n March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough.
The malicious links were personalized and extremely short-lived to avoid detection. However, Kaspersky’s technologies successfully identified a sophisticated zero-day exploit that was used to escape Google Chrome’s sandbox. After conducting a quick analysis, we reported the vulnerability to the Google security team, who fixed it as as CVE-2025-2783.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The State Of Ransomware, 2020’s Catch-22
February 3, 2021
A ransomware infection can put organizations in difficult situations. The damage that WannaCry and Petya have caused has made people more wary, leading to stricter and more consistent security measures against a constant threat. Developments in ransomware over the past year have made dealing with ransomware not only difficult but also a delicate matter. Aside ...
- Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise
February 2, 2021
Two web skimmers have been discovered on the payment webpages of Costway, one of the top retailers in North America and Europe, which sells appliances, furniture and more. The skimmers are targeting consumers’ credit-card payment details. In a twist, researchers say one of these web skimmers is piggybacking on top of the other, to take over ...
- US federal payroll agency hacked using SolarWinds software flaw
February 2, 2021
The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973. The software vulnerability used to ...
- Ransomware gangs now have industrial targets in their sights
February 2, 2021
Ransomware attacks are a potential danger for any organisation, with ransomware variants including Conti, Egregor, Maze and many others still successfully compromising victims across all industries – but there are some industries that criminal gangs are targeting more than others. The ransomware attacks are successful because many organisations can’t afford for their network to be out ...
- Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection
February 2, 2021
Agent Tesla malware variants are now using new techniques to try and eradicate endpoint antivirus security. On Tuesday, Sophos researchers said that two new variants of the Remote Access Trojan (RAT) are targeting Microsoft Anti-Malware Software Interface (AMSI), scanning and analysis software designed to prevent malware infections from taking hold. Agent Tesla operators will now attempt to ...
- Minnesota: Netgain ransomware incident impacts local governments
February 2, 2021
The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data. The government of Ramsey County learned about the potential breach on December 2, 2020, when Netagin ...