In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Robin Banks phishing service returns to steal banking accounts
November 4, 2022
The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks. Robin Banks faced operational disruption in July 2022, when researchers at IronNet exposed the platform as a highly threatening phishing service targeting Citibank, Bank of America, Capital One, Wells Fargo, ...
- ACSC Annual Cyber Threat Report, July 2021 to June 2022
November 4, 2022
The Annual Cyber Threat Report is ACSC’s flagship unclassified publication. The Report provides an overview of key cyber threats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online. Read more… Source: Australian Cyber Security Centre
- OPERA1ER APT in Africa
November 3, 2022
In 2019, Group-IB Threat Intelligence team detected a series of targeted attacks on financial organizations in Africa. Later in 2020, our professionals in collaboration with Orange, managed to piece together the seemingly disparate attacks into a single timeline and successfully attribute them to the threat actor codenamed OPERA1ER (also known as DESKTOP-GROUP, Common Raven, NXSMS). In ...
- Stopping C2 communications in human-operated ransomware through network protection
November 3, 2022
Command-and-control (C2) servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading and launching payloads, controlling botnets, or commanding post-exploitation penetration frameworks to breach an organization as part of a ransomware attack. Blocking these communications can mitigate attacks, sometimes before they’re ...
- Black Basta ransomware gang linked to the FIN7 hacking group
November 3, 2022
Security researchers at Sentinel Labs have uncovered evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7, also known as “Carbanak.” When analyzing tools used by the ransomware gang in attacks, the researchers found signs that a developer for FIN7 has also authored the EDR (Endpoint Detection and Response) evasion tools ...
- Attack Surface Management 2022 Midyear Review – Part 3
November 3, 2022
With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, Trend Micro researchers discussed these issues at length today as well as their implications on a global scale for both businesses large (and small). In the last and final part of the series, Trend Micro researchers talk ...