In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Beyond the basics: Implementing an active defense
February 9, 2023
Having an active defense posture, where the defenders actively use threat intelligence and their own environment telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting for detections to trigger, defenders can take initiative and hunt down threat actors inside their environment, putting a halt to their ...
- Darknet Marketplace Revenue Plummets After Hydra Raid
February 9, 2023
Revenue at dark web illicit marketplaces plunged in 2022 following seizure by U.S. and German police last spring of what was then the world’s largest online bazaar for illegal goods and services. The April shutdown of the Russian-speaking Hydra Market sent the illicit world of Russian-language darknet markets into a tailspin that cut overall revenue for ...
- New ESXiArgs ransomware version prevents VMware ESXi recovery
February 8, 2023
New ESXiArgs ransomware attacks are now encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines. Last Friday, a massive and widespread automated ransomware attack encrypted over 3,000 Internet-exposed VMware ESXi servers using a new ESXiArgs ransomware. Read more… Source: Bleeping Computer
- SNP MP Stewart McDonald’s emails hacked by Russian group
February 8, 2023
An MP has told the BBC his emails have been stolen and he fears they will be made public. The SNP’s Stewart McDonald said the hack took place in January and he wanted to pre-empt any publication sharing them. Read more… Source: BBC News
- Graphiron: New Russian information stealing malware deployed against Ukraine
February 8, 2023
The Nodaria espionage group (aka UAC-0056) is using a new piece of information stealing malware against targets in Ukraine. The malware (Infostealer.Graphiron) is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files. The earliest evidence of Graphiron dates from October 2022. ...
- CISA and FBI Release ESXiArgs Ransomware Recovery Guidance
February 8, 2023
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access to ESXi servers ...

