #Ukr #Ukraine #Ukrainian #Vulnerability #Webmail #XSS #Zimbra #bot #AlienVault
@hcf that's just wrong and you know that.
For example, if "#Security" was a real issue, they'd host their #IMAP+#SMTP access exclusively over @torproject / #Tor because #OnionServices are using fully-encrypted connections in a self-authenticating adress spaces.
I brought up @monocles because they at least don't lie to customers and are honest about security & privacy!
𝗖𝘆𝗽𝗵𝘁:
https://thewhale.cc/posts/cypht
Cypht is a simple, lightweight, and modern webmail client that aggregates several accounts into a single view. Cypht (pronounced "sift") is like a news reader, but for E-mail. Cypht does not replace your existing accounts - it combines them into one. And it's also a news rss reader.
CVE Alert: CVE-2025-49113 - Roundcube - Webmail - https://www.redpacketsecurity.com/cve-alert-cve-2025-49113-roundcube-webmail/
#OSINT #ThreatIntel #CyberSecurity #cve-2025-49113 #roundcube #webmail
webelys
-Fred- 
OTX Bot
klt
Kevin Karhan 
The whale
ChristiaandeV
RedPacket Security