n March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough.
The malicious links were personalized and extremely short-lived to avoid detection. However, Kaspersky’s technologies successfully identified a sophisticated zero-day exploit that was used to escape Google Chrome’s sandbox. After conducting a quick analysis, we reported the vulnerability to the Google security team, who fixed it as as CVE-2025-2783.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub
October 16, 2019
Unit 42 researchers identified a new cryptojacking worm we’ve named Graboid that’s spread to more than 2,000 unsecured Docker hosts. We derived the name by paying homage to the 1990’s movie “Tremors,” since this worm behaves similarly to the sandworms in the movie, in that it moves in short bursts of speed, but overall is ...
- APT trends report Q3 2019
October 16, 2019
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They ...
- Silent Librarian Retools Phishing Emails to Hook Student Credentials
October 16, 2019
Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection. The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has ...
- WAV audio files are now being used to hide malicious code
October 16, 2019
Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code. The technique is known as steganography — the art of hiding information in plain sight, in another data medium. In the software field, steganography — also referred to as stego — is used to describe the ...
- Cybercrime Tool Prices Bump Up in Dark Web Markets
October 16, 2019
Prices have been rising in the last two years for longstanding tools available on the Dark Web to help bad actors commit cyber attacks and fraud, alongside newer innovations that are emerging to bolster crimes like ransomware and SIM swapping, new research has found. Keeping track of these trends in dark-web markets for the tools and ...
- Blackremote: Money Money Money – A Swedish Actor Peddles an Expensive New RAT
October 15, 2019
While researching prevalent commodity Remote Access Tools (RATs), Unit 42 researchers discovered a new, undocumented RAT in September, which had almost 50 samples observed in more than 2,200 attack sessions within the first month it was sold. In this report, we document the RAT manager/builder, client malware, and profile the Swedish actor behind this together ...