It has just become apparent that, on June 16, attackers hacked into the web server of the SquirrelMail open source project. The operators have suspended all accounts and reset all crucial passwords. Access to the original server and to all the available plug-ins has also been disabled. The operators believe that none of the plug-ins has been compromised, but investigations are still in progress. Third party plug-ins can be used to add features to SquirrelMail.
It is currently unknown as to how the intruders hacked into the server. According to the server operators, the SquirrelMail web mailer's source code was not accessible at any time because it is located on a different server. However, phishers are currently trying to convince users otherwise with a spamming campaign. In an email, they claim that versions 1.4.11, 1.4.12 and 1.4.13 contain a back door, and that version 1.4.15 has, therefore, been made available to download:

The link for this article located at H Security is no longer available.