In a sneaky bypass of email security features, a vulnerability in Roundcube Webmail exposes users to hidden tracking even when “Block remote images” is enabled. Discovered during holiday tinkering, this issue (CVE-2026-25916) affects versions before 1.5.13 and 1.6.13. Attackers can now confirm if you’ve opened their emails, logging your IP address and browser details without […] The post Roundcube Webmail Vulnerability Lets Attackers Track Email Opens appeared first on Cyber Security News.