<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-10T08:15:25.005086+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f98b96d0-7d3e-43bb-aab8-347980fd70d3/export</id>
    <title>f98b96d0-7d3e-43bb-aab8-347980fd70d3</title>
    <updated>2026-07-10T08:15:25.030899+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f98b96d0-7d3e-43bb-aab8-347980fd70d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-49113", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mq6okgtfd72w", "content": "\ud83d\udcf0 Hacker Diduga Berafiliasi dengan China Eksploitasi Celah Roundcube untuk Memata-matai Peneliti Akademik\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/07/09/hacker-eksploitasi-kerentanan-roundcube-peneliti-akademik/\n\n#backdoor #china #cve #cve-2024-42009 #cve-2025-49113 #cyberse", "creation_timestamp": "2026-07-09T03:22:05.226424Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f98b96d0-7d3e-43bb-aab8-347980fd70d3/export"/>
    <published>2026-07-09T03:22:05.226424+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d04fece6-908c-4d7a-8591-0e0c33ccf56c/export</id>
    <title>d04fece6-908c-4d7a-8591-0e0c33ccf56c</title>
    <updated>2026-07-10T08:15:25.034042+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d04fece6-908c-4d7a-8591-0e0c33ccf56c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mq4rf27sjl2v", "content": "China-aligned attackers exploited vulnerabilities in Roundcube to infiltrate U.S. and Canadian universities, targeting physics and engineering departments. The campaign, tracked as UNK_MassTraction, utilized CVE-2024-42009 and CVE-2025-49113 to gain access.", "creation_timestamp": "2026-07-08T09:07:26.149351Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d04fece6-908c-4d7a-8591-0e0c33ccf56c/export"/>
    <published>2026-07-08T09:07:26.149351+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/eb16d339-fd1e-4390-9752-48ef6b6c522d/export</id>
    <title>eb16d339-fd1e-4390-9752-48ef6b6c522d</title>
    <updated>2026-07-10T08:15:25.034181+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "eb16d339-fd1e-4390-9752-48ef6b6c522d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "seen", "source": "https://threatintel.cc/2026/07/07/072643.html", "content": "Chinese Cyberespionage Exploits University Roundcube Servers\n\nThe nation-state actor UNK_MassTraction is targeting university departments via Roundcube mailserver vulnerabilities to deploy malware and steal credentials. By chaining CVE-2024-42009 and CVE-2025-49113, the attackers gain unauthorized access and persistence within targeted networks.", "creation_timestamp": "2026-07-08T01:01:06.542164Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/eb16d339-fd1e-4390-9752-48ef6b6c522d/export"/>
    <published>2026-07-08T01:01:06.542164+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/54b2edab-8deb-459f-ba04-1dbb273de356/export</id>
    <title>54b2edab-8deb-459f-ba04-1dbb273de356</title>
    <updated>2026-07-10T08:15:25.034285+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "54b2edab-8deb-459f-ba04-1dbb273de356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "seen", "source": "https://bsky.app/profile/captechgroup.com/post/3mq37nvil4c2b", "content": "China-aligned group targeting university Roundcube servers via XSS phishing, then pivoting to in-memory backdoors for network access. CVE-2024-42009 and CVE-2025-49113 chain. Physics and engineering departments in scope. #infosec #cybersecurity", "creation_timestamp": "2026-07-07T18:17:36.458045Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/54b2edab-8deb-459f-ba04-1dbb273de356/export"/>
    <published>2026-07-07T18:17:36.458045+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9ca61bed-6c2a-4b40-b513-aedd82ad4535/export</id>
    <title>9ca61bed-6c2a-4b40-b513-aedd82ad4535</title>
    <updated>2026-07-10T08:15:25.034386+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9ca61bed-6c2a-4b40-b513-aedd82ad4535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "seen", "source": "https://threatintel.cc/2026/07/07/072643.html", "content": "Chinese Cyberespionage Exploits University Roundcube Servers\n\nThe nation-state actor UNK_MassTraction is targeting university departments via Roundcube mailserver vulnerabilities to deploy malware and steal credentials. By chaining CVE-2024-42009 and CVE-2025-49113, the attackers gain unauthorized access and persistence within targeted networks.", "creation_timestamp": "2026-07-07T16:00:45.817547Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9ca61bed-6c2a-4b40-b513-aedd82ad4535/export"/>
    <published>2026-07-07T16:00:45.817547+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/80374a8a-7869-4b79-9393-999680d2405e/export</id>
    <title>80374a8a-7869-4b79-9393-999680d2405e</title>
    <updated>2026-07-10T08:15:25.034491+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "80374a8a-7869-4b79-9393-999680d2405e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116878448734187190", "content": "The nation-state actor UNK_MassTraction is targeting university departments via Roundcube mailserver vulnerabilities to deploy malware and steal credentials. By chaining CVE-2024-42009 and CVE-2025-49113, the attackers gain unauthorized access and persistence within targeted networks.https://www.bankinfosecurity.com/chinese-cyberespionage-exploits-university-roundcube-servers-a-32165", "creation_timestamp": "2026-07-07T11:26:35.652375Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/80374a8a-7869-4b79-9393-999680d2405e/export"/>
    <published>2026-07-07T11:26:35.652375+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/74b952bb-68f5-4c6b-8c18-6b8d3ffc2040/export</id>
    <title>74b952bb-68f5-4c6b-8c18-6b8d3ffc2040</title>
    <updated>2026-07-10T08:15:25.034603+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "74b952bb-68f5-4c6b-8c18-6b8d3ffc2040", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/244b79b9-47c6-4547-b77d-769b1b9b8d01", "content": "", "creation_timestamp": "2026-06-23T14:03:42.868455Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/74b952bb-68f5-4c6b-8c18-6b8d3ffc2040/export"/>
    <published>2026-06-23T14:03:42.868455+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/43121375-044d-4d1e-8601-71d6dfd11d6e/export</id>
    <title>43121375-044d-4d1e-8601-71d6dfd11d6e</title>
    <updated>2026-07-10T08:15:25.034706+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "43121375-044d-4d1e-8601-71d6dfd11d6e", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3dd8d897-e33d-4f28-b31f-9df8c660a1dc", "content": "", "creation_timestamp": "2026-06-19T12:45:16.135289Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/43121375-044d-4d1e-8601-71d6dfd11d6e/export"/>
    <published>2026-06-19T12:45:16.135289+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a552f821-1589-45a0-9eb8-0c12ec5f7b27/export</id>
    <title>a552f821-1589-45a0-9eb8-0c12ec5f7b27</title>
    <updated>2026-07-10T08:15:25.034803+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a552f821-1589-45a0-9eb8-0c12ec5f7b27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "seen", "source": "Telegram/yG0q3IpDztUHkWGWcBfSkFN1RblCcRFZP5pQldEwVfp_P8g", "content": "", "creation_timestamp": "2026-04-16T09:00:04.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a552f821-1589-45a0-9eb8-0c12ec5f7b27/export"/>
    <published>2026-04-16T09:00:04+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b11b1adb-bf35-4fdf-9823-18ba9012e588/export</id>
    <title>b11b1adb-bf35-4fdf-9823-18ba9012e588</title>
    <updated>2026-07-10T08:15:25.034900+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b11b1adb-bf35-4fdf-9823-18ba9012e588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49113", "type": "published-proof-of-concept", "source": "Telegram/S964UnaAzc4FW7CZCUbAm7wNqkztcWapRmtGqRf9U9sXCaA", "content": "", "creation_timestamp": "2026-04-12T03:00:07.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b11b1adb-bf35-4fdf-9823-18ba9012e588/export"/>
    <published>2026-04-12T03:00:07+00:00</published>
  </entry>
</feed>
