In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Brazilian National Treasury hit with ransomware attack
August 17, 2021
The Brazilian government has released a note stating the National Treasury has been hit with a ransomware attack on Friday (13). According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring ...
- Hive ransomware attacks Memorial Health System, steals patient data
August 16, 2021
In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. The attack occurred early Sunday morning and the IT department detected it once they noticed that parts of the infrastructure no longer responded as expected. Read more… Source: Bleeping ...
- T-Mobile says hackers accessed user data but won’t confirm SSN breach of 100 million customers
August 16, 2021
T-Mobile is looking into allegations that a hacker stole 106GB of data containing the social security numbers, names, addresses and driver’s license information for more than 100 million people. In a statement to ZDNet, T-Mobile said it is “aware of claims made in an underground forum and have been actively investigating their validity.” Teams at T-Mobile ...
- Exchange Servers Under Active Attack via ProxyShell Bugs
August 15, 2021
Researchers’ Microsoft Exchange server honeypots are being actively exploited via ProxyShell: The name of an attack disclosed at Black Hat last week that chains three vulnerabilities to enable unauthenticated attackers to perform remote code execution (RCE) and snag plaintext passwords. In his Black Hat presentation last week, Devcore principal security researcher Orange Tsai said that a ...
- Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware
August 13, 2021
Cyberattackers are using Google’s reCAPTCHA (aka the “I am not a robot” function) and fake CAPTCHA-like services to obscure various phishing and other campaigns, according to researchers. There are signs however that those evasion efforts may be losing their efficacy. CAPTCHAs are familiar to most internet users as the challenges that are used to confirm that ...
- SynAck ransomware group releases decryption keys as they rebrand to El_Cometa
August 13, 2021
The SynAck ransomware gang has released decryption keys for victims that were infected between July 2017 and 2021, according to data obtained by The Record. SynAck is in the process of rebranding itself as the El_Cometa ransomware gang, and a member of the old group gave the keys to The Record. Emsisoft’s Michael Gillespie confirmed the veracity ...