Diagram explaining the PHP object deserialization flow in Roundcube CVE-2025-49113

Roundcube CVE-2025-49113: Authenticated PHP Object Deserialization to RCE in Open-Source Webmail

by Application SecurityVulnerability AnalysisWEB

CVE-2025-49113 is a critical authenticated remote-code-execution flaw in Roundcube webmail — the default in cPanel, Plesk, and many hosting stacks — caused by insufficient validation of the _from upload parameter that lets attackers inject malicious PHP-serialized objects into session storage. The bug went undetected for nearly a decade and reportedly exposes more than 53 million hosts across all Roundcube 1.1.0–1.6.10 builds.

iOS application hardening and mobile security protection concept

Essential iOS Hardening: A Practical Guide to Defending iPhones Against Modern Spyware

by Application SecurityCybersecurityiOS SecurityMobile Security

A practical, security-engineering view of the essential iOS hardening steps every iPhone user — and especially high-risk targets — should apply: Lockdown Mode, Advanced Data Protection, attack-surface reduction, deep reboots, and detection with tooling like iVerify. Based on and credited to “Essential iOS Hardening Steps” by Officer’s Notes, published on Medium (Technology Hits).