A sophisticated spear phishing campaign targeting Polish organizations, where threat actors successfully exploited the CVE-2024-42009 vulnerability in Roundcube webmail systems. The attack enables JavaScript execution upon opening malicious emails, leading to credential theft through an advanced Service Worker-based approach. Security researchers attribute this campaign to UNC1151, a threat group associated with Belarusian government operations and potentially Russian intelligence services, marking their first recorded exploitation of this specific vulnerability.

‍