Recent Posts

Week 24 – Critical vulnerability in Windows is fixed on Patch Tuesday

Week 24 – Critical vulnerability in Windows is fixed on Patch Tuesday

09 – 15 June 2025 After our last CVE of the Week post exploring a critical vulnerability in the open source landscape, we are back again in the Microsoft ecosystem, as it’s just past Patch Tuesday, which keeps on giving (and more importantly, fixing) weaknesses 

Cyber (In)Securities – Issue 155 – Snapshot Edition

Cyber (In)Securities – Issue 155 – Snapshot Edition

You can download this edition by clicking the three dots icon on the bottom right and selecting Download PDF File. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.

Week 23 – Critical flaw in Roundcube

Week 23 – Critical flaw in Roundcube

02 – 08 June 2025

Open-source enthusiast sysadmins might be familiar with Roundcube, one of the most popular webmail clients deployed, to be exact, Shodan currently lists over 160,000 publicly available instances. Unfortunately, it has now become the subject of our regular CVE of the Week series.

It’s rare that a week goes by without a critical vulnerability being discovered and this time is no exception.

This critical flaw, tracked as CVE-2025-49113, has a 9.9 CVSS base score, almost reaching a straight 10/10. The weakness is a prime example of improper input validation, allowing any authenticated user to trivially exploit four PHP endpoints using the _from parameter: program, actions, settings, and upload.php are all vulnerable to object deserialization. This allows for full system compromise through remote code execution, affecting all three pillars of the CIA triad.

While the fact that unauthenticated users can’t reach the affected endpoints could give some relief, administrators must still consider insider threats. Furthermore, there are self-registration Roundcube plugins for various mail server backends, which would allow anyone to register an account and exploit the server.

Also, if you’ve been putting off upgrading for a long time, this attack might be chained with the various XSS issues previously disclosed in Roundcube, like CVE-2024-37383, which allows injecting JS code via SVG animate attributes. This one has a publicly available PoC, which only requires the recipient to click inside a maliciously crafted email’s body to execute the payload, meaning it could lead to unauthenticated RCE.

Luckily, Roundcube developers were quick to fix the validation logic in versions 1.6.11 and 1.5.10, adding an is_simple_string() function to the input handler code, which discards any malicious characters, rendering the exploits useless.

As always, the best way to stay secure is updating as quickly as possible, but if that’s not possible, you can alternatively utilize a WAF and make sure it is configured to reject requests with suspicious content. We also recommend inspecting the access logs for traces of successful exploitation.

Official advisory: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

is_simple_string() patch: https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d

XSS CVE from last year: https://nvd.nist.gov/vuln/detail/cve-2024-37383


White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Cyber (In)Securities – Issue 154 – Snapshot Edition

Cyber (In)Securities – Issue 154 – Snapshot Edition

You can download this edition by clicking the three dots icon on the bottom right and selecting Download PDF File. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.

CyAN’s Position on the Recommendations of the High-Level Group on Access to Data for Effective Law Enforcement

CyAN’s Position on the Recommendations of the High-Level Group on Access to Data for Effective Law Enforcement

CyAN opposes recommendations made by the European Commission’s High-Level Group on Access to Data for Effective Law Enforcement (HLG).

Cyber (In)Securities – Issue 153 

Cyber (In)Securities – Issue 153 

You can download this edition by clicking the three dots icon on the bottom right and selecting Download PDF File. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.

Hack the Planet? No. Just Hack the Tap: What exposed water systems tell us about the state of cybersecurity around the world

Hack the Planet? No. Just Hack the Tap: What exposed water systems tell us about the state of cybersecurity around the world

Final thought About the Author: Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions. She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.

Board Member Spotlight: Adj. Prof. Dr. Greg Dzsinich, LLM, CIPP/E

Board Member Spotlight: Adj. Prof. Dr. Greg Dzsinich, LLM, CIPP/E

One idea that continues to guide his leadership comes from his time at Microsoft. When he joined the company in 2008, he was struck by a powerful metaphor. If we sit in one boat, we must not only row well. We must also remain in 

“What happens to Heroes?” EPISODE #6: The Unsung Heroes of the digital world by Didier Annet

“What happens to Heroes?” EPISODE #6: The Unsung Heroes of the digital world by Didier Annet

Is the cyberattacks stronger than the cybersecurity? “No, stronger it is not. Quicker, easier, more seductive,”.

The Psychological Impacts of Cyberattacks

This is the sixth episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack.

What I will call the “Heroes”

Let’s Rewrite the Story of a Cyberattack – Alternate History of a winning scenario

“The fact is, you have to do things for the current, but also the after. You must pay attention to people’s sensibilities. Even if we’re in a period of crisis, we mustn’t just have financial objectives, catering objectives or customer recovery objectives. We have to think about the well-being of our teams, to keep as many staff as possible. There’s no point in getting the business back on its feet if everyone leaves.”

Excerpt From the Interview

My book is dedicated to encouraging companies to consider the human aspect in the context of cyber-attacks. But coaching has only been part of my professional practice for the past 4 years. For over 25 years now, my career has been centered on helping customers strengthen their data resilience. This scenario is freely inspired by one of my corporate clients …

In this episode, I will fictionize a cyberattack, but by suing what I call a winning scenario. A winning scenario is when a company consider security as a strategic priority. No discussion, security is part of the daily normality

Typical identification factor: “Right reflexes, right roles — from click to crisis”

Once upon a time, there was a company that had security in its DNA. Cyberattacks are one of the problems of the modern world, and preparing for this eventuality is a necessity. It also knows that the best is the enemy of the good, and that security requires more discipline than expertise.

This situation is beneficial for the company, which recognizes the crucial role of IT security and allocates the necessary resources to develop a robust cyber resilience strategy. This strategy is based on risk analysis. The company has developed clear and achievable security policies that balance business requirements and available resources. IT and IT security departments have sufficient resources, expertise, and equipment to detect risks, develop effective countermeasures, and prevent systems from becoming obsolete. All staff members receive customized cybersecurity training based on their job responsibilities. This training is based on a positive approach. This enables them to respond effectively to potential attacks through regular simulations. They also take a proactive and self-critical approach to assessing their own skills and processes. All levels of management participate in cyber crisis management workshops, with annual reviews and updates of the crisis plan.

This corporate vision will significantly reduce the risk of internal cyberattacks. Although no system is completely risk-free, a consistent and well-structured approach helps to reduce employee stress and anxiety, thereby promoting a positive and productive work environment. This further reduces employees’ motivation to harm the company.

In the event of an attack, it will likely be detected quickly thanks to the constant vigilance of the teams and the proactive approach of everyone involved. Well-established and consistently followed incident management protocols ensure rapid decision-making. System protection will always be the top priority. Effective crisis management, combined with a clear understanding of everyone’s responsibilities, ensures smooth and efficient internal and external communication. Even if the impact is more serious, the robust response and containment processes of a high-performing company will be triggered. After being quarantined and thoroughly examined by the emergency response team, an assessment of the environment and its readiness for production resumption is initiated, in accordance with rigorous procedures.

In the event of an emergency, a stand-alone backup version can be quickly implemented. This standard practice ensures that the process is carried out efficiently and meticulously. With detailed instructions on business operations, software applications, and their interconnections, restoration efforts will be thorough and organized.

These comprehensive measures, which include thorough planning and proactive testing, ensure a smooth resumption of business. In addition, by keeping customers and suppliers informed during this period, everyone involved can make prudent decisions.

In this case, no one is designated as a hero. Rather, cyberattack management is a top priority, deeply embedded in a culture of risk management and individual autonomy. As a result, a cyberattack is viewed as a manageable event rather than a crisis.

In this scenario, no individual is designated as a hero. Managing cyberattacks is a priority, rooted in a culture of risk-aware management and individual autonomy, making a cyberattack a manageable incident rather than a crisis.

This is a Hero-less narrative.

No Hero, no fall of the Heroes!

THINGS TO REMEMBER

In cybersecurity, it’s not if you’ll get breached — it’s when. So isolate, authenticate, replicate… and don’t forget: your backup is only as good as your last restore test.


About the Author

Didier Annet is an Operational & Data Resilience Specialist and a Certified Professional Coach dedicated to empowering individuals and teams to navigate the complexities of an ever-changing digital landscape.

Find him on LinkedIn: Didier Annet

Learn more in his book:
📖 Guide de survie aux cyberattaques en entreprise et à leurs conséquences psychologiques: Que fait-on des Héros ? (French Edition) – Available on Amazon

English version:
“Survival Guide – The Human Impact of Cyberattacks and the Untold Story of Those Who Respond”
“What Happens to Heroes?”
Available on Amazon

Cyber (In)Securities – Issue 152 – Snapshot Edition

Cyber (In)Securities – Issue 152 – Snapshot Edition

You can download this edition by clicking the three dots icon on the bottom right and selecting Download PDF File. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.