A critical Cross-Site Scripting (XSS) vulnerability, CVE-2024-57004, has been found in Roundcube Webmail version 1.6.9, allowing remote authenticated users to upload malicious files as email attachments. This flaw can lead to data theft, account compromise, and malware propagation. Users are advised to upgrade to version 1.6.10, which includes a patch for stricter input validation and security measures.

Infosys to pay $17.5M over McCamish cyber attack – NewsBytes
Infosys has agreed to pay $17.5 million in settlement for a cyber attack on McCamish Systems, which it acquired in 2010. The attack compromised personal