n March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough.
The malicious links were personalized and extremely short-lived to avoid detection. However, Kaspersky’s technologies successfully identified a sophisticated zero-day exploit that was used to escape Google Chrome’s sandbox. After conducting a quick analysis, we reported the vulnerability to the Google security team, who fixed it as as CVE-2025-2783.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- REvil ransomware deposits $1 million in hacker recruitment drive
September 28, 2020
The REvil Ransomware (Sodinokibi) operation has deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business. Many ransomware operations are conducted as a Ransomware-as-a-Service (RaaS), where developers are in charge of developing the ransomware and payment site, and affiliates are recruited to hack businesses and encrypt their ...
- UHS hospital network hit by ransomware attack
September 28, 2020
Universal Health Services (UHS), a Fortune 500 company and one of the largest healthcare providers in the US, has been impacted by a ransomware attack over the weekend. UHS hospitals have been operating without internal IT systems since Sunday morning, according to employees and patients who took to social media today. Some patients have been turned away ...
- Joker Trojans Flood the Android Ecosystem
September 28, 2020
More variants of the Joker Android malware are cropping up in Google Play as well as third-party app stores, in a trend that researchers say points to a relentless targeting of the Android mobile platform. Researchers at Zscaler have found 17 different samples of Joker being regularly uploaded to Google Play during September. Collectively, these have ...
- Microsoft disrupts nation-state hacker op using Azure Cloud service
September 25, 2020
In a report this week, Microsoft said that it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks. Microsoft refers to the actor by the name Gadolinium and says that it’s been active for about a decade targeting organizations in the maritime and health industry; more recently, the ...
- The Windows XP source code was allegedly leaked online
September 25, 2020
The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today. The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code. This 43GB collection was then released today as a torrent on the 4chan forum . Included in this torrent is ...
- Update now: Cisco warns over 25 high-impact flaws in its IOS and IOS XE software
September 25, 2020
Cisco has alerted customers using its IOS and ISO XE networking gear software to apply updates for 34 flaws across 25 high-severity security advisories. The large number of flaws affecting ISO and ISO XE are due to the advisories being announced as part of Cisco’s semi-annual release for the widely used software for Cisco routers and ...