Suspected China-aligned hackers targeted Roundcube webmail at North American university departments in a May 2026 campaign that used patched flaws to steal credentials, deploy post-exploitation tools and erase traces.
·