In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Supply chain attack targeting Ledger crypto wallet leaves users hacked
December 14, 2023
Hackers compromised the code behind a crypto protocol used by multiple web3 applications and services, the software maker Ledger said on Thursday. Ledger, a company that makes a widely used and popular crypto hardware and software wallet, among other products, announced on X that someone had pushed out a “malicious version” of its Ledger Connect Kit, ...
- ALPHV ransomware gang returns, sorta
December 14, 2023
The ALPHV ransomware gang, arguably the second most dangerous “big game” ransomware operator, appears to be back in business after its infrastructure went down for five days. But all does not appear to be going well for group. ALPHV’s dark web leak site may be back but it is only showing a single victim with no ...
- Rhadamanthys v0.5.0 – A Deep Dive Into The Stealer’s Components
December 14, 2023
Rhadamanthys is an information stealer with a diverse set of modules and an interesting multilayered design. In their last article on Rhadamanthys, Check Point researchers focused on the custom executable formats used by this malware and their similarity to a different family, Hidden Bee, which is most likely its predecessor. In this article they do a ...
- Exploring Encrypted Attacks Amidst the AI Revolution
December 14, 2023
Zscaler ThreatLabz researchers analyzed 29.8 billion blocked threats embedded in encrypted traffic from October 2022 to September 2023 in the Zscaler cloud, presenting their findings in the Zscaler ThreatLabz 2023 State of Encrypted Attacks Report. According to the Google Transparency Report, encrypted traffic saw a significant rise in the last decade, reaching 95% of global traffic ...
- Microsoft patches 34 vulnerabilities, including one zero-day
December 13, 2023
December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units (CPUs), was shifted by AMD to software developers. Read more… Source: Malwarebytes labs
- Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
December 13, 2023
The US Federal Bureau of Investigation (FBI) and partners assess Russian Foreign Intelligence Service (SVR) cyber actors – also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard – are exploiting CVE-2023-42793 a at a large scale, targeting servers hosting JetBrains TeamCity software since September 2023. Software developers use TeamCity software ...

