Roundcube XSS — exploited by FrostyNeighbor / Ghostwriter (UNC1151) for Polish-targeting credential harvesting
cve · CVE-2024-42009
Coverage timeline
1
first 2026-05-17 → last 2026-05-17
no data
Briefs
1
1 distinct
Sources cited
3
3 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
Source distribution
- microsoft.com1 (33%)
- thehackernews.com1 (33%)
- welivesecurity.com1 (33%)
External references
All cited sources (3)
- welivesecurity.comprimaryinlineESET WeLiveSecurityhttps://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/
- microsoft.cominlineMicrosoft Security Bloghttps://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/
- thehackernews.cominlineThe Hacker Newshttps://thehackernews.com/2026/05/ghostwriter-targets-ukrainian.html
Items in briefs about Roundcube XSS — exploited by FrostyNeighbor / Ghostwriter (UNC1151) for Polish-targeting credential harvesting
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.