n March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough.
The malicious links were personalized and extremely short-lived to avoid detection. However, Kaspersky’s technologies successfully identified a sophisticated zero-day exploit that was used to escape Google Chrome’s sandbox. After conducting a quick analysis, we reported the vulnerability to the Google security team, who fixed it as as CVE-2025-2783.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware
December 18, 2020
Trend Micro researchers have recently encountered a Negasteal (also known as Agent Tesla) variant that used hastebin for the fileless delivery of the Crysis (also known as Dharma) ransomware. This is the first time that we have observed Negasteal with a ransomware payload. Only a few months ago, Deep Instinct published the first reported case of ...
- SUPERNOVA: SolarStorm’s Novel .NET Webshell
December 17, 2020
The SolarStorm actors behind the supply chain attack on SolarWinds’ Orion software have demonstrated a high degree of technical sophistication and attention to operational security, as well as a novel combination of techniques in the potential compromise of approximately 18,000 SolarWinds customers. As published in the original disclosure, the attackers were observed removing their initial ...
- FireEye, Microsoft create kill switch for SolarWinds backdoor
December 17, 2020
Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself. This past weekend it was revealed that Russian state-sponsored hackers breached SolarWinds and added malicious code to a Windows DLL file used by their Orion IT monitoring platform. This malicious DLL is a backdoor ...
- This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators
December 17, 2020
A Remote Access Trojan (RAT) on sale in underground forums has evolved to abuse Tor when maintaining persistence on infected machines. On Thursday, Sophos Labs’ Sivagnanam Gn and Sean Gallagher revealed ongoing research into the malware, which has been in the wild since 2019. Dubbed SystemBC, the RAT has evolved from acting as a virtual private network ...
- New Goontact spyware discovered targeting Android and iOS users
December 16, 2020
Security researchers have discovered a new malware strain with spying and surveillance capabilities —also known as spyware— that is currently available in both Android and iOS versions. Named Goontact, this malware has the ability to collect from infected victims data such as phone identifiers, contacts, SMS messages, photos, and location information. Detected by mobile security firm Lookout, ...
- HPE discloses critical zero-day in server management software
December 16, 2020
Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. While security updates are not yet available for this remote code execution (RCE) vulnerability, HPE has provided Windows mitigation info and is working on addressing the zero-day. Zero-days are publicly disclosed ...