n March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough.
The malicious links were personalized and extremely short-lived to avoid detection. However, Kaspersky’s technologies successfully identified a sophisticated zero-day exploit that was used to escape Google Chrome’s sandbox. After conducting a quick analysis, we reported the vulnerability to the Google security team, who fixed it as as CVE-2025-2783.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Spies Urged To Adopt AI To Counter Augmented Threats
April 28, 2020
UK’s intelligence agencies must use artificial intelligence to repel increasingly sophisticated cyber-attacks and disinformation campaigns, finds study The UK’s foes are likely to use artificial intelligence to augment future threats, a study has warned, arguing that Britain’s intelligence forces must adopt the technology to keep pace. The study, commissioned by GCHQ and conducted by the Royal United Services Institute, ...
- Anatomy of Formjacking Attacks
April 27, 2020
The rise of the Internet has contributed positively in many ways to people’s lives and you can find almost any service on the internet now. However, the convenience of the internet also opens a gate to use malware to steal people’s confidential information, and unfortunately, more and more malware authors are taking advantage of this. Formjacking, ...
- Single Malicious GIF Opened Microsoft Teams to Nasty Attack
April 27, 2020
Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply involved tricking a victim into viewing a malicious GIF ...
- Israel government tells water treatment companies to change passwords
April 27, 2020
The Israeli government says that hackers have targeted its water supply and treatment facilities last week. In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can’t be changed, the agency recommended taking ...
- Hackers are exploiting a Sophos firewall zero-day
April 26, 2020
Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers. Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing ...
- Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address
April 24, 2020
The legal case between Facebook and Israeli spyware vendor NSO Group is starting to yield the details tech and cyber-security experts have been waiting since Facebook filed its lawsuit in October 2019. In court documents filed yesterday, Facebook said it linked 720 instances of attacks against WhatsApp users to one single IP address. The attacks were carried out ...