In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Mortgage and loan giant Mr. Cooper blames cyberattack for ongoing outage
November 2, 2023
Mortgage and loan giant Mr. Cooper says a “cybersecurity incident” earlier this week was the cause of an ongoing outage, adding that the company is “working to resolve the issue.” The Texas-based company said in a statement on its website that on October 31, Mr. Cooper “became the target of a cyber security incident and took ...
- Boeing confirms ‘cyber incident’ after ransomware gang claims data theft
November 2, 2023
Aerospace giant Boeing has confirmed that it is dealing with a “cyber incident,” days after the company was listed on the leak site of the LockBit ransomware gang. In a statement given to TechCrunch, Boeing spokesperson Jim Prolux confirmed that attackers had targeted “elements of our parts and safety business.” The spokesperson added: “This issue does ...
- Atlassian update: “Take immediate action” to patch your Confluence Data Center and Server instances
November 2, 2023
Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center. All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if your Confluence site is accessed via an atlassian.net domain, it is not ...
- New Zealand: Money-motivated cyber attacks outnumber those carried out by nation-states
November 2, 2023
Major financially motivated cyber attacks in New Zealand have exceeded those launched by nation-states for the first time, and AI looms as an ever-greater weapon, a new report says. In its latest annual threat report, the National Cyber Security Centre said the potential impact was growing – though the number of major attacks dropped slightly, to ...
- Do government sanctions against ransomware groups work?
November 2, 2023
Earlier this year, the U.S. government imposed sanctions against Russian national Mikhail Matveev, an FBI most-wanted cybercriminal, who authorities accuse of being a “prolific ransomware affiliate” involved in cyberattacks in the United States and overseas. Authorities say Matveev played a major role in the development and deployment of the Hive, LockBit and Babuk ransomware variants, ...
- Ransomware gang HelloKitty exploits critical Apache ActiveMQ bug CVE-2023-46604
November 1, 2023
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations. Based on the ransom note and available evidence, we attribute the activity to ...

