In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Microsoft Warns: Another Unpatched PrintNightmare Zero-Day
August 12, 2021
One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution (RCE) vulnerability in the Windows Print Spooler. The zero-day bug, tracked as CVE-2021-36958, carries a CVSS vulnerability-severity scale rating of 7.3, meaning that it’s rated as “important.” Microsoft said that it allows for a local ...
- IT threat evolution Q2 2021
August 12, 2021
It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload, generally dropped from a self-extracting archive. This was first thought to be a signature of LuckyMouse, but we ...
- Notorious AlphaBay darknet market comes back to life
August 12, 2021
The AlphaBay darkweb market has come back to life after an administrator of the original project relaunched it over the weekend. At the same time, the admin announced plans for setting up a platform for darknet markets to set up shop with a strong focus on anonymity. Read more… Source: Bleeping Computer
- Cryptocurrency heist hacker returns $260m in funds
August 12, 2021
The hacker behind one of the largest cryptocurrency heists to date has returned almost half of the $600m (£433m) stolen assets. On Tuesday, the firm affected, Poly Network wrote a letter on Twitter, asking the individual to get in touch “to work out a solution”. The hacker then posted messages pledging to return funds, claiming to be ...
- New AdLoad malware variant slips through Apple’s XProtect defenses
August 11, 2021
A new AdLoad malware variant is slipping through Apple’s YARA signature-based XProtect built-in antivirus to infect Macs as part of multiple campaigns tracked by cybersecurity firm SentinelOne. AdLoad is a widespread trojan targeting the macOS platform since at least since late 2017 and used to deploy various malicious payloads, including adware and Potentially Unwanted Applications (PUAs), Read ...
- Accenture Confirms LockBit Ransomware Attack
August 11, 2021
08/13/21 08:42 UPDATE: Accenture reportedly acknowledged in an internal memo that attackers stole client information and work materials in a July 30 “security incident.” CyberScoop reports that the memo downplays the impact of the ransomware attack. The outlet quoted Accenture’s internal memo: “While the perpetrators were able to acquire certain documents that reference a small number ...