In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Report finds Apple devices fare the worst when it comes to full takeover risks
August 1, 2024
A worrying number of environments are vulnerable to complete takeover via escalated privileges, a new report from Picus Security has found. Environments were tested in simulated attacks, with the average organization managing to defend against 7 out of 10 attacks, but considering the constant threat presented by organized cybercrime groups, this leaves a serious margin for potential ...
- Threat Actor Abuses Cloudflare Tunnels to Deliver RATs
August 1, 2024
Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware. Specifically, the activity abuses the TryCloudflare feature that allows an attacker to create a one-time tunnel without creating an account. Tunnels are a way to remotely access data and resources that are not on the local network, like using a virtual ...
- FBI Warns of Scammers Impersonating Cryptocurrency Exchanges
August 1, 2024
The FBI warns of scammers impersonating cryptocurrency exchange employees to steal funds. How the scam works: The scammer contacts the victim via an unsolicited call or message and pretends to be a cryptocurrency exchange employee. The scammer conveys urgency and may claim there is a problem with the victim’s account, or someone is attempting to compromise the victim’s ...
- OneBlood hit by ransomware attack, tells hospitals to activate critical shortage alerts
August 1, 2024
Nonprofit medical organization OneBlood, which plays a crucial role in serving facilities across the Southeastern US, has been targeted in a ransomware attack which caused an IT systems outage, causingover 250 hospitals to activate critical blood shortage protocols. The move disrupted services across multiple US states, with the organization operating at a ‘significantly reduced capacity’ – ...
- Identifying a BOLA Vulnerability in Harbor, a Cloud-Native Container Registry
July 31, 2024
In a recent audit of open-source web applications, threat researchers from Unit 42 have identified a broken object-level authorization (BOLA) vulnerability that impacts Harbor versions prior to 2.9.5. Harbor is a widely used cloud-native container registry that plays a role in cloud environments by hosting container images and providing features such as role-based access control (RBAC), ...
- Malicious Packages Hidden in PyPI
July 31, 2024
The FortiGuard Labs team has identified a malicious PyPI package affecting all platforms where PyPI packages can be installed. This discovery poses a significant risk to individuals and institutions that have installed these packages, potentially leading to the leakage of credentials and sensitive information. Given the high severity of this threat, it is crucial to focus ...

